在 IIS 7.5 上为使用 Windows 身份验证的 ASHX 处理程序启用 PUT [英] Enabling PUT on IIS 7.5 for an ASHX handler using Windows Authentication
问题描述
我有一个 ASP.NET (.NET 4) 网站,它使用 http PUT 作为 .ashx 通用处理程序.PUT 调用源自 Silverlight 前端.在我的本地机器(Cassini Web 服务器)上的 VS 2010 中所有工作.
I have an ASP.NET (.NET 4) website that uses http PUT for an .ashx generic handler. The PUT call originates from a Silverlight front end. All works in VS 2010 on my local machine (Cassini web server).
然后我部署到一个 IIS7.5 Win Server 2008 R2 盒子.
Then I deployed to an IIS7.5 Win Server 2008 R2 box.
silverlight/网站很好,但是对 .ashx 处理程序的 PUT 调用会遇到 Windows 登录提示.
这是一个本地 Intranet,因此 Windows 身份验证(使用 NTLM 和协商提供程序)是唯一启用的身份验证.
The silverlight/website is fine, but PUT calls to the .ashx handler are met with a Windows Login Prompt.
This is a local intranet so Windows Authentication (with NTLM & Negotiate providers) is the only enabled authentication.
我已经听从了他的建议,现在我可以通过我的 .ashx 处理程序进行 PUT 调用.问题是只有 Web 服务器管理员组中的人员才能执行此操作.没有其他人可以.他们会遇到 windows 登录提示.
I've followed his suggestion and I can now make PUT calls via my .ashx handler. Problem is only folks in the Administrators Group of the web server can do this. No one else can. They are met with the windows login prompt.
知道这可能是什么吗?
我无法授予公司网络服务器上的每个人的管理员权限.毫无疑问,他们会砍掉我的一只手,在我面前吃掉那只手,然后把门给我看.
I can't give Everyone in the company Admin privileges on the webserver. They would no doubt cut off one of my hands, eat said hand in front of me, and then show me the door.
推荐答案
好的,我想通了.
以下是 IIS 7.5 中的关键配置元素:
Here are the key configuration elements in IIS 7.5:
- 在 Windows 身份验证/提供程序下 - NTLM 必须位于 Negotiate 之上
- 域用户需要对包含 ashx 处理程序的目录的写入权限
URL 授权未作为 Web 服务器上的角色启用.我添加了它,然后将它卡在 system.webServer 下的 web.config 中:
- Under Windows Authentication / Providers - NTLM had to be on top of Negotiate
- Domain Users needed write access to the directory containing the ashx handler
URL Authorization was not enabled as a role on the web server. I added it and then stuck this in the web.config under system.webServer:
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="*" verbs="GET,HEAD,POST,PUT,DELETE,DEBUG" />
</authorization>
</security>
(我会稍微调整一下,但现在可以了)
(I'll trim that down a bit, but for now it works)
我的整个system.webServer元素如下:
My entire system.webServer element is as follows:
<system.webServer>
<modules>
<remove name="WebDAVModule" />
</modules>
<defaultDocument>
<files>
<clear />
<add value="default.aspx" />
</files>
</defaultDocument>
<handlers accessPolicy="Read, Write, Execute, Script">
<remove name="WebDAV" />
<remove name="SimpleHandlerFactory-Integrated-4.0" />
<remove name="SimpleHandlerFactory-Integrated" />
<add name="SimpleHandlerFactory-Integrated" path="*.ashx" verb="GET,HEAD,POST,DEBUG,PUT" type="System.Web.UI.SimpleHandlerFactory" resourceType="Unspecified" requireAccess="Write" preCondition="integratedMode" />
<add name="SimpleHandlerFactory-Integrated-4.0" path="*.ashx" verb="GET,HEAD,POST,DEBUG,PUT" type="System.Web.UI.SimpleHandlerFactory" resourceType="Unspecified" requireAccess="Write" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="*" verbs="GET,HEAD,POST,PUT,DELETE,DEBUG" />
</authorization>
</security>
</system.webServer>
做到了.
这篇关于在 IIS 7.5 上为使用 Windows 身份验证的 ASHX 处理程序启用 PUT的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
