Rails应用程序，IIS 8.5中具有Windows身份验证的REMOTE_USER属性 [英] Rails app, REMOTE_USER attribute in IIS 8.5 with windows authentication

问题描述

我已经设置了一个IIS 8.5服务器，该服务器使用HttpPlatformHandler和Windows身份验证运行Rails应用程序.我们还尝试将ARR用作反向代理，其结果相同.

I have setup a IIS 8.5 server that runs a rails app using HttpPlatformHandler and Windows authentication. We have also tried using ARR as reverse proxy with same results.

这一切都可以正常工作，使用kerberos对用户进行身份验证，并且禁用了匿名身份验证，在那里没有问题. 我们可以拒绝特定的用户并看到它的效果.

This all works completely fine, users are authenticated using kerberos, and anonymous authentication is disabled, no problem there. We can deny specific users and see that it has effect.

问题是http响应标头中的任何地方都没有REMOTE_USER或AUTH_USER属性.但是HTTP_AUTHORIZATION标头已设置，并且例如为协商YIIHJAYGKw ....".

The problem is that there is no REMOTE_USER or AUTH_USER attribute anywhere in the http response headers. However the HTTP_AUTHORIZATION header is set and is eg "Negotiate YIIHJAYGKw....".

我们也没有找到解码HTTP_AUTORIZATION标头的合理方法.

We haven't found a reasonable way to decode the HTTP_AUTORIZATION header either.

任何形式的帮助将不胜感激.

Any form of help would be much appreciated.

推荐答案

要解决此问题，您需要在运行IIS的服务器上安装helicontech的ISAPI_Rewrite 3.下载网址在这里: ISAPI_Rewrite 3 .

To fix this, you need to install helicontech's ISAPI_Rewrite 3 on the server running IIS. download url is here: ISAPI_Rewrite 3.

之后，导航到安装文件夹，默认为C:\Program Files\Helicon\ISAPI_Rewrite3

After that navigate to the install folder, the default is C:\Program Files\Helicon\ISAPI_Rewrite3

您将在其中找到一个名为httpd.conf的文件，将其打开并添加:

In there you will find a file called httpd.conf, open it up and add:

RewriteBase /
RewriteCond %{REQUEST_URI} ^/.*
RewriteHeader X-Remote-User: .* %{REMOTE_USER}

现在，您将能够通过以下方式在红宝石代码中获取远程用户名:

Now you will be able to get the remote username in your ruby code with:

request.env['HTTP_X_REMOTE_USER']

这篇关于Rails应用程序，IIS 8.5中具有Windows身份验证的REMOTE_USER属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！