使用web.config关闭MVC中的身份验证 [英] Turn off Authentication in MVC using web.config

问题描述

我有一个使用[Authorize]属性保护的MVC站点，但在使用Single Sign On的生产站点上，在一对夫妇或不同服务器上的站点上存在问题.我想排除身份验证的原因；有没有一种方法可以通过web.config暂时关闭身份验证，以便无需登录即可访问具有Authorize属性的所有或某些Controller Action?

I have an MVC site, secured using [Authorize] attributes, but have an issue on a production website that uses Single Sign On accross a couple or sites on different servers. I want to rule Authentication out as the cause; is there a way to temporarily turn off the Authentication through web.config so that all or some Controller Actions that have the Authorize Attribute can be accessed without logging in?

我尝试将以下内容添加到web.config:

I have tried adding the following to web.config:

<authentication mode="None" />

但这会导致所有用Authorize Attribute装饰的动作都呈现空白页面.未经授权的操作仍然可以继续工作

But this causes all actions decorated with Authorize Attribute to render blank pages. Actions without Authorize continue to work though

推荐答案

是否可以通过以下方式暂时关闭身份验证 web.config，以便所有或某些具有 无需登录即可访问授权属性?

is there a way to temporarily turn off the Authentication through web.config so that all or some Controller Actions that have the Authorize Attribute can be accessed without logging in?

否，这对于默认框架是不可能的.我很确定MVC源代码中的AuthorizeAttribute将尝试检查并查看用户是否已登录.如果没有经过身份验证的用户，访问将被拒绝.

No, this is not possible with the default framework. I'm pretty sure the AuthorizeAttribute in MVC source code will attempt to check and see if the user is logged in. Without an authenticated user, access would be denied.

这篇关于使用web.config关闭MVC中的身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！