为什么发表时,我MVC3内部网站的Windows身份验证不起作用 [英] Why does my MVC3 Intranet site windows authentication not work when published
问题描述
我们在MVC3和Entity Framework一个简单的内部网站上。一切工作正常从视觉工作室在调试运行。当我发布网站要么我的本地盒IIS7.5网络服务器或者在同一域中的开发框,然后我得到提示输入用户名和密码,将无法连接到该网站。它只是返回一个错误401.1好奇地显示
We have a simple intranet site in MVC3 and entity framework. Everything works fine for running in debug from visual studio. When I publish the site to either my local boxes IIS7.5 webserver or to a dev box on the same domain, then I get prompted for a username and password and it won't connect to the site. It just returns a 401.1 error and curiously shows
Logon Method Not yet determined
Logon User Not yet determined
我已经验证的Windows身份验证启用匿名身份验证被禁用。该应用程序使用applicationPoolIdentity但我已经与无差别的网络服务尝试过。该webconfig包括
I have verified that the windows authentication is enabled and anonymous authentication is disabled. the application is using the applicationPoolIdentity but I have tried it with Network Services with no difference. The webconfig includes
<authentication mode="Windows" />
我也有和没有授权部分试了一下。
and I have tried it with and without the authorization section.
<authorization>
<allow users="*" />
</authorization>
唯一的其他东西我发现在网上涉及更改注册表项,但是这最终将是一个生产服务器上,所以我只为这不舒服更改注册表。
The only other thing I've found online involved changing a registry entry, but this will eventually be on a production server so I'm not comfortable making registry changes just for this.
本code座本地运行返回所有预期的信息
running locally with this code block returns all the expected information
<div id="title">
<h4> Environment.UserName: @Environment.UserName
@DateTime.Now.Millisecond.ToString() </h4>
@foreach (var role in Roles.GetRolesForUser())
{
role.ToString(); <br />
}
</div>
<div id="logindisplay">
Context.User.Identity.Name <strong>@Context.User.Identity.Name</strong>!<br />
@Environment.UserDomainName
</div>
这是一个MVC3 Web应用程序。 IIS身份验证交换机
It is an MVC3 Web Application. The IIS Authentication switches are
Anonymous Authentication Disabled
ASP.NET Impersonation Disabled
Forms Authentication Disabled
Windows Authentication Enabled
任何其他想法或事物我失踪?
Any other ideas or things I'm missing?
推荐答案
这在MSDN上介绍了如何设置一个IIS 7 MVC3内部网站:
http://msdn.microsoft.com/en-us/库/ gg703322(VS.98)的.aspx
This Article on MSDN illustrates how to setup an IIS 7 MVC3 Intranet Website: http://msdn.microsoft.com/en-us/library/gg703322(VS.98).aspx
这关系到你的有趣的部分是最有可能假冒最后一节。如果你运行你的网站为Windows身份验证,但有模拟关你会被读/使用经过验证的身份执行文件的网站。这意味着,谁愿意访问该网站的每个用户都需要的文件夹/文件的权限。
The interesting piece that relates to you is most likely the last section on Impersonation. If you run your site as Windows Authentication but have Impersonation off you will be reading/executing the files for the website using the authenticated identity. That means each user who wants to access the site will need folder/file permissions.
要避免这种情况,使用Windows身份验证,以允许用户进行身份验证,但使用模拟使用单一身份来访问该文件夹/文件。
To avoid that, use Windows Auth to allow users to authenticate but use Impersonation to use a single identity to access the folder/files.
这篇关于为什么发表时,我MVC3内部网站的Windows身份验证不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
