Active Directory授权:IIS与Visual Studio Dev服务器 [英] Active Directory authorization: IIS vs Visual Studio Dev server

问题描述

我有一个使用Active Directory授权的Web项目(所有带有AuthorizeAttribute标记的控制器).在web.config中，我具有以下身份验证部分:

I have a web project that uses Active Directory authorization (All controllers marked with AuthorizeAttribute). In web.config i have following authentification section:

<authentication mode="Windows" />
<authorization>
  <deny users="?" />
</authorization>

问题是: 当我在Visual Studio Development Server下运行项目时，一切正常，它会弹出授权窗口，输入登录名/密码后，我可以看到所有站点内容.

The problem is: When i run project under Visual Studio Development Server everything goes fine, it pops authorization window, after entering login/password i can see all site contents.

但是，当我尝试在IIS(7.5)下运行它时，仍然会弹出授权窗口，但是登录名/密码始终不正确(看起来它无法访问AD). 站点配置为使用Windows授权.应用程序池使用Windows登录名/密码运行.我想念什么?

But, when i try to run it under IIS (7.5) authorization window still pops, but login/password is always incorrect (looks like it cannot access AD). Site is configured to use windows authorization. Application pool runs using my windows login/password. What am i missing?

推荐答案

如果您的主机头文件指向127.0.0.1，则可能是身份验证环回检查.

If your host header file is pointing to 127.0.0.1, it may be the authentication loopback check.

如果是这种情况，答案已在

If that is the case, the answer is already detailed at why does windows authentication / impersonation fail on asp.net application with iis 7.5 / windows 7 /. In short, open regedit, and add a DWORD DisableLoopbackCheck = 1 to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.

这篇关于Active Directory授权:IIS与Visual Studio Dev服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！