IIS7混合模式身份验证 [英] IIS7 Mixed Mode Authentication

问题描述

我们已经准备好开始迁移我们的一些IIS6网站IIS7的，并且应用程序当前使用窗体身份验证。我们已经开始得到来自各网站的一些要求使用Windows身份验证的用户。虽然这是很容易实现（我已经在内部，有与应用没有问题显示，由于预期）的问题则是如何继续保持窗体身份验证时，用于集成Windows不起作用。我已经看到了如何把它在IIS6上配置了多个演练，我可以做IIS7同样的事情，但后来我不得不打开经典模式处理。任何解决方案还应该回到移植到IIS6，如果可能的话，保持构建树简单。

We're getting ready to start migrating some of our IIS6 sites to IIS7, and the application currently uses Forms Authentication. We have started getting some requests from various sites to use the Windows Authentication for the users. While this is easy enough to implement (and I've shown internally that there is no issue with the app, as expected) the question then is how to continue to keep Forms authentication for when Integrated Windows doesn't work. I've seen several walkthroughs on how to have it configured on IIS6, and I could do the same thing on IIS7, but then I have to turn on Classic Mode processing. Any solution should also be back portable to IIS6, if possible, to keep the build tree simple.

那么，什么是我对这个选择？难道我在安装IIS7集成Windows身份验证的应用程序，窗体身份验证在web.config，并重定向401错误错误页，允许他们使用表单进行登录，然后再返回到正规的应用程序？

So what are my options on this? Do I setup the app with Integrated Windows Authentication in IIS7, Forms Auth in the web.config, and redirect 401 errors to an "error page" allowing them to login using forms, then back to the regular app?

当表单很可能需要将被保留合同工，我们的支持人员，如果有人需要访问它从外网他们的网站的情况。所以主要是这对我们的工作人员登录检查功能，并确认错误报告。我建议我们只是认为对我们的支持人员的工作，我们需要一个Windows登录，将永远是活的，然后我们就执行有关谁可以登录该网站本地责任，但有人告诉我，我们会做最好有窗体身份验证。

The case when Forms is likely to be needed is going to be reserved for Contract workers, our support staff, and if someone needs to access it on their site from their Extranet. So primarily it's for our staff to login to check functionality and confirm bug reports. I suggested we just maintain that for our support staff to work, we need a Windows login that will always be live, and then we'll just enforce local responsibility on who can login to the site, but I'm told that we would do better to have Forms Authentication.

有什么想法？我可以张贴一些文章的链接，我已经通读如果这将有助于更好地论坛缩小我的需求。

Any thoughts? I can post some of the links of the articles I've already read through if that would help the forum better narrow my needs.

非常感谢。

TL;博士：如何做IIS7混合模式身份验证（窗体，视窗）不改变经典的管道，仍然能够尽可能使用构建在IIS6

tl;dr: How to do mixed mode authentication (forms, windows) in IIS7 without changing to classic pipeline and still be able to use the build in IIS6 if possible.

推荐答案

没有，这是不完全正确的，但我不能评论的答复做了code座，所以我会发布一个新的答案。 ..

No, that's not quite right, but I can't do a code block in a comment reply, so I'll post a new answer ...

以下code座可以让我控制从IIS7匿名访问，无需在配置数据库渣土有关（其中在IIS6 GUI的变化得到应用）

The following code block allows me to control anon access from IIS7 without having to muck about in the metabase (where GUI changes on IIS6 get applied)

<location path="WindowsLogin.aspx" >
    <system.web>
        <authorization>
            <deny users="?" />
            <allow users="*" />
        </authorization>
    </system.web>
    <system.webServer>
        <security>
            <authentication>
                <anonymousAuthentication enabled="false" />
                <windowsAuthentication enabled="true" />
            </authentication>
        </security>
    </system.webServer>
</location>

这篇关于IIS7混合模式身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！