IIS 7和Windows身份验证 [英] IIS 7 and Windows Authentication

问题描述

我们有Windows 2008服务器它承载许多企业内部网的网站上运行IIS 7。我们希望使用Windows身份验证的网站和它的URL将被的http：//支付

We have IIS 7 running on the Windows 2008 Server which hosts many intranet websites. We want to use windows authentication for the website and its url will be http://pay

所以，我添加了C：\\的Inetpub \\薪文件夹并将其绑定到IIS7结果。
禁用匿名身份验证模式。
启用Windows身份验证模式。

So, I add the C:\InetPub\pay folder and bind it to the IIS7.
Disable the Anonymous Authentication mode. Enable the Windows Authentication mode.

当我访问该网站的 HTTP：从其他计算机//付费，我得到的消息

When I access the website http://pay from the other computer, I got the message that

未经授权您没有权限查看该目录或页面
  使用您提供的凭据。

Unauthorized You do not have permission to view this directory or page using the credentials that you supplied.

所以，我去了Windows资源管理器，并添加本地\\ IUSR 帐户，并提供访问该文件夹。但我仍然得到了同样的错误。

So, I go to the Windows Explorer and Add the Local\IUSR account and give access to the folder. But I still got the same error.

最后，我加的每个人帐户，并提供访问该文件夹。这一次，它的工作原理和Windows身份验证也运作良好。

Finally, I added Everyone account and give access to the folder. This time, it works and windows authentication is also working well.

我恐怕是这样的，它打开读取访问给大家的\\ MyServer的\\ C $ \\的Inetpub \\文件夹中的薪酬？它包含其中包含服务器和用户凭据web.config中，这将是大的安全漏洞。

What I am afraid is that, does it open the read access to Everyone to the \MyServer\C$\Inetpub\pay folder? It contains the web.config which contains server and users credential and it would be the big security breach.

我如何能实现使用的 Windows身份验证没有给访问的每个人帐户？

How can I achieve to use Windows Authentication without giving access to Everyone account?

先谢谢了。

推荐答案

我相信你，你找什么IIS_IUSRS组，你应该使用Windows身份验证时授予读访问您的网站的文件夹。你试过IUSR帐户将在匿名身份验证的情况下使用。

I believe what you you're looking for is the IIS_IUSRS group which you should give read access to your website folders when using Windows Authentication. The IUSR account you tried would be used in an Anonymous Authentication scenario.

更多信息：
理解内置用户和组帐户在IIS 7

这篇关于IIS 7和Windows身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！