IIS 7和Windows身份验证 [英] IIS 7 and Windows Authentication
问题描述
我们有Windows 2008服务器它承载许多企业内部网的网站上运行IIS 7。我们希望使用Windows身份验证的网站和它的URL将被的http://支付
We have IIS 7 running on the Windows 2008 Server which hosts many intranet websites. We want to use windows authentication for the website and its url will be http://pay
所以,我添加了C:\\的Inetpub \\薪文件夹并将其绑定到IIS7结果。
禁用匿名身份验证模式。
启用Windows身份验证模式。
So, I add the C:\InetPub\pay folder and bind it to the IIS7.
Disable the Anonymous Authentication mode.
Enable the Windows Authentication mode.
当我访问该网站的 HTTP:从其他计算机//付费,我得到的消息
When I access the website http://pay from the other computer, I got the message that
未经授权您没有权限查看该目录或页面
使用您提供的凭据。
Unauthorized You do not have permission to view this directory or page using the credentials that you supplied.
所以,我去了Windows资源管理器,并添加本地\\ IUSR 帐户,并提供访问该文件夹。但我仍然得到了同样的错误。
So, I go to the Windows Explorer and Add the Local\IUSR account and give access to the folder. But I still got the same error.
最后,我加的每个人帐户,并提供访问该文件夹。这一次,它的工作原理和Windows身份验证也运作良好。
Finally, I added Everyone account and give access to the folder. This time, it works and windows authentication is also working well.
我恐怕是这样的,它打开读取访问给大家的\\ MyServer的\\ C $ \\的Inetpub \\文件夹中的薪酬?它包含其中包含服务器和用户凭据web.config中,这将是大的安全漏洞。
What I am afraid is that, does it open the read access to Everyone to the \MyServer\C$\Inetpub\pay folder? It contains the web.config which contains server and users credential and it would be the big security breach.
我如何能实现使用的 Windows身份验证没有给访问的每个人帐户?
How can I achieve to use Windows Authentication without giving access to Everyone account?
先谢谢了。
推荐答案
我相信你,你找什么IIS_IUSRS组,你应该使用Windows身份验证时授予读访问您的网站的文件夹。你试过IUSR帐户将在匿名身份验证的情况下使用。
I believe what you you're looking for is the IIS_IUSRS group which you should give read access to your website folders when using Windows Authentication. The IUSR account you tried would be used in an Anonymous Authentication scenario.
更多信息:
理解内置用户和组帐户在IIS 7
这篇关于IIS 7和Windows身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!