集成Windows身份验证和放大器; SSL [英] Integrated Windows Authentication & SSL

问题描述

我对我们的内网的管理网站，目前使用的集成Windows身份验证通过IIS。我们希望这个应用程序移动到一个公共网站，并与SSL安全会这样我们的用户可以从任何地方访问它。

I have an administrative website on our intranet that currently uses Integrated Windows Authentication through IIS. We would like to move this application to a public website and secure it with SSL so our users can access it from anywhere.

我一直打算使用一个HttpModule从HTTP重定向到https，但它看起来并不像这个作品与集成身份验证（登录弹出重定向出现之前）。

I had been planning on using an HttpModule to redirect from http to https, but it doesn't look like this works with integrated authentication (the login popup appears before the redirect).

我使用IIS中的要求SSL复选框卡住？这似乎不是所有用户友好的，因为用户得到一个很好的脂肪的错误页面，而不是一个温柔的重定向，如果他们忘记使用HTTPS URL。

Am I stuck using the "require SSL" checkbox in IIS? This doesn't seem all that user friendly since the user gets a nice fat error page instead of a gentle redirect if they forget to use the https URL.

你会在这种情况下怎么办？

What would you do in this situation?

推荐答案

我们对我们的内部网站类似的问题，结束了从集成Windows身份验证切换，直接要求其网络的用户名/密码在网站上。这样，我们可以将其重定向到HTTPS或其他类似的东西，而不用担心当认证弹出显示出来。

We had similar issues on our intranet site and ended up switching from Integrated Windows Authentication to requesting their network username/password directly on the site. That way we can redirect them to HTTPS or other such things without worrying about when the authentication popup shows up.

我们有一些code类似这样（假设你使用ASP.NET）的用户进行身份验证，然后我们的认证状态存储在cookie中。

We have some code similar to this (assuming you're using ASP.NET) that authenticates the user, and then we store the authentication state in a cookie.

public static bool AuthenticateUser(string username, string password)
{
    System.DirectoryServices.DirectoryEntry _entry = new System.DirectoryServices.DirectoryEntry(ldap_path, username, password, System.DirectoryServices.AuthenticationTypes.Delegation);

    bool _authenticated = false;
    try
    {
    	Object _o = _entry.NativeObject;
    	_authenticated = true;
    }
    catch
    {
    	_authenticated = false;
    }
    finally
    {
    	// Avoids the "multiple connections to server not allowed" error.
    	_entry.Close();
    	_entry.Dispose();
    }

    return _authenticated;
}

它结束了通过处理应用程序中的所有身份验证，而不是依赖于IIS我们节省吨头痛和无奈。

It ended up saving us tons of headache and frustration by handling all authentication in the application rather than depending on IIS.

这篇关于集成Windows身份验证和放大器; SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！