在IIS中CORS请求与Windows验证401响应启动 [英] 401 response for CORS request in IIS with Windows Auth enabled
问题描述
我想能够在我的WebAPI项目CORS支持,如果我启用匿名身份验证,然后一切工作正常,但与Windows验证+禁用匿名身份验证,OPTIONS请求发送总是返回401未经授权的响应。要求该网站是在域所以应该能够拨打电话,有没有什么办法来解决这个问题没有禁用Windows身份验证?
I'm trying to enable CORS support in my WebAPI project, and if I enable Anonymous Authentication then everything works fine, but with Windows Auth + disabled anonymous authentication, the OPTIONS request sent always returns a 401 unauthorized response. The site requesting it is on the DOMAIN so should be able to make the call, is there any way to get around the issue without disabling Windows Authentication?
推荐答案
从MS:
如果您禁用匿名身份验证,这是由设计,IIS会返回一个401的任何请求。如果他们启用了Windows身份验证,在这种情况下,401响应将有一个WWW-Authenticate头允许客户端启动一个认证握手。那么问题就变成无论是客户使用可以做Windows身份验证或没有客户端。
If you disable anonymous authentication, it’s by design that IIS would return a 401 to any request. If they have enabled Windows auth, the 401 response in that case would have a WWW-Authenticate header to allow the client to start an authentication handshake. The question then becomes whether the client that the customer is using can do Windows authentication or not.
最后,好像有可能是关于是否可能或不配置URL,从而允许匿名访问一个动词(选择,在这种情况下)一个潜在的问题,但需要其他动词Windows身份验证。 IIS不会通过简单的配置支持这一点。它有可能通过启用匿名和Windows身份验证,设置拒绝访问的匿名用户对内容的访问控制列表,然后配置处理程序映射有问题的URL来获得这一行为,使其不验证的存在与URL相关联的文件。但它会采取一些上场与它证实了这一点。
Finally, it seems like there might be an underlying question about whether it’s possible or not to configure a URL such that anonymous access is allowed for one verb (OPTIONS, in this case), but require Windows authentication for other verbs. IIS does not support this through simple configuration. It might be possible to get this behavior by enabling both Anonymous and Windows authentication, setting ACLs on the content that deny access to the anonymous user, and then configuring the handler mapping for the URL in question so that it does not verify the existence of the file associated with the URL. But it would take some playing with it to confirm this.
这篇关于在IIS中CORS请求与Windows验证401响应启动的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
