在IIs中托管的基于Windows的身份验证应用程序要求输入用户名和密 [英] Windows based authentication app hosted in IIs asking for username and password

问题描述

我的应用程序中有一个场景，需要获取当前系统登录userName并检查用户名和其他详细信息。如果有效的用户名则需要允许表单重定向到其他页面。为此，我使用代码获取当前登录用户名：

I have a scenario in my application like, need to fetch the current system login userName and check the username with other details. if valid username then need to allow the form to redirect to other page. For that i have used the code to fetch the current login username as :

string userName = HttpContext.Current.User.Identity.Name;

因为我正在使用当前的系统用户详细信息，我去了Windows身份验证模式并在web.cofig文件中写了以下代码

As i am using the current system user details, i went for "windows Authentication mode" and wrote the following code in web.cofig file

<system.web>
    <customErrors mode="Off"/>
    <compilation debug="true" targetFramework="4.0"/>
    <authentication mode="Windows">
    </authentication>
    <identity impersonate="true"/>
    <authorization>
      <deny users="?"/>
    </authorization>
  </system.web>

整个过程在我的本地系统中运行良好。但是在IIS中发布应用程序并在Web浏览器中打开后，它会通过一个提示对话询问用户名和密码凭据。传递当前系统用户名和密码之后，它只会转到应用程序主页面，因为它显示错误，如



HTTP错误401.1 - 未经授权您没有允许使用您提供的凭据查看此目录或页面。



通过goggling回答我做了一些更改，如：在IIS中，转到应用程序之后调整了以下设置：对于身份验证：我禁用了匿名和模拟身份验证，只启用了Windows身份验证



在Windows身份验证中，我选择提供者并将NTLM移到了上层。



这可能是什么原因，如何禁用要求输入用户名和密码的弹出窗口。



谢谢

The whole thing is working fine in my local system. But after publishing the application in IIS and open in web browser it is asking for the username and password credentials with one prompt dialogue. After passsing the current system username and password only it is going to application main page other wise it is showing the error like

"HTTP Error 401.1 - Unauthorized You do not have permission to view this directory or page using the credentials that you supplied."

By goggling for answer i have made some changes like: In IIS, after going to Application i have adjusted the following setting : For authentication : i disabled the "Anonymous and Impersonation" authentication and only enabled the "Windows authentication"

And in windows authentication ,i go for "providers" and Moved the "NTLM" to upper.

what may be the reason for this, How to disable the popup that is asking for the username and password.

Thanks

推荐答案

Internet Explorer将仅使用当前系统凭据登录Windows身份验证站点哪个是在本地Intranet区域。将您的网站添加到该区域，您应该获得与本地副本相同的行为。



http://www.sevenforums.com/tutorials/144766-internet-explorer-security-zones-add-remove-sites.html [ ^ ]



其他浏览器仍然会提示输入用户名和密码。



编辑：事实证明其他浏览器可以自动登录，但并不是很明显。



< h5> Firefox

Internet Explorer will only use the current system credentials to log in to Windows Authenticated sites which are in the Local Intranet zone. Add your site to that zone, and you should get the same behaviour as your local copy.

http://www.sevenforums.com/tutorials/144766-internet-explorer-security-zones-add-remove-sites.html[^]

Other browsers will still prompt for a username and password.

It turns out other browsers can log in automatically, but it's not immediately obvious.

Firefox

https://developer.mozilla.org/en-US/docs/Integrated_Authentication [ ^ ]

Mozilla目前支持允许通过浏览器进行SPNEGO身份验证的网站白名单。此列表旨在由IT部门在将Mozilla分发给最终用户之前进行配置。



首选项为：

Mozilla currently supports a whitelist of sites that are permitted to engage in SPNEGO authentication with the browser. This list is intended to be configured by an IT department prior to distributing Mozilla to end-users.

The preferences are:

pref("network.negotiate-auth.trusted-uris", site-list);
pref("network.negotiate-auth.delegation-uris", site-list);
pref("network.automatic-ntlm-auth.trusted-uris", site-list);

其中，site-list是逗号分隔的URL前缀或域名列表：

where, site-list is a comma-separated list of URL prefixes or domains of the form:

site-list = "mydomain.com, https://myotherdomain.com"

https://addons.mozilla.org/en-US/firefox/addon/integrated-auth-for-firefox / [ ^ $

此附加组件使管理此列表变得更加容易，允许您坚持使用Firefox，但仍使用Windows / NTLM或Kerberos等传递身份验证。

This add-on makes it easier to manage this list, allowing you to stick with Firefox but still use pass-through authentication like Windows/NTLM or Kerberos.

http://www.liquidstate.net/blog/technology / enabled-ntlm-authentication-single-sign-on-firefox / [ ^ ]

Chrome

http://www.liquidstate.net/blog/technology/enabling-ntlm-authentication-single-sign-on-in-firefox/[^]

Chrome

https://productforums.google.com/d/msg/chrome/1594XUaOVKY/8ChGCBrwYUYJ [ ^ ]

Chrome没有单独的页面来指定NTLM自动登录的Intranet URL。它从Internet Explorer的本地Intranet站点列表中获取自动登录的URL。

Chrome doesn't have separate page for specifying intranet URL for NTLM auto login. It takes its URLs for auto login from Internet Explorer's "Local Intranet" sites list.

这篇关于在IIs中托管的基于Windows的身份验证应用程序要求输入用户名和密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！