Windows授权 [英] Windows Authorization
问题描述
我正在尝试在工作中设置一个内部网,它将使用我们的Active目录
来授权我们的用户。我们还希望他们从外面(例如在家)的
访问该网站,并通过我们的Active Directory进行身份验证。
我们不要''我想设置一个单独的Sql设置。
我试图像这样设置我的Web.config文件:
*** *********************************************** *** *****
<?xml version =" 1.0"编码= QUOT; UTF-8英寸?>
< configuration>
<! - DYNAMIC DEBUG COMPILATION
设置编译debug =" true" ;将调试符号(.pdb
信息)
插入编译页面。因为这会创建一个更大的文件,而b / b
执行速度更慢,所以只有在调试
和
其他所有时间都是
false。有关更多信息,请参阅
文档,了解
调试ASP.NET文件。
- >
< compilation defaultLanguage =" vb"调试= QUOT;真" />
<! - 自定义错误消息
设置customErrors mode =" On"或者RemoteOnly或RemoteOnly。启用自定义错误
消息,关闭消息禁用。
添加<错误>您要处理的每个错误的标签。
- >
< customErrors mode =" Off" />
<! - AUTHENTICATION
此部分设置应用程序的身份验证策略。
可能的模式是Windows,
" Forms"," Passport"和无
- >
<身份验证模式=" Windows" />
<! - 授权
本节设置应用程序的授权策略。
您可以允许或拒绝用户或角色访问应用程序资源的
。通配符:*意思是
每个人,?表示匿名
(未经身份验证的)用户。
- >
< authorization>
允许用户= " * QUOT; />
< / authorization>
<! - 应用程序级别跟踪记录
应用程序级别跟踪为每个页面启用跟踪日志输出
在应用程序中。
设置跟踪启用=" true"启用应用程序跟踪日志记录如果
pageOutput =" true",
跟踪信息将显示在每个页面的底部。
否则,您可以查看
应用程序跟踪日志,浏览trace.axd您的
网络应用程序页面
root。
- >
< trace enabled ="假QUOT; requestLimit = QUOT; 10" pageOutput =" false"
traceMode =" SortByTime"设置LocalOnly ="真" />
<! - 会话状态设置
默认情况下,ASP.NET使用cookie来识别哪些请求属于某个特定的
会话。
如果没有cookie,可以通过向URL添加
会话标识符来跟踪会话。
要禁用cookie, set sessionState cookieless =" true"。
- >
< sessionState
mode =" InProc"
stateConnectionString =" tcpip = 127.0.0.1:42424"
sqlConnectionString =" data source = 127.0.0.1; user id = sa; password ="
cookieless =" false"
timeout =" 20"
/>
<! - 全球化
此部分设置应用程序的全球化设置。
- >
< globalization requestEncoding =" utf-8"的ResponseEncoding = QUOT; UTF-8英寸/>
< /system.web>
< / configuration>
*** *********************************************** *** ******
我还将Web应用程序设置为集成Windows安全性。
但是当我尝试访问第一页时,它让我没有问我的
凭证。
我还需要做些什么才能让它发挥作用?
谢谢,
Tom
I am trying to set up an intranet at work that will use our Active directory
to authorize our users. We also want them to access the site from the
outside (such as at home) and also be authenticated by our Active Directory.
We don''t want to set up a separate Sql setup.
I tried to set up my Web.config file like so:
************************************************** ********
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to insert debugging symbols (.pdb
information)
into the compiled page. Because this creates a larger file that
executes
more slowly, you should set this value to true only when debugging
and to
false at all other times. For more information, refer to the
documentation about
debugging ASP.NET files.
-->
<compilation defaultLanguage="vb" debug="true" />
<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom error
messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.
-->
<customErrors mode="Off" />
<!-- AUTHENTICATION
This section sets the authentication policies of the application.
Possible modes are "Windows",
"Forms", "Passport" and "None"
-->
<authentication mode="Windows"/>
<!-- AUTHORIZATION
This section sets the authorization policies of the application.
You can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
allow users="*" />
</authorization>
<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page
within an application.
Set trace enabled="true" to enable application trace logging. If
pageOutput="true", the
trace information will be displayed at the bottom of each page.
Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your
web application
root.
