Intranet站点需要什么“身份验证方法” [英] What 'authentication method' is required for an intranet site

问题描述

我们有一个'内联网网站'，它正被组织内的200名员工使用。



它是

.Net框架版本是v4.0。

身份是'ApplicationPoolIdentity'。

内联网站点认证 - '匿名身份验证'已启用。

- 'ASP.NET模拟和，表单身份验证已禁用。



我有2个混淆。



1.（网站文件夹可从网络位置看到）

Intranet Application文件夹已与所有域用户共享。 - 因此，所有用户都可以看到此文件夹。如果我从Everyone中删除共享，则不会显示登录页面。



网站文件夹不应该对用户可见（通过网络位置），如何解决这个问题。？



2.（用户身份验证）

登录页面将获取UserId和密码，此凭据将使用LDAP身份验证通过Active Directory进行验证。

代码如下：

Hi,

We have an 'Intranet Site' and it's being used by 200 employees inside the organization.

It's
.Net framework version is v4.0.
Identity is 'ApplicationPoolIdentity'.
Intranet-Site Authentication - 'Anonymous Authentication' is enabled.
- 'ASP.NET Impersonation and, Forms Authentication is disabled.

I have 2 confusions.

1. (Website Folders are Visible from the Network locations)
Intranet Application folder has been shared with 'All domain users'. - So, this folder is visible to all users. If i remove the share from 'Everyone', then the login page is not displayed.

The Website folders should not be visible to the users (via Network Locations), How to solve this.?

2. (user authentication)
The Login page will get the UserId and password, this credentials will be verified with the 'Active Directory' using LDAP authentication.
The code follows.

public bool IsAuthenticated(string username, string pwd)
{
            DirectoryEntry entry = new DirectoryEntry(_path, username, EncryptDecrypt.Decrypt(pwd));
            try
            {
                using (HostingEnvironment.Impersonate())
                {
                    //object obj = entry.NativeObject;
                    DirectorySearcher search = new DirectorySearcher(entry);
                    search.ReferralChasing = ReferralChasingOption.None;
                    search.Filter = "(sAMAccountName=" + username + ")";
                    search.PropertiesToLoad.Add("Name");
                    SearchResult result = search.FindOne();

                    if (result != null)
                    {
                        //Update the new path to the user in the directory.
                        _path = result.Path;
                        _filterAttribute = (string)result.Properties["Name"][0];
                        Session["LoggedInUser"] = _filterAttribute;
                        Session.Timeout = 30;
                        return true;
                    }
                    return false;
                }
            }
            catch (Exception ex)
            {
                throw new Exception("Error authenticating user. " + ex.Message);
            }
}

这将验证用户，并显示主页。

这够了吗或者应该使用其他任何方式？



谢谢。



我尝试过：



我从所有人中移除文件夹共享 - 无法访问INTRANET。

如果，INTRANET FOLDER是共享的与域中的每个用户。 - INTRANET可访问

This will validate the user, and the home page will be displayed.
Is this enough or any other ways should be used?

Thanks.

What I have tried:

I removes the folder sharing from 'everyone'- INTRANET is not accessible.
If, the INTRANET FOLDER is shared with every users in the domain. - INTRANET is accessible

推荐答案

启用 Windows 身份验证并禁用匿名多数民众赞成。

启用 Asp.net模拟取决于文件访问权限和其他权限（在下面的链接中说明）。 />
使用以下代码获取已登录用户的 Ntid 。

Enable Windows Authentication and disable Anonymous thats it.
enabling Asp.net Impersonation depends on Permission of File Access and others (explained in the below link).
use the below code to get the Ntid of the logged user.

string userid = HttpContext.Current.User.Identity.Name; // it will be in DomainName/UserName format .. take care of it. 

参考这些文章



ScottGu' s博客 - 食谱：启用Windows身份验证Intranet ASP.NET Web应用程序 [ ^ ]

如何使用ASP.NET MVC创建Intranet站点 [ ^ ]

这篇关于Intranet站点需要什么“身份验证方法”的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！