接收使用集成Windows身份验证的登录提示 [英] Receiving login prompt using integrated windows authentication
问题描述
我在运行IIS 7下一个.NET 3.5的应用程序在Windows 2003服务器上,并不能得到集成Windows身份验证正常工作,我不断地得到提示进行登录。我已经设置Windows身份验证在IIS中启用了禁用所有其他安全类型和我的应用程序的web.config文件认证/授权设置为:
I have a .NET 3.5 application running under IIS 7 on Windows 2003 server and cannot get integrated windows authentication working properly as I continue to get prompted for a login. I have set Windows Authentication to enabled in IIS with all other security types disabled and my application web.config file authentication/authorization is set up as:
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="3.5" />
<authenticationmode="Windows"/>
<authorization>
<deny users = "?" />
</authorization>
</system.web>
通过这个设置,我期待的Windows用户的现场审核后方允许访问和拒绝匿名用户。不过,我得到的操作系统是Windows登录弹出,当我尝试访问该网站。
With this setup, I'm expecting behind the scene verification of the Windows user to allow access and deny anonymous users. However, what I'm getting is a Windows login pop-up when I try to access the site.
我一直在解决此问题的几天,不能找出问题。根据对类似问题的帖子,我证实了我的网址不包含任何时期,双重检查我的IE设置被设置为启用集成Windows身份验证,也增加了我的网址我的Intranet站点,但仍然得到弹出。
I have been troubleshooting this issue for a few days now and cannot figure out the problem. Based on posts with similar problems, I confirmed my URL does not include any periods, double checked that my IE settings are set to Enable Integrated Windows Authentication, and also added my URL to my intranet sites, but still getting the pop-up.
要进一步解决的话,我启用匿名身份验证在IIS和修改我的web.config文件,这让我右,然后加入的Response.Write(System.Security.Principal.WindowsIdentifity.getcurrent()。user.name。的toString())来尝试看看在验证正在使用的用户。我得到的结果是IIS APPPOOL \\的myapp这显然是我的应用程序IIS应用程序池。
To troubleshoot it further, I enabled Anonymous Authentication in IIS and modified my web.config file to which lets me right in and then added Response.Write(System.Security.Principal.WindowsIdentifity.getcurrent().user.name.toString()) to try to see what user is being used in the authentication. The result I'm getting is IIS APPPOOL\myapp which is obviously the IIS application pool for my application.
我真的AP preciate任何帮助,任何人都可以提供,这样我仍然只使用Windows身份验证,但没有得到弹出,并针对实际的Windows用户执行的Windows身份验证。
I really appreciate any help anyone can provide so that I'm still using only windows authentication but don't get the pop-up and the windows authentication is performed against the actual Windows user.
感谢。
进一步排除故障后,附加说明:
Additional note after troubleshooting further:
就注意到,当登录失败,Windows再次登录提示符,它显示了试图登录为SERVERNAME用户名\\USERNAME,这使我相信它试图验证用户对服务器与域。为了证实这一点,我在应用服务器上直接创建一个本地用户帐户作为网络域用户相同的用户名和密码,并试图重新登录。其结果是,我再次接到登录提示,但是当我输入的用户名和密码这时候,我能够成功登录。网络用户和应用服务器都在同一个域所以真的不知道为什么IIS身份验证指向本地应用程序服务器帐户,而不是域帐户。我意识到这是在这一点上一个IIS问题,以便张贴在forums.iis.net很好,但AP preciate任何意见,任何人都可能有,因为已经好几天解决此。
Just noticed that when the login fails and the Windows login prompt displays again, it is showing the username that attempted to login as "SERVERNAME"\"USERNAME" which led me to believe it was trying to validate the user against the server vs. the domain. To confirm this, I created a local user account directly on the app server with the same username and password as the network domain user and tried to login again. The result was that I received the login prompt again but when I entered the username and password this time, I was able to successfully login. The network user and app server are on the same domain so really not sure why IIS authentication is pointing to the local app server accounts and not to the domain accounts. I realize this is an IIS question at this point so posting on forums.iis.net as well but appreciate any advice anyone may have since have been troubleshooting this for days.
推荐答案
我有我的工作在Windows 2008服务器,所以我的答案是不完全一样的什么OP具有Windows 2003服务器上。
I have a Windows 2008 server that I'm working on, so my answer is not completely the same as what the OP has on a Windows 2003 server.
下面是我做的(这个记录在这里,所以我以后能找到它)。
Here is what I did (recording this here so I can find it later).
我有同样的问题:
在我的的Web.config 文件,我有这个部分:
In my Web.config file, I had this section:
<system.web>
<authentication mode="Windows" />
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
</system.web>
在IIS下,所有这些似乎在验证图标下得到解决。
- 编辑权限:请确保您的ASP.NET帐户有权。矿最初未加入。
现在进入的功能的验证
启用匿名身份验证与 IUSR :
启用 Windows身份验证,然后右键单击设置提供
Enable Windows Authentication, then Right-Click to set the Providers.
NTLM需要先!
接下来,检查在高级设置... 在扩展保护是接受和启用内核模式身份验证检查:
Next, check that under Advanced Settings... the Extended Protection is Accept and Enable Kernel-mode authentication is CHECKED:
在我这样做,我回到我的Web应用程序,点击浏览链接,并登录,而无需再次提供我的凭据。
Once I did this, I went back to my web application, clicked the Browse link, and logged in without having to provide my credentials again.
我希望这证明你们很多有益的,我希望这对我来说是非常有用以后也是如此。
I hope this proves beneficial to many of you, and I hope it is useful for me later as well.
这篇关于接收使用集成Windows身份验证的登录提示的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