-->
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong
to a particular session.
If cookies are not available, a session can be tracked by adding a
session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user id=sa;password="
cookieless="false"
timeout="20"
/>
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
</configuration>
************************************************** *********
I also set the Web Application to Integrated Windows security.
But when I try to access first page, it lets me without asking my
credentials.
What else do I need to do to get this to work?
Thanks,
Tom
推荐答案
< authorization>
允许users =" *" />
< / authorization>
这意味着:访问所有用户。
更改to:
< authorization>
allow users =" *" />
拒绝用户="?" />
< / authorization>
Riki
tshad写道:
<authorization>
allow users="*" />
</authorization>
This means: access to all users.
Change it to:
<authorization>
allow users="*" />
deny users="?" />
</authorization>
Riki
tshad wrote:
我正在尝试在工作中设置一个Intranet,它将使用我们的Active
目录来授权我们的用户。我们还希望他们从外面(例如在家)访问
网站,并通过我们的Active Directory进行身份验证。
我们不想设置单独的Sql设置。
我试图设置我的Web.config文件:
*************** *********************************** ********
<? xml version =" 1.0"编码= QUOT; UTF-8英寸?>
< configuration>
<! - DYNAMIC DEBUG COMPILATION
设置编译debug =" true"将调试符号
(。pdb信息)插入编译页面。因为这会创建一个更慢的执行
的更大文件,所以只有在调试时才将此值设置为true,并且在其他任何时候都应该设置为false。有关更多信息,请参阅
有关调试ASP.NET文件的文档。
- >
< compilation defaultLanguage =" vb"调试= QUOT;真" />
<! - 自定义错误消息
设置customErrors mode =" On"或者RemoteOnly或RemoteOnly。启用自定义
错误消息,关闭禁用。
添加<错误>您要处理的每个错误的标签。
- >
< customErrors mode =" Off" />
<! - AUTHENTICATION
本节设置
应用程序的身份验证策略。可能的模式是Windows,
Forms,Passport和Passport。和无
- >
<身份验证模式=" Windows" />
<! - AUTHORIZATION
此部分设置
申请的授权政策。您可以允许或拒绝用户或角色访问应用程序资源。通配符:*意思是
每个人,?表示匿名
(未经身份验证的)用户。
- >
< authorization>
允许users =" *" />
< / authorization>
<! - 应用程序级跟踪记录
应用程序级跟踪为每个页面内的每个页面输出跟踪日志应用程序。
Set trace enabled =" true"启用应用程序跟踪记录。如果pageOutput =" true",
跟踪信息将显示在每个页面的底部。否则,您可以通过浏览trace.axd来查看
应用程序跟踪日志。来自
您的网络应用程序的页面
根。
- >
< trace enabled =" false" requestLimit = QUOT; 10" pageOutput =" false"
traceMode =" SortByTime"设置LocalOnly ="真" />
<! - 会话状态设置
默认情况下,ASP.NET使用cookie来识别哪些请求属于特定会话。
如果cookie如果不可用,可以通过向URL添加会话标识符来跟踪会话。
要禁用cookie,请设置sessionState cookieless =" true"
- >
< sessionState
mode =" InProc"
stateConnectionString =" tcpip = 127.0.0.1:42424"
sqlConnectionString =" data source = 127.0.0.1; user
ID = SA;密码= QUOT; cookieless =" false"
timeout =" 20"
/>
<! - 全球化
此部分设置<的全球化设置应用程序。 - >
< globalization requestEncoding =" utf-8"的ResponseEncoding = QUOT; UTF-8英寸/>
< /system.web>
< / configuration>
*************** *********************************** *********
我还将Web应用程序设置为集成Windows安全性。
但是当我尝试访问第一页时,它让我无需查询我的凭证。
我需要做些什么才能让它发挥作用?
谢谢,
Tom
I am trying to set up an intranet at work that will use our Active
directory to authorize our users. We also want them to access the
site from the outside (such as at home) and also be authenticated by
our Active Directory.
We don''t want to set up a separate Sql setup.
I tried to set up my Web.config file like so:
************************************************** ********
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to insert debugging symbols
(.pdb information)
into the compiled page. Because this creates a larger file
that executes
more slowly, you should set this value to true only when
debugging and to
false at all other times. For more information, refer to the
documentation about
debugging ASP.NET files.
