ASP.NET / IIS 安全(Windows 身份验证)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6512752/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
ASP.NET / IIS Security (Windows Authentication)
提问by
This will probably turn out to be a doozie.
这可能会变成一个doozie。
I'm developing an application in ASP.NET to be put on our company's intranet site. I've been handed a specification in regards to security and have no idea how to do it.
我正在 ASP.NET 中开发一个应用程序,以放置在我们公司的 Intranet 站点上。我收到了有关安全性的规范,但不知道该怎么做。
First part: The application is to use Windows Authentication. This part seems easy enough; I opened IIS in Administrative Tools, right clicked the node of my website, properties and checked 'Integrate Windows Authentication'. However, I have no idea how I will govern which people have access to my site. I'm thinking this should be taken care of at the database level. This is Q#1
第一部分:应用程序将使用 Windows 身份验证。这部分看起来很简单;我在管理工具中打开 IIS,右键单击我网站的节点、属性并选中“集成 Windows 身份验证”。但是,我不知道我将如何管理哪些人可以访问我的网站。我认为这应该在数据库级别处理。这是Q#1
Second part -- I have to implement a process for the following scenario: User 'Jane' can log in to our network, but does not have rights to my application. User 'Bob' does have rights to use my application. Bob needs to be able to sit at Jane's computer (under her network account), but be able to enter his credentials into my application and use it (even though Jane is logged into the local machine and network). This is Q#2
第二部分——我必须为以下场景实施一个流程:用户“Jane”可以登录我们的网络,但无权访问我的应用程序。用户“鲍勃”确实有权使用我的应用程序。Bob 需要能够坐在 Jane 的计算机前(在她的网络帐户下),但能够将他的凭据输入我的应用程序并使用它(即使 Jane 已登录到本地计算机和网络)。这是Q#2
Any help, general direction, or advice would be appreciated. The winning lottery numbers would be appreciated even more.
任何帮助、一般方向或建议将不胜感激。中奖彩票号码将更受欢迎。
Thanks,
谢谢,
Jason
杰森
采纳答案by Brad Divine
You're looking for Windows Authentication and Authorization in ASP.NET
您正在 ASP.NET 中寻找 Windows 身份验证和授权
- How To Use Windows Auth in ASP.NET
- Authentication/Authorization Explained
- How To Implement Windows Auth in ASP.NET
Part 2...you're right, that's tough. You'll need to roll your own custom security provider. You'll have a login page, then check that against Active Directory yourself. From MSDN
第 2 部分......你是对的,这很难。您需要推出自己的自定义安全提供程序。您将拥有一个登录页面,然后自己对照 Active Directory 进行检查。来自MSDN
ASP.NET also supports custom solutions for using Windows authentication, which bypasses IIS authentication. For example, you can write a custom ISAPI filter that checks the user's credentials against Active Directory. With this approach you must manually create a WindowsPrincipal object.
ASP.NET 还支持使用 Windows 身份验证的自定义解决方案,它绕过 IIS 身份验证。例如,您可以编写自定义 ISAPI 过滤器,根据 Active Directory 检查用户的凭据。使用这种方法,您必须手动创建 WindowsPrincipal 对象。
回答by Dave Swersky
You've got requirements around authenticationand authorizationhere.
您在此处有关于身份验证和授权的要求。
Authentication: The act of confirming identity
Authorization: The act of correlating an identity to a privilege(eg Read/Write/Delete)
身份验证:确认身份的行为
授权:将身份与特权相关联的行为(例如读/写/删除)
Windows Authentication is useful if you want "auto-signon" capability. The site will "know" the user by ID without them having to sign in.
如果您需要“自动登录”功能,Windows 身份验证很有用。该网站将通过 ID“了解”用户,而无需他们登录。
The need for users to login from multiple locations means that you must implement a login page. This would fulfill your requirement in which one user may sit at another's workstation and log in.
用户需要从多个位置登录意味着您必须实现一个登录页面。这将满足您的要求,即一个用户可以坐在另一个用户的工作站上并登录。
You will want to authenticate users against the Windows domain. This can be done with a custom membership provider. Here's a walkthrough:
您需要针对 Windows 域对用户进行身份验证。这可以通过自定义成员资格提供程序来完成。这是一个演练:
http://msdn.microsoft.com/en-us/library/ms180890(v=vs.80).aspx
http://msdn.microsoft.com/en-us/library/ms180890(v=vs.80).aspx
This will allow you to present a login page that will authenticate users with their domain username and password. This will authenticateusers- the identity of the user will be stored in the HttpContext.User. You can then also maintain a user list in a database to store authorizationdata.
这将允许您显示一个登录页面,该页面将使用域用户名和密码对用户进行身份验证。这将对用户进行身份验证 -用户的身份将存储在HttpContext.User. 然后,您还可以在数据库中维护一个用户列表来存储授权数据。
回答by Dave Swersky
Also found this -- a pretty good resource for anybody out there who's in the same boat:
还发现了这个——对于在同一条船上的任何人来说,这是一个非常好的资源:
Mixing Forms and Windows Security in ASP.NET
在 ASP.NET 中混合窗体和 Windows 安全
