IIS 7.5 Windows 身份验证失败并显示 401
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3263237/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
IIS 7.5 Windows Authentication failed with 401
提问by Dave
Since we moved from IIS 7.0 to IIS 7.5 the Windows Authentication doesn't work anymore from remote requests. If I open the website on the webserver everything works fine.
由于我们从 IIS 7.0 转移到 IIS 7.5,Windows 身份验证不再从远程请求工作。如果我在网络服务器上打开网站,一切正常。
web.config:
网络配置:
<authentication mode="Windows" />
<identity impersonate="true" />
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
IIS Settings:
IIS 设置:
Authentication (enabled): ASP.NET Impersonation, Windows Authentication (all others are disabled)
ApplicationPool: Managed Pipeline Mode -> Classic, Identity -> ApplicationPoolIdentity
Failed Request Trace:
失败的请求跟踪:
MODULE_SET_RESPONSE_ERROR_STATUS
ModuleName: WindowsAuthenticationModule
Notification: 2
HttpStatus: 401
HttpReason: Unauthorized
HttpSubStatus: 1
ErrorCode: 2148074254
ConfigExceptionInfo:
Notification: AUTHENTICATE_REQUEST
ErrorCode No credentials are available in the security package (0x8009030e)
Any suggestions?
有什么建议?
采纳答案by Dave
We had a two-hop problem I think. If I move our SQL/Oracle DB to the server which is running IIS it works.
我认为我们有一个两跳的问题。如果我将我们的 SQL/Oracle DB 移动到运行 IIS 的服务器,它就可以工作。
So here is an article to which describes a solution.
所以这是一篇描述解决方案的文章。
How to configure SQL and IIS for two hop kerberos authentication 2
如何为两跳 kerberos 身份验证配置 SQL 和 IIS 2
or SSRS Reportviewer ASP.NET Credentials 401 Exception
或 SSRS Reportviewer ASP.NET 凭据 401 异常
Thanks
谢谢
回答by Carlos Aguilar Mares
Which client are you using? you might be running a client that is trying to pre-authenticate, but in IIS 7 we use Kernel Mode authentication by default which requires a challenge. If that is the case you can disable Kernel Mode auth by selecting the Windows Authentication entry and clicking Advanced Settings, you should see a checkbox that allows you to Disable that for the specific application and it should work if this is the problem.
你用的是哪个客户端?您可能正在运行一个尝试预身份验证的客户端,但在 IIS 7 中,我们默认使用内核模式身份验证,这需要质询。如果是这种情况,您可以通过选择 Windows 身份验证条目并单击高级设置来禁用内核模式身份验证,您应该看到一个复选框,允许您为特定应用程序禁用它,如果这是问题,它应该可以工作。
