Windows身份验证在带有ASP.NET Core的IIS上不起作用 [英] Windows Authentication Does not work on IIS with ASP.NET Core

问题描述

我正在尝试将Windows身份验证用于ASP.NET Core MVC应用程序.以下是问题陈述.

当应用程序与IISExpress一起运行时，它可以正常运行.但是，当它在IIS中配置为站点并运行时，它会提示输入凭据，甚至在输入更正的凭据后，应用程序也会显示错误页面，状态为401.

详细信息:该应用程序是启用Windows身份验证的普通样板ASP.NET Core MVC应用程序.我正在尝试寻找一种可以在实际应用中使用的解决方案.

框架:.NET Core 2.2

环境:Windows Server 2019计算机上带有IIS 10.0的Visual Studio 2019

以下是我在样板应用程序中所做的更改.将Startup.cs文件更改为使用身份验证.

  public void ConfigureServices(IServiceCollection服务){services.Configure< CookiePolicyOptions>(options =>{//此lambda决定对于给定的请求是否需要用户同意非必要的cookie.options.CheckConsentNeeded =上下文=>真的;options.MinimumSameSitePolicy = SameSiteMode.None;});services.Configure< IISOptions>(options =>{options.AutomaticAuthentication = true;});services.AddAuthentication(IISDefaults.AuthenticationScheme);services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);} 

在Startup.cs文件的 Configure 方法中添加了以下代码行.

  app.UseAuthentication(); 

在项目属性中启用了Windows身份验证以进行调试，并使用OutProcess托管模型配置了IIS托管.

在启用了Windows身份验证的IIS中将应用程序配置为网站.

我尝试过的事情.

1. 试图在web.config文件中添加 forwardWindowsAuthToken =" true" .
2. 尝试在浏览器的Internet选项的本地Intranet"站点中添加站点.
3. 在WebHostBuilder的Program.cs中尝试使用 UseIIS().

我尝试过的StackOverflow问题中的建议.

这样，当我浏览http://localhost:8081时，它将当前用户登录而没有任何问题.但是，当我使用任何绑定名称(例如 sample.localapp.com )对其进行配置时，它将开始提示输入凭据，但从不接受.

提前谢谢.

解决方案

请将IIS_IUSRS添加到发布文件夹或Web应用程序所在的位置

I am trying to use Windows Authentication for ASP.NET Core MVC application. Following is the problem statement.

When application is run with IISExpress, it runs without any issues. But when it is configured as a site in IIS and run, it prompts for credentials and even after entering corrected credentials application shows error page with status 401.

Details: Application is a plain boiler plate ASP.NET Core MVC application with Windows Authentication enabled. I am experimenting to find a solution to use in the actual application.

Framework : .NET Core 2.2

Environment: Visual Studio 2019 on Windows Server 2019 machine with IIS 10.0

Following are the changes I made in the boiler plate application. Changes in Startup.cs file to use authentication.

public void ConfigureServices(IServiceCollection services)
{
    services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        services.Configure<IISOptions>(options =>
        {
            options.AutomaticAuthentication = true;
        });

        services.AddAuthentication(IISDefaults.AuthenticationScheme);

        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}

Added following line of code in Configure method in Startup.cs file.

app.UseAuthentication();

Enabled windows authentication for debug in Project Properties and configured IIS hosting with OutProcess hosting model.

Configured application as a website in IIS with Windows Authentication enabled.

Things I have tried.

1. Tried adding forwardWindowsAuthToken="true" in web.config file.
2. Tried adding the site in Local Intranet sites in Internet options of browser.
3. Tried using UseIIS() in Program.cs for WebHostBuilder.

Suggestions from StackOverflow questions I tried.

Asp.Net core MVC application Windows Authentication in IIS

ASP.Net Core: keep windows authentication

Asp.Net Core Windows Authentication Not Working in IIS

If I enabled Windows Authentication on both IIS and on Application, the application prompts for credentials when browsed. Even after entering current credentials it does not go thru and re-prompts. After attempting 3 times the application shows error page with 401 error.

I believe configurations are correct if I application is prompting for credentials, but I am fail to understand why it is not accepting the user login even after providing corrected credentials.

Note : All the activities, development, debugging, hosting etc are happening on the same Windows 2019 server machine. And the machine is hosting a domain controller too and login is attempted with one of the valid domain users.

I am completely clueless right now and anything I try results in the same issue at the end. Feel free to ask if any more details required.

EDIT 1 ----------------------------------------------

I got little success with configuring my site on IIS with port 8081 and with not binding name.

This way when I browse http://localhost:8081 it logs the current user in without any problem. But when I configure it with any binding name such as sample.localapp.com it starts prompting for credentials but never accept it.

Thanks in advance.

解决方案

Please add IIS_IUSRS to the publish folder or where your web application located

这篇关于Windows身份验证在带有ASP.NET Core的IIS上不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！