使用 c# 在 asp.net 中使用 windows 身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18061795/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using windows authentication in asp.net with c#
提问by Master Yoda
Im trying to understand how windows authentication works and how to implement it. Ive read quite a few articles and watched some quite length videos on youtube but i still cant my head around what needs to be added to my web.config file/ index.aspx page to make it work properly.
我试图了解 Windows 身份验证的工作原理以及如何实现它。我已经阅读了很多文章并在 youtube 上观看了一些相当长的视频,但我仍然无法理解需要添加到我的 web.config 文件/index.aspx 页面以使其正常工作的内容。
Here is the index.aspx page:
这是 index.aspx 页面:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
namespace asset_management_system
{
public partial class index1 : System.Web.UI.Page
{
DataAccessLayer dal = new DataAccessLayer();
protected void Page_Load(object sender, EventArgs e)
{
}
protected void loginBut_Click(object sender, EventArgs e)
{
string username = usernameTB.Text.Trim();
string password = passwordTB.Text.Trim();
try
{
using (SqlDataReader dr = dal.CheckLoginDetails(username))
{
//if username does not exist
if (!dr.Read())
{
MessageBox.Show("Invalid login details");
}
else
{
//if password matches the username then redirect to home page
if (dr[0].ToString() == password)
{
Session["username"] = username;
Response.Redirect("Home/home.aspx");
}
else
{
MessageBox.Show("Invalid login details");
}
}
}
}
catch (SqlException sqlex) { MessageBox.Show("There may be an issue with the server, please contact the administrator" +
" and provide this error message: " + sqlex); }
catch (Exception ex) { MessageBox.Show("error message: " + ex); }
}//end of loginBut_click method
}//end of class
}//end of namespace
And here is the web.config file
这是 web.config 文件
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<add name="Asset management System DBConnectionString" connectionString="Data Source=STEPHENP\SQLEXPRESS;Initial Catalog="Asset management System DB";Integrated Security=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</assemblies>
</compilation>
<authentication mode="Windows">
</authentication>
<identity impersonate="true"/>
</system.web>
</configuration>
采纳答案by Nexus23
You are confusing SQL authentication with Windows authentication.
您将 SQL 身份验证与 Windows 身份验证混淆了。
In order for this web page to work based on Windows authentication, your web.config needs
为了使此网页基于 Windows 身份验证工作,您的 web.config 需要
<authentication mode="Windows">
When you deploy your page to a web server, you need to disable anonymous authentication to restrict external users. Below is a snippet from an IIS7+ web server's authentication section:
将页面部署到 Web 服务器时,需要禁用匿名身份验证以限制外部用户。以下是 IIS7+ Web 服务器身份验证部分的片段:
If you need to program against logged in user or its group, you need to use the WindowsIdentityClass.
如果需要针对登录用户或其组进行编程,则需要使用WindowsIdentity类。
