IIS7 混合模式身份验证 [英] IIS7 Mixed Mode Authentication

问题描述

我们正准备开始将我们的一些 IIS6 站点迁移到 IIS7，并且该应用程序当前使用表单身份验证.我们已经开始收到来自各个站点的一些请求，以便为用户使用 Windows 身份验证.虽然这很容易实现(并且我已经在内部证明该应用程序没有问题，正如预期的那样)，但问题是如何在集成 Windows 不起作用时继续保持 Forms 身份验证.我已经看过几个关于如何在 IIS6 上配置它的演练，我可以在 IIS7 上做同样的事情，但是我必须打开经典模式处理.如果可能的话，任何解决方案都应该向后移植到 IIS6，以保持构建树的简单.

We're getting ready to start migrating some of our IIS6 sites to IIS7, and the application currently uses Forms Authentication. We have started getting some requests from various sites to use the Windows Authentication for the users. While this is easy enough to implement (and I've shown internally that there is no issue with the app, as expected) the question then is how to continue to keep Forms authentication for when Integrated Windows doesn't work. I've seen several walkthroughs on how to have it configured on IIS6, and I could do the same thing on IIS7, but then I have to turn on Classic Mode processing. Any solution should also be back portable to IIS6, if possible, to keep the build tree simple.

那么我有什么选择呢?我是否使用 IIS7 中的集成 Windows 身份验证、web.config 中的表单身份验证设置应用程序，并将 401 错误重定向到错误页面"，允许他们使用表单登录，然后返回常规应用程序?

So what are my options on this? Do I setup the app with Integrated Windows Authentication in IIS7, Forms Auth in the web.config, and redirect 401 errors to an "error page" allowing them to login using forms, then back to the regular app?

可能需要表单的情况将保留给合同工、我们的支持人员，以及如果有人需要从他们的 Extranet 在他们的网站上访问它.因此，主要是让我们的员工登录以检查功能并确认错误报告.我建议我们只是保持我们的支持人员工作，我们需要一个始终在线的 Windows 登录，然后我们将强制执行本地责任，即谁可以登录到该站点，但我被告知我们会这样做最好有表单身份验证.

The case when Forms is likely to be needed is going to be reserved for Contract workers, our support staff, and if someone needs to access it on their site from their Extranet. So primarily it's for our staff to login to check functionality and confirm bug reports. I suggested we just maintain that for our support staff to work, we need a Windows login that will always be live, and then we'll just enforce local responsibility on who can login to the site, but I'm told that we would do better to have Forms Authentication.

有什么想法吗?如果这有助于论坛更好地缩小我的需求，我可以发布一些我已经阅读过的文章的链接.

Any thoughts? I can post some of the links of the articles I've already read through if that would help the forum better narrow my needs.

tl;dr:如何在 IIS7 中进行混合模式身份验证(表单、窗口)而不更改为经典管道，并且如果可能的话仍然能够使用 IIS6 中的构建.

tl;dr: How to do mixed mode authentication (forms, windows) in IIS7 without changing to classic pipeline and still be able to use the build in IIS6 if possible.

推荐答案

不，这不太对，但我不能在评论回复中做代码块，所以我会发布一个新的答案......

No, that's not quite right, but I can't do a code block in a comment reply, so I'll post a new answer ...

下面的代码块允许我控制来自 IIS7 的匿名访问，而不必在元数据库中乱七八糟(在 IIS6 上应用 GUI 更改)

The following code block allows me to control anon access from IIS7 without having to muck about in the metabase (where GUI changes on IIS6 get applied)

<location path="WindowsLogin.aspx" >
    <system.web>
        <authorization>
            <deny users="?" />
            <allow users="*" />
        </authorization>
    </system.web>
    <system.webServer>
        <security>
            <authentication>
                <anonymousAuthentication enabled="false" />
                <windowsAuthentication enabled="true" />
            </authentication>
        </security>
    </system.webServer>
</location>

这篇关于IIS7 混合模式身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！