runAllManagedModulesForAllRequests = “真"在 IIS7 中杀死 Windows 身份验证 [英] runAllManagedModulesForAllRequests = "true" killing windows authentication in IIS7
问题描述
我们在暂存服务器上为我们的客户设置了 Windows 身份验证,以帮助防止谷歌将我们的暂存 URL 编入索引.我们最近发现我们的一个站点似乎忽略了我们的 IIS 设置(匿名身份验证已禁用,Windows 身份验证已启用).我们最终发现删除模块节点上的设置 runAllManagedModulesForAllRequests="true"(这是我们在站点上重写 URL 所必需的)解决了这个问题,并且当我们浏览到该站点时,Windows 登录/密码框会按预期显示.如果我们保留该设置,则该网站允许任何匿名用户浏览该网站.
We have windows authentication set up on our staging server for our clients to help prevent google from indexing our staging URLs. We recently found out that one of our sites is seemingly ignoring our IIS settings (anonymous authentication is disabled, windows authentication is enabled). We ended up figuring out that removing the setting runAllManagedModulesForAllRequests="true" on the modules node (which is required for our URL rewriting on the site) fixes the issue and the windows login/password box appears as expected when we browse to the site. If we keep the setting there, the site allows any anonymous user to browse the website.
我们如何在将 runAllManagedModulesForAllRequests 设置为 true 的同时关闭匿名身份验证?
How can we keep anonymous authentication off while keeping runAllManagedModulesForAllRequests set to true?
我们意识到我们有其他站点启用了此设置,并且 Windows 身份验证工作正常.这似乎只发生在我们的 ASPDotNetStorefront 网站中.我现在想知道应该在哪里检查导致此问题的原因 - 我的猜测是某种自定义身份验证模块,但我没有足够的知识来弄清楚从哪里开始调试.
We realized that we have other sites where this setting is on and windows authentication is working just fine. This only appears to happen in our ASPDotNetStorefront websites. I'm now wondering where I should check to see what is causing this issue - my guess is some sort of custom authentication module, but I don't have enough knowledge to figure out where to start debugging this.
推荐答案
我们发现通过将托管管道模式设置为Classic,显然会忽略web.config中的system.webServer节点,所以我们现在获取windows我们期望的登录提示.一些重写很可能不会起作用,但幸运的是,我们并不关心临时服务器上的这些特定重写,所以我们没问题.
We found that by setting the managed pipeline mode to Classic, it will obviously ignore the system.webServer node in the web.config, so we now get the windows login prompt as we expect. Some of the rewrites won't work most likely, but luckily we don't care about these particular rewrites on our staging server, so we are OK.
这篇关于runAllManagedModulesForAllRequests = “真"在 IIS7 中杀死 Windows 身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
