在ASP.NET Core应用中同时启用Windows身份验证和匿名身份验证 [英] Enable both Windows authentication and Anonymous authentication in an ASP.NET Core app

问题描述

我知道这个问题已经被问过很多次了，但是不幸的是，这与ASP.NET Core Web应用程序无关，而与经典的ASP.NET Web应用程序无关.我在互联网上找到的所有答案都帮不了我，因为ASP.NET Core应用程序的IIS配置与经典ASP.NET完全不同.例如，ASP.NET Core使用Kestrel代理，因此ASP.NET中许多相关的配置不在ASP.NET Core中.我基本上已经尝试了所有可以在Internet上找到的东西，但是没有一个帮助我.我希望这就像在IIS中的应用程序上启用匿名身份验证和Windows身份验证一样简单，仅此而已，但是我想它会比这更有用.

I know that this has been asked many times before, but unfortunately not about ASP.NET Core web apps, just the classic ASP.NET web apps. All the answers i've found on the internet don't help me, because the IIS configuration of ASP.NET Core apps is so different than classic ASP.NET. For example, ASP.NET Core uses the Kestrel proxy, so many of the configurations relevant in ASP.NET are not in ASP.NET Core. I've basically tried everything i could possibly found on the Internet but none helped me. I whish it was as simple as enabling both anonymous and windows authentications on the app in IIS and that's it, but I guess it will more work than that.

在单个asp.net核心Web应用程序中同时启用这两种身份验证的过程是什么?

What is the procedure of enabling both these authentications in a single asp.net core web app?

推荐答案

IIS将充当反向代理，并将负责设置用户的Windows身份并将其传输给Kestrel.因此，首先，将IIS设置为允许Windows和匿名身份验证:

IIS will act as a reverse proxy and will be responsible for setting and transmitting to Kestrel the Windows identity of the user. So first, set up IIS to allow both Windows and Anonymous Authentication:

然后，您需要更改web.config以要求IIS将Windows身份(如果找到一个)传输到ASP.NET Core应用程序，如下所示:https://stackoverflow.com/a/42163175/6827240

Then, you need to change your web.config to ask IIS to transmit the Windows identity (in case one is found) to your ASP.NET Core application like that: https://stackoverflow.com/a/42163175/6827240

这时，如果使用"[Authorize]"属性创建控制器动作，则HttpContext.User.Identity.Name;应该具有客户端使用的Windows身份的值.我在这里回复了类似的内容: ASP.NET Core中的特定路由

At this point, if you create a controller action with an "[Authorize]" attribute, HttpContext.User.Identity.Name; should have the value of the Windows identity used by your client. I replied to something similar here: NTLM authentication on specific route in ASP.NET Core

好处是，如果您的客户端未传递Windows身份令牌，则标准控制器操作仍将起作用，而受保护的令牌(使用[Authorize]标记)将失败.

The good thing is that a standard controller action will still work if your client doesn't pass along Windows identity token, while a protected one (using [Authorize] tag) will fail.

PS:我喜欢在详细模式下使用curl.exe来查看授权协议(协商协议，NTLM令牌...)方面正在发生的事情

PS: I like to use curl.exe in verbose mode to see what is happening in terms of authorization protocol (Negotiate protocol, NTLM tokens ...)

这篇关于在ASP.NET Core应用中同时启用Windows身份验证和匿名身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！