如何使用PowerShell中的Windows Server 2012 IIS网站上启用Windows身份验证？ [英] How to enable Windows Authentication on a Windows Server 2012 IIS website using Powershell?

问题描述

从终端到终端的，一个人如何去了解Windows Server 2012中对ASP.NET应用程序设置Windows身份验证？

From end-to-end, how does one go about setting Windows Authentication on a ASP.NET app in Windows Server 2012?

在早期版本的IIS，你可能只是设置＆LT;认证＆GT; ，＆LT;身份＆GT; ，和＆LT;授权方式＆gt; 在 web.config设置，并用它做

In earlier versions of IIS, you could just set <authentication>, <identity>, and <authorization> settings in the Web.Config and be done with it.

<!-- Web.Config -->
<system.web>
  ...
  <authentication mode="Windows />
  <identity impersonate="false />
  <authorization>
    <allow users="DOMAIN\user1" />
    <allow users="DOMAIN\user2" />
    <deny users="*" />
  </authorization>

现在有要求您在IIS站点/ web应用程序本身启用身份验证一个额外的安全组件。

Now there is an extra security component that requires you to enable authentication on the IIS site/webapp itself.

我脚本一个引导我们的窗口Server 2012的Web服务器，如何去完成在PowerShell中的IIS配置？

I'm scripting a bootstrap for our Window Server 2012 webserver, how to go about completing the configuration for IIS in Powershell?

注意：我会提供一个自我的答案

推荐答案

的的Web.Config 上述不会需要改变，这些设置仍然有效。问题是，IIS本身不听从这些设置，因为Windows身份验证已经在服务器级别被默认关闭。

The Web.Config stated above won't need to change, those settings are still valid. The problem is, IIS itself will not obey these settings since Windows Authentication has been turned off by default at the server level.

首先，确保你已经安装了Windows身份验证功能网​​络Windows的验证，和服务器管理工​​具 -IncludeManagementTools 。

First, ensure you have installed the Windows Authentication feature Web-Windows-Auth, and the Server Management tools -IncludeManagementTools.

Install-WindowsFeature "Web-Windows-Auth" -IncludeManagementTools ; 

接下来，让我们假设你已经已经处理创造了你的网站，命名为AuthSite，现在我想禁用匿名身份验证并启用Windows身份验证。

Next, let's assume you have already handled created your site, named "AuthSite", and now I want to disable anonymous authentication and enable Windows authentication.

Import-Module WebAdministration ;

# disable anonymous
Set-WebConfigurationProperty `
  -filter "/system.webserver/security/authentication/anonymousAuthentication" `
  -PSPath "IIS:\" `
  -location "AuthSite" `
  -name "enabled" `
  -value "False" ;

# enable Windows authentication
Set-WebConfigurationProperty `
  -filter "/system.webserver/security/authentication/windowsAuthentication" `
  -PSPath "IIS:\" `
  -location "AuthSite" `
  -name "enabled" `
  -value "True" ;

注： -PSPath 和 -Location 必须使用（不只是在全路径 -PSPath ），否则你会遇到一个锁定的部分问题： http://stackoverflow.com/ A /740575分之31416581

NOTE: -PSPath and -Location must be used (not just the full path on -PSPath), otherwise you will encounter a locked section issue: http://stackoverflow.com/a/31416581/740575

变化：假设你是刚刚在默认网站创建一个Web应用AuthWebApp，只需用更换-location默认/ AuthWebApp， -PSPath 可保持不变。

VARIATION: Suppose you are just creating a webapp "AuthWebApp" on the "Default" site, just replace with -location "Default/AuthWebApp", -PSPath can stay the same.

这篇关于如何使用PowerShell中的Windows Server 2012 IIS网站上启用Windows身份验证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！