Windows身份验证和一起窗体身份验证的ASP.NET [英] Windows Authentication and Forms Authentication together for ASP.NET

问题描述

我开发一个内部面临的应用程序，需要通过Windows身份验证自动验证用户身份，并回落到Forms身份验证。回退将出现在计算机上登录的用户组帐户（如营运中心）的情况。我很担心安全问题，其中一个用户可以欺骗的Windows身份验证帐户。难道你的任何一种设计模式，务实的理念都知道，将适合这种特定情况下？

I am developing an internally-facing application that needs to automatically authenticate users via Windows Authentication and fall back to Forms authentication. The fall back would occur in situations where the user on a computer logged in as a group account (such as an operations center). I'm concerned about security where a user could "spoof" the Windows Authentication account. Do any of you all know of a design pattern and pragmatic idea that would fit this specific scenario?

的技术限制：.NET 3.5的IIS 6（IIS 7目前是一个非首发在我们的环境）

Technical Constraints: .NET 3.5 on IIS 6 (IIS 7 is currently a non-starter in our environment)

谢谢！

推荐答案

有MSDN上的这里，这涉及一个自定义的401重定向在IIS中设置了 - 希望这是一些帮助。

There's an old article on MSDN here, which involves a custom 401 redirect set up in IIS - hopefully it's of some help.

这篇关于Windows身份验证和一起窗体身份验证的ASP.NET的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！