IIS 7.5中的Windows身份验证失败 [英] Windows authentication failing in IIS 7.5
问题描述
我正在为我的公司构建一个简单的内部应用程序,它需要Windows身份验证才能提高安全性。禁用所有其他身份验证模式。我陷入了这样的情况:Internet Explorer会提示输入凭据3次,然后失败并出现此错误:
I'm building a simple internal application for my company, and it requires Windows Authentication for security. All other authentication modes are disabled. I'm stuck in a situation where internet explorer prompts for credentials 3 times, then fails with this error:
未授权
Not Authorized
HTTP错误401.请求的资源需要用户身份验证。
HTTP Error 401. The requested resource requires user authentication.
然后我创建了一个裸机-bones网站对此进行测试。我在IIS中创建了一个新站点,将其放在自己的端口(:8111,随机选择),在其中放置一个静态default.htm文件,禁用匿名身份验证,然后启用Windows身份验证。其他所有内容都保留默认设置。分配了端口号,因为我们在这台机器上有多个站点共享相同的IP。
I then created a bare-bones website to test this out. I created a new site in IIS, put it on its own port (:8111, chosen at random), put one static "default.htm" file in there, disabled anonymous authentication, then enabled windows authentication. Everything else was left at default settings. The port number was assigned because we have multiple sites on this machine all sharing the same IP.
以下是几种情况:
-
从网络服务器本身浏览到http:// localhost :8111 /工作
罚款
Browsing from the web server itself, to http://localhost:8111/ works fine
从另一台计算机浏览到http:// ServerIPaddress :8111 /
正常工作
Browsing from another computer, to http://ServerIPaddress:8111/ works fine
从另一台计算机浏览到http:// ServerName :8111 / FAILS
(请求凭据3次,然后给出401错误)
Browsing from another computer, to http://ServerName:8111/ FAILS (asks for credentials 3 times, then gives 401 error)
我一直在网上搜索并试图找到一个没有运气的解决方案。要么我没有找到它,要么我不太清楚我正在读什么。任何帮助将不胜感激。
I've been searching online and trying to find a solution with no luck thus far. Either I haven't found it, or I don't understand well enough what I'm reading. Any help would be greatly appreciated.
推荐答案
在与此同战2天后,在同事的帮助下制定出解决方案问题。以下是他写的内容:
Just worked out the solution with the help of a coworker after 2 days of fighting with this issue. Here is what he wrote:
Windows身份验证(Negotiate和NTLM)有2个提供程序。
当网站身份验证设置为Windows身份验证时,
突出显示Windows身份验证时,单击右窗格或IIS管理器上的Providers
链接并将NTLM移至顶部。通过
默认谈判是最重要的,这就是你获得
身份验证提示的原因。
There are 2 providers for Windows Authentication (Negotiate and NTLM). When setting the Website Authentication to Windows Authentication, while Windows Authentication is highlighted, click on the Providers link on the right pane or IIS Manager and move NTLM to the top. By default Negotiate is on top which is why you are getting an authentication prompt.
这篇关于IIS 7.5中的Windows身份验证失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
