MVC3混合形式和Windows身份验证 [英] MVC3 mixed forms and Windows authentication

问题描述

我现在有一个由外部客户访问的内部网站上。因此，我设置了使用窗体身份验证。然而这是权力（我的老板）希望所有的域用户不输入自己的用户名和密码访问该站点。

I currently have an intranet site that is accessed by external customers. I therefore set this up using Forms Authentication. However the powers that be (my bosses) want all our domain users to not have to enter their username and password to access the site.

我已经做了一些或看书，一切似乎指向设置你改变使用WindowAuthenthication，然后从那里重定向页面WinLogin.aspx

I've done a bit or reading and everything seems to point to setting up a WinLogin.aspx page that you alter to use WindowAuthenthication and then redirect from there.

我有这样一个问题，因为我不喜欢把一个aspx形式在我的MVC应用程序的想法。

I have a problem with this as I don't like the idea of putting an aspx form in my mvc application.

谁能告诉我如何使用MVC严格控制器/动作设置没有第二个应用程序，实现混合身份验证？

Can anyone tell me how to achieve mixed authentication using a strictly MVC Controller/Action setup without a second application?

注：在一个IIS 7机器上运行MVC 3

NOTES: running MVC 3 on an IIS 7 box.

推荐答案

表单验证是不相关的文件的URL或物理结构。重要的是，一个URL最终应映射到服务器上的物理（或虚拟）的资源，并进行处理，并且被返回给用户。

Forms Authentication is not related to the URL or physical structure of your files. What matters is that a URL should ultimately map to a physical (or virtual) resource on the server, and be processed, and be returned back to the user.

因此​​，在某个地方每一个来电（每个HTTP请求，即使是那些对CSS和JavaScript文件）之间，你必须看到，如果当前用户有足够的权限访问与否。如果没有，那么你可能他重定向到的登录页。

Thus, somewhere in between for each incoming call (each HTTP request, even those for CSS and JavaScript files), you have to see if the current user has enough permission to access it or not. If no, then you might redirect him to the login page.

如果你愿意，你可以有一个像 /用户/ windowslogin 一个URL，其​​中用户是名称控制器和 windowslogin 是操作方法的名称。然后，您可以创建自定义的验证属性（喜欢的东西 [WindowsAuthentication] ）在 windowslogin 的行动，并在该属性（这在本质上是一个MVC过滤器），你可以看到，如果当前请求来自您的域内，如果是这样，聊到Active Directory进行身份验证或类似的东西，并在验证成功的情况下，使用创建一个身份验证cookie FormsAuthentication 类，其余的故事。

If you want, you can have a URL like /user/windowslogin where user is the name of the controller, and windowslogin is the name of your action method. Then you can create a custom authentication attribute (something like [WindowsAuthentication]) on your windowslogin action, and in that attribute (which is an MVC filter in essence), you can see if the current request comes from within your domain, and if so, talk to Active Directory for authentication or stuff like that, and on case of successful authentication, create an authentication cookie using FormsAuthentication class, and the rest of the story.

不过，我不认为这会是一件容易的事。其他人可能会推出更好的解决方案。

However, I don't think this would be an easy task. Others might introduce better solutions.

这篇关于MVC3混合形式和Windows身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！