Windows身份验证真正如何工作? Web.config似乎还不够 [英] How does Windows Authentication really work? Web.config seems not enough
问题描述
尝试修复Windows身份验证.目标:Windows身份验证.使用Firefox,应显示一个登录对话框,而使用Internet Explorer,则Windows用户名和密码应自动转到Web服务器.
Trying to fix windows authentication. Objective: Windows Authentication. With Firefox a login dialog should appear, while with Internet Explorer the windows user name and password should go to the web server automatically.
我使用Empty模板建立了一个非常小的Web应用程序项目. Web.config看起来像这样:
I set up a really small web application project, using the Empty template. Web.config looks like this:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5"/>
<httpRuntime targetFramework="4.5"/>
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
<system.codedom>
<compilers>
<compiler language="c#;cs;csharp" .../>
<compiler language="vb;vbs;visualbasic;vbscript" ..."/>
</compilers>
</system.codedom>
</configuration>
在FF或IE中运行此站点将给出401未经授权的响应,而不是登录对话框.为什么?
Running this site in FF or IE gives a 401 Unauthorized response, instead of a login dialog. Why?
然后,我创建了另一个新的Web应用程序项目,现在将WinForms模板和Authentication设置为Windows.这会创建一些半有趣的伪造内容,包括带有菜单的页面标题和已登录用户的Windows名称的显示.
Then I created another new web application project, now with the WinForms template and Authentication set to Windows. This creates some semi-interesting fake content, including a page header with a menu and a display of the windows name of the logged in user.
在web.config中,我将授权更改为:
In the web.config I changed the authorization to:
<allow users="*"/>
在FF中运行此站点会显示一个登录对话框,在IE中会显示一个页面,标题中包含我的Windows用户名.
Running this site in FF shows a login dialog, in IE it shows the page with my windows user name in the header.
现在我更改为:
<authentication mode="None" />
在FF中运行此站点将显示登录对话框,而我希望无需登录即可看到该页面.使用IE,该页面显示的标题中没有我的Windows用户名.
Running this site in FF shows the login dialog, while I expected to just see the page without having to log in. With IE, the page shows without my windows user name in the header.
我的结论是,设置身份验证不仅需要web.config中的这两个地方.如果我对此有所了解,则可以在实际的Web项目中解决一些类似的问题.请帮忙!
My conclusion is that there is more to setting the authentication than just those two places in web.config. If I knew more about this, I could fix some similar problems in my real web projects. Please Help!
推荐答案
经过一夜的睡眠,我想到了搜索Web服务器的配置的想法.原来VS2015使用IIS Express.在 SO 上,我发现IIS Express配置文件位于解决方案的.vs目录中,新项目模板在该目录中写道:匿名访问已禁用.即使web.config的Authentication Mode = None,这也解释了Firefox中的登录对话框.
After a night of good sleep I got the idea to search for the configuration of the web server. It turned out VS2015 uses IIS Express. On SO I found that the IIS Express config file is in the solution's .vs directory, where the New Project template wrote that anonymous access is disabled. That explains the login dialog in Firefox even if the web.config has Authentication Mode=None.
我还从VS2015解决方案资源管理器中的 Hanselman 中找到了一些有趣的信息:在项目上按F4键,以查看一些在属性页"中找不到的项目.例如.启用/禁用了匿名身份验证,但这似乎与.vs!?
I found also some interesting info from Hanselman: in the VS2015 Solution Explorer press F4 on the project to see some items that you don't find in the Property Pages. E.g. Anonymous Authentication Enabled/Disabled, but this seems not related to the config in .vs !?
似乎某些事情无法简单化.我使用Apache Web服务器时,对大量的设置感到吃惊,但至少每个设置都有清晰的记录. Windows以使GUI工具使用户界面友好而著称,因此我发现不幸的是,仍然不得不处理文档较少的选项,例如隐藏目录.vs中的xml配置文件.
It seems that certain things just cannot be made simple. I worked with the Apache web server and was daunted by the enormous collection of settings, but at least each of these was documented clearly. Windows has a reputation of making things user-friendly with GUI tools, so I find it unfortunate to still have to deal with less documented options like in xml config files in the hidden directory .vs .
这篇关于Windows身份验证真正如何工作? Web.config似乎还不够的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
