asp.net windows身份验证 [英] asp.net windows authentication
问题描述
我需要什么设置,以实现以下?
What settings do I need to accomplish the following?
IIS6服务器坐在域1
IIS6 Server sits on Domain1
从域2的用户访问,例如域2 \\用户
Users access from Domain2, eg Domain2\User
我想
WindowsIdentity ident = WindowsIdentity.GetCurrent();
返回域2 \\用户没有域1 \\ IUSR_SERVER
to return Domain2\User not Domain1\IUSR_SERVER
当前设置
我在配置为集成Windows身份验证IIS验证检查,其余的清晰,能正常工作时相同的服务器IIS服务器上。
I have the authentication in IIS configured as "Integrated Windows Authentication" checked, the rest clear, this works fine when on the same server as the IIS server.
在web.config中:
In web.config:
<authentication mode="Windows"/>
<identity impersonate="true"/>
跨域这些设置提示进行登录。
Cross domain these settings prompts for a login.
推荐答案
这两个领域需要有一个信任关系创建(如果他们是应该已经存在同一林中的一部分),那么有可能是一个需要配置一些代表团(公元说话的东西在这里没有.NET)。
The two domains need to have a trust relationship created (if they are part of the same forest that should already exist), then there may be a need to configure some delegation (talking AD stuff here not .NET).
客户端和服务器之间的认证必须使用协商和Kerberos,这反过来又意味着时钟需要与在5分钟内对方,这同样不应该是一个问题,当两个域属于同一林。
The authentication between client and server must use negotiate and kerberos, which in turn means clocks need to be with in 5 minutes of each other, again this shouldn't be a problem when both domains belong to the same forest.
这篇关于asp.net windows身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!