-->
<compilation defaultLanguage="vb" debug="true" />
<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom
error messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.
-->
<customErrors mode="Off" />
<!-- AUTHENTICATION
This section sets the authentication policies of the
application. Possible modes are "Windows",
"Forms", "Passport" and "None"
-->
<authentication mode="Windows"/>
<!-- AUTHORIZATION
This section sets the authorization policies of the
application. You can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
allow users="*" />
</authorization>
<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every
page within an application.
Set trace enabled="true" to enable application trace
logging. If pageOutput="true", the
trace information will be displayed at the bottom of each
page. Otherwise, you can view the
application trace log by browsing the "trace.axd" page from
your web application
root.
-->
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests
belong to a particular session.
If cookies are not available, a session can be tracked by
adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user
id=sa;password=" cookieless="false"
timeout="20"
/>
<!-- GLOBALIZATION
This section sets the globalization settings of the
application. -->
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
</configuration>
************************************************** *********
I also set the Web Application to Integrated Windows security.
But when I try to access first page, it lets me without asking my
credentials.
What else do I need to do to get this to work?
Thanks,
Tom
On Sun,2006年6月18日09:49:57 +0200,Riki写道:
On Sun, 18 Jun 2006 09:49:57 +0200, Riki wrote:
< authorization>
allow users =" *" />
< / authorization>
这意味着:访问所有用户。
将其更改为:
<授权>
允许用户=" *" />
拒绝用户="?" />
< / authorization>
Riki
<authorization>
allow users="*" />
</authorization>
This means: access to all users.
Change it to:
<authorization>
allow users="*" />
deny users="?" />
</authorization>
Riki
实际上,拒绝应该是第一个。 ASP.NET的工作方式是它只需要处理规则,直到达到成功的规则为止。由于你列出了
允许users =" *",这意味着允许所有人,该规则将首先评估
,因为这将成功,它将不会评估
拒绝未经身份验证的用户的第二条规则。
Actually, the deny should be first. The way ASP.NET does things is that it
only processes rules until it reaches one that succeeds. Since you list
allow users="*", which means allow everybody, that rule will be evaluated
first, and since this will succeed, it will not evaluate the second rule to
deny unauthenticated users.
" Erik Funkenbusch" < ER ** @ despam-funkenbusch.com>在消息中写道
news:12 *************** @ funkenbusch.com ...
"Erik Funkenbusch" <er**@despam-funkenbusch.com> wrote in message
news:12***************@funkenbusch.com...
On Sun,2006年6月18日09:49:57 +0200,Riki写道:
On Sun, 18 Jun 2006 09:49:57 +0200, Riki wrote:
< authorization>
allow users =" *" />
< / authorization>
这意味着:访问所有用户。
将其更改为:
<授权>
允许用户=" *" />
拒绝用户="?" />
< / authorization>
Riki
实际上,拒绝应该是第一位的。 ASP.NET做事的方式是
<authorization>
allow users="*" />
</authorization>
This means: access to all users.
Change it to:
<authorization>
allow users="*" />
deny users="?" />
</authorization>
Riki
Actually, the deny should be first. The way ASP.NET does things is that
它只处理规则,直到达到成功的规则。既然你列出了
allow users =" *",这意味着允许每个人,那么该规则将首先被评估,并且由于这将成功,它将不会评估第二个规则
to否认未经验证的用户。
it only processes rules until it reaches one that succeeds. Since you list
allow users="*", which means allow everybody, that rule will be evaluated
first, and since this will succeed, it will not evaluate the second rule
to deny unauthenticated users.
我做了更改(有一个小错误,哪里是缺少左边
角支架)但是我我仍然可以通过Windows的任何
登录屏幕进入主页。
还有什么我需要做的吗?
请记住,我在家并尝试登录,因此应该要求进行
登录。
谢谢,
Tom
I did make the change (there was a small error where is was missing the left
angle bracket) but I am still able to get to the home page with out any
logon screen from windows.
Is there something else I need to do?
Remember, I am at home and trying to log on, so it should be asking be for a
logon.
Thanks,
Tom
这篇关于Windows授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
