在集成管道模式下使用IIS进行基本身份验证和表单身份验证 [英] Basic and Forms Authentication with IIS in Integrated Pipeline mode

问题描述

我的ASP.Net网站使用表单身份验证来允许注册用户登录其帐户-保护文件夹/account/.

为了管理(内容管理等)目的，我们还有一个/cms/文件夹，该文件夹由基本身份验证保护.

该网站的其余部分可以公开访问，而无需登录.

我们已经在经典管道模式下运行IIS7，并且此设置运行良好.但是，我们最近更改为集成管道"模式.

由于更改，/cms/部分的行为很奇怪:浏览至/cms/时，基本身份验证提示会按预期出现，并且登录工作正常.然后导航到/cms/文件夹中的任何页面也可以正常工作.但是，如果我直接浏览到/cms/中的其他文件，例如，输入www.mysite.com/cms/mypage.aspx，则会重定向到表单身份验证"登录页面.以注册用户身份登录后，我将重定向到/cms/文件夹中的请求页面，然后获得基本身份验证提示.然后，在输入/cms/登录详细信息后，进入所需的页面.

将应用程序池的管道模式切换回经典模式可解决此问题. IE.将两个登录方法分开.但是，我宁愿使用集成模式.

有谁知道让它在集成管道模式下工作的方法吗?

我的根web.config文件中的表单身份验证部分如下所示:

My ASP.Net web site uses Forms Authentication to allow registered users to log into their account - protects the folder /account/.

For administrative (content management etc.) purposes we also have a /cms/ folder which is secured by basic authentication.

The rest of the site is publicly accessible with neither login.

We''ve been running IIS7 in Classic Pipeline mode and this setup has worked fine. However, we recently changed to Integrated Pipeline mode.

Since the change, the /cms/ section behaves strangely: when browsing to /cms/ the basic authentication prompt comes up as expected, and login works fine. Then navigating to any page within the /cms/ folder works fine too. However, if I directly browse to a different file within /cms/, for example I enter www.mysite.com/cms/mypage.aspx, then I get redirected to the Forms Authentication login page. After logging in as a registered user, I then get redirected back to the requested page in the /cms/ folder and then get the basic authentication prompt. Then, after entering the /cms/ login details, I get to the page I wanted.

Switching the Pipeline mode of the application pool back to Classic mode fixes the problem. I.e. keeps the two login methods separate. However, I''d prefer to be using Integrated mode.

Does anyone know of a way to get this to work in Integrated Pipeline mode?

The forms authentication section in my root web.config file looks like this:

<authentication mode="Forms">
    <forms name=".formsauth" loginUrl="/login.aspx" protection="All" timeout="300" path="/"/>
</authentication>

/account/文件夹中的web.config文件(我正在保护的文件)如下所示:

And the web.config file in the /account/ folder (the one I''m protecting) looks like this:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <system.web>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</configuration>

/cms/文件夹也设置为也需要HTTPS-但我不认为这会影响我的特定问题.

The /cms/ folder is setup to require HTTPS as well - but I don''t think this affects my specific issue.

推荐答案

通过一些额外的配置.是否此 [

It looks like you might have to go through a little extra config. Does this[^] help?

这篇关于在集成管道模式下使用IIS进行基本身份验证和表单身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！