Web应用程序使用窗口域帐户进行身份验证 [英] Web application to use window domain accounts for authentication
问题描述
如果你有一个Web应用程序,它会在网络中运行,它是有道理的,它支持Windows身份验证(活动目录?)。
If you have a web application that will run inside a network, it makes sense for it to support windows authentication (active directory?).
难道是有意义的使用AD的安全模型为好,否则我会让我有些管理员将不得不为每个用户配置自己的角色/安全模块?
Would it make sense to use AD security model as well, or would I make my own roles/security module that some admin would have to configure for each user?
我从来没有处理Windows安全之前,让我很困惑,我应该如何处理安全性在Windows网络中运行的Web应用程序。
I've never dealt with windows security before, so I am very confused as to how I should be handling security for a web application that runs within a windows network.
我想有2大点我必须解决:
I guess there are 2 major points I have to tackle:
1. authentication
2. authorization
我有一个最佳实践想说处理授权自己,但使用AD验证正确的感觉?
I have a feeling that best-practice would say to handle authorization myself, but use AD authentication right?
推荐答案
基本上窗口处理一切,你永远不会存储用户名和密码,AD和IIS为你做所有的工作
Basically windows handles everything, you never store usernames or passwords, AD and IIS do all the work for you
添加到您的的web.config
<system.web>
...
<authentication mode="Windows"/>
...
</system.web>
要配置Windows身份验证
To configure Windows authentication
- 在启动Internet信息服务 (IIS)。
- 右键单击您 应用程序的虚拟目录, 然后单击属性。
- 点击 目录安全性选项卡。
- 在 匿名访问和验证 控制,单击编辑。
- 确认 匿名访问复选框不可 选择和集成Windows 认证是唯一入选 复选框
- Start Internet Information Services (IIS).
- Right-click your application's virtual directory, and then click Properties.
- Click the Directory Security tab.
- Under Anonymous access and authentication control, click Edit.
- Make sure the Anonymous access check box is not selected and that Integrated Windows authentication is the only selected check box.
您可以再处理的业务或授权使用的web.config 了。例如:
You can then deal with the business or authorization using web.config again. for example
<authorization>
<deny users="DomainName\UserName" />
<allow roles="DomainName\WindowsGroup" />
</authorization>
在这里阅读更多: http://msdn.microsoft.com/en-美国/库/ ms998358.aspx
这篇关于Web应用程序使用窗口域帐户进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
