当整个应用程序使用 Windows Authenticaion 时,在单个控制器上使用 MVC4 中的匿名身份验证 [英] Use Anonymous authentication in MVC4 on single controller when the whole application uses Windows Authenticaion
问题描述
我有一个使用 Windows 身份验证的 MVC4 Web 应用程序,它在我的 web.config 中
这工作正常,一切正常.
I have an MVC4 Web application which uses Windows Authentication, that is in web.config I have
<authentication mode="Windows" />
And that works fine and everything is ok.
但是现在我需要一个控制器(实际上是一个 Web API 控制器),它应该可以从第三方组件匿名访问.问题是每次我想调用这个方法时,它都会请求用户凭据.
However now I need a controller (an Web API controller in fact) that should be accessed anonymously from a third party component. The problem is that every time I want to invoke this method it requests user credentials.
我尝试将 AllowAnonymous
属性放在控制器和方法上,但没有成功.
I tried putting AllowAnonymous
attribute to controller and methods but it was not successful.
<代码>[允许匿名]public bool Get(string Called, string Calling, string CallID, int direction)
我在启用匿名身份验证和 Windows 身份验证的情况下检查了 IIS Express 和 IIS 8.
I checked on both IIS Express and IIS 8 with Anonymous authentication and Windows authentication enabled.
似乎 Windows 身份验证先于任何其他身份验证,并且不能被覆盖.
It seems that windows authentication precedes any other authentication and cannot be overridden.
有没有办法做到这一点?
Is there a way to accomplish this?
推荐答案
将此添加到您的 Web.config.在这里,我的控制器名为WebhookController".
Add this to your Web.config. Here, my controller is named "WebhookController".
<location path="Webhook">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
编辑- 正如下面 Erik 提到的,在 MVC 应用程序中,您不应该使用 web.config <authorization>
标签来保证安全.相反,使用 [Authorize]
属性.这样做将使您的 [AllowAnonymous]
属性正常工作.您可以在此处阅读更多相关信息.
Edit
- As Erik mentioned below, in MVC applications you should not use web.config <authorization>
tags for security. Instead, use [Authorize]
attributes. Doing so will allow your [AllowAnonymous]
attributes to work correctly. You can read more about this here.
这篇关于当整个应用程序使用 Windows Authenticaion 时,在单个控制器上使用 MVC4 中的匿名身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!