IIS7和验证问题 [英] IIS7 and Authentication problems
问题描述
我有一个股票标准的ASP.NET网站,部署到我们的开发机器(内部机器在我们的服务器机房)。
i've got a stock standard ASP.NET web site, deployed to our development machine (internal machine in our server room).
现在,这种开发站点可以通过内部和外部用户访问。现在,在IIS6我们曾经有过它,这样的匿名身份验证的被拒绝的关闭的和别的东西上了..给用户转向用户名和密码的弹出式模型箱。我的认为的他们不得不键入一些用户名或密码的web.config文件中定义的? (不是他们的网站账户的用户名/密码)/
Now, this dev site can be accessed by both INTERNAL and EXTERNAL users. Now, in IIS6 we used to have it so that Anonymous Authentication was turned off and something else was turned on .. giving the users a popup model box for username and password. I think they had to type some username or password that was defined in a web.config file? (not their website account username/password)/
现在,用IIS7,当我打开的匿名身份验证关闭的,然后打开的基本或 Windows验证的,我可以访问网站但它试图登录我与这些证书..而不是给用户(使用一些股票的标准asp.net网页表单页面)签署了该帐户。
Now, with IIS7, when i turn Anon Auth off, and turn on Basic or Windows Auth, i get access to the site BUT it's trying to log me in with those credentials .. and not the account the user signed up with (using some stock standard asp.net webform page).
所以...有没有可能锁定了整个网站,并获得测试人员到达现场..这是他们的网站的用户名和密码,不同一般的访问。这些用户名和密码都在现场,而不是使用。
So ... is it possible to 'lock' the entire site and get the testers to get general access to the site .. which is different to their website username and password. Those usernames and passwords are for use in the site instead.
这是否合理?
干杯!
<authentication mode="Forms">
<forms loginUrl="~/Pages/Login.aspx" protection="Validation" timeout="1000000000" requireSSL="false" slidingExpiration="true" defaultUrl="Default.aspx">
</forms>
</authentication>
没有授权的部分。
there is no authorization section.
此外,当我加入文摘验证来IIS7并启用(和禁用everythign人),我得到的弹出窗口(KEWL!),但我不知道我需要的通过。哪里能有什么凭据我手动定义这些凭据(所以他们从网站的独立用户)??
also, when i add 'Digest Auth' to iis7 and enable that (and disable everythign else), i get the pop up window (kewl!) but i'm not sure what credentials i need to pass in. Where can i define those credentials manually (so they are seperate from the website's users) ??
推荐答案
IIS7集成模式不支持IIS6做两个阶段认证。基本上,IIS6将执行其身份验证(Windows),其次是asp.net执行其身份验证(形式)。但随着IIS7,一切都在集成模式下平等的,所以你只能有一个或其他身份验证方法。
IIS7 integrated mode does not support the two phase authentication that IIS6 does. Basically, IIS6 would perform its authentication (windows), followed by asp.net performing its authentication (forms). But with IIS7, everything is equal in integrated mode, so you can only have one or the other authentication methods.
您可以转换应用程序池使用经典模式或按照<一个href=\"http://mvolo.com/blogs/serverside/archive/2008/02/11/IIS-7.0-Two_2D00_Level-Authentication-with-Forms-Authentication-and-Windows-Authentication.aspx\"相对=nofollow>此变通来得到它集成模式下工作。
You can either convert the app pool to use classic mode or follow this workaround to get it working with Integrated mode.
这篇关于IIS7和验证问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
