不同的认证方式不同领域 [英] Different authentication mode for different areas
问题描述
我有一个网站,我工作的两个部分:一个使用正常的窗体身份验证,另一种使用HMAC为基础的认证。该基于一种形式的作品一样正常的(除非使用自定义成员资格提供程序)。
I have two portions of a website I am working on: one that uses normal forms authentication and another that uses an HMAC-based authentication. The forms based one works just as normal (except using a custom membership provider).
最令人沮丧的是,在默认情况下,如果决定使用窗体身份验证重定向所有401响应的认证标签下的根Web.config中指定的loginUrl。在努力将其关闭我的网站的HMAC部分我创建了一个独立的区域,这些控制器住然而,无论身在何处,我把一个<身份验证模式=无> < /认证> 标记(无论是在面积/意见Web.config中,一个Web.config我已经把在该地区的文件夹,或在根Web.config的位置标记(这样做实际上会导致有关标签不属于那里))我看来不能让这件事停止重定向所有401S到loginUrl错误。
The most frustrating thing is that by default, if one decides to use the forms authentication it redirects all 401 responses to the loginUrl specified in the root Web.config under the authentication tag. In an effort to turn this off for the HMAC portion of my site I have created a separate area that those controllers live in. However, no matter where I put a <authentication mode="None"></authentication> tag (whether it be in the area/views Web.config, a Web.config I have placed in the area folder, or under a location tag in the root Web.config (doing that actually causes an error about that tag not belonging there)) I cannot seem to make this thing stop redirecting all 401s to the loginUrl.
任何援助将大大pciated因为这AP $ P $是让我撕了我的头发。
Any assistance would be greatly appreciated as this is making me tear my hair out.
顺便说一句,这个问题已经被问不同的方式,至少<一href="http://stackoverflow.com/questions/13363581/mvc3-multiple-areas-different-authentication-methods">2 <一href="http://stackoverflow.com/questions/8176703/asp-net-mvc-3-areas-and-multiple-authentication-in-web-config">times无(可行)的反应。而我的重点是设置验证方式为无,他们一般集中在改路径的角色(这在我看来是比较容易做的 [授权(角色=基于role1,基于role2,role3)]每个方法属性),这使得我的问题有点不同。如果这是不可能的,也请您告诉我,让我能想出更好的办法来做到这一点。
By the way, this question has been asked different ways at least 2 times with no (viable) responses. While mine focuses on setting the authentication mode to None,theirs generally focused on changing roles for paths (which in my opinion is easier to do with the [Authorize(Roles="role1,role2,role3")] attribute on each method) which makes my question a little different. If this is impossible, please also tell me so that I can figure out a better way to do this.
推荐答案
的的验证元素(ASP.NET设置架构)是唯一有效的在应用程序级别。 您不能在同一个应用程序不同的认证方式。
The authentication Element (ASP.NET Settings Schema) is only valid at the application level. You cannot have different authentication modes in the same application.
您可以,但是,指定一个位置的元素(ASP.NET设置架构)到一个特定区域,并指定一个授权元素(ASP.NET设置架构)里面,允许匿名用户。您还可以将授权元素的应用程序的子目录下的web.config文件。
You can, however, specify a location Element (ASP.NET Settings Schema) to a specific area and specify an authorization Element (ASP.NET Settings Schema) inside it that allows anonymous users. You can also place an authorization element in a web.config file under a child directory of the application.
为了使用两种不同的身份验证方案,你必须到那个区域转换成一个单独的应用程序。它可以,如果你愿意的话,仍然是父应用程序的孩子,但也有一些注意事项。当然,人们的注意事项的,是会话状态不会在两个应用程序之间共享。
In order to use two different authentication schemes, you'll have to convert that area into a separate application. It can, if you wish, still be a child of the parent application, but there are some caveats. One of the caveats, of course, is that session state will not be shared between the two applications.
另外,请参阅<一href="http://stackoverflow.com/questions/4144117/nested-asp-net-application-within-iis-inheriting-parent-config-values">Nested在IIS继承父配置值ASP.NET应用程序?问题的 ASP.NET配置文件层次结构和继承。
这篇关于不同的认证方式不同领域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
