在根下的网站托管应用程序配置子目录认证模式 [英] Configuring subdirectory authentication mode in applications hosted under root site

问题描述

在我的本地机器，我在多个网站合作，在默认网站IIS下运行它们。 HTTP：//本地主机/程序App1 / 这样我可以通过这种类型的URL访问网站。这里的结构：

On my local machine, I work on multiple web sites and run them under IIS under a "Default" web site. That way I can access the sites through this type of URL: http://localhost/App1/. Here's the structure:

LocalDev (site)
    App1 (application)
    App2 (application)
    App3 (application)

我遇到的问题是，在App1的，我想在程序App1的子目录中启用Windows身份验证，像这样的：

The problem I'm encountering is that in App1, I'm trying to enable Windows authentication on a subdirectory of App1, like this:

<configuration>
  <location path="internal">
    <system.web>
      <authentication mode="Windows"/>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
</configuration>

不幸的是，当我再尝试访问 HTTP：//localhost/App1/internal/url.aspx ，我得到这个错误：

这是使用注册为allowDefinition =应用程序级别之外'MachineToApplication'的节是错误的。这个错误可以通过未被配置为在IIS中应用程序的虚拟目录引起的。

It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.

程序App1 设置为一个应用程序，而不是一个虚拟目录。我试图改变我的machine.config允许任何地方更改身份验证部分：

App1 is set up as an application, not a virtual directory. I've tried changing my machine.config to allow changing the authentication section anywhere:

<configuration>
  <configSections>
    <sectionGroup name="system.web" type="System.Web.Configuration.SystemWebSectionGroup, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
      <section name="authentication" type="System.Web.Configuration.AuthenticationSection, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="Everywhere"/>
    </sectionGroup>
  </configSections>
</configuration>

什么我必须做让我的站点设置自己的身份验证模式？

What do I have to do to allow my sites to set their own authentication modes?

推荐答案

您需要在Web.config应用程序级别启用Windows身份验证，然后在文件夹级别进一步明确授权，允许所有用户在根和否认所有未经验证的内部文件夹中。

You need to enable Windows authentication at the application level in the Web.config, then further define authorization at the folder level, allowing all users at the root and denying all unauthenticated for the internal folder.

在IIS中，确保两个匿名身份验证和 Windows身份验证是为应用程序启用。然后，修改你的web.config如下：

In IIS, make sure both Anonymous Authentication and Windows Authentication are enabled for the application. Then, modify your Web.config as follows:

<configuration>
  <system.web>
      <authentication mode="Windows"/>
      <authorization>
        <allow users="*"/>
      </authorization>
  </system.web>
  <location path="internal" allowOverride="true">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>
</configuration>

这篇关于在根下的网站托管应用程序配置子目录认证模式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！