使用 Windows 身份验证对 ASP.NET 应用程序的子文件夹禁用身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2713192/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Disable authentication on subfolder(s) of an ASP.NET app using windows authentication
提问by Bert Vandamme
Is it possible to disable windows authentication on one or more subfolders of an ASP.net application using windows authentication?
是否可以使用 Windows 身份验证对 ASP.net 应用程序的一个或多个子文件夹禁用 Windows 身份验证?
For example:
例如:
A website contains several other folders that contain parts of the overall application: /frontend, /backend, /login
一个网站包含几个其他文件夹,这些文件夹包含整个应用程序的部分:/frontend、/backend、/login
The bin folder is on the same level as these subfolder, i.e. the root of the website.
bin 文件夹与这些子文件夹位于同一级别,即网站的根目录。
All of these subfolders contain pages that use binaries that reside in the bin folder of the root of the website.
所有这些子文件夹都包含使用位于网站根目录的 bin 文件夹中的二进制文件的页面。
The user must input windows credentials when visiting a page in the backend folder, but not when visiting a page in the login or frontend folder.
用户在访问后端文件夹中的页面时必须输入 Windows 凭据,但在访问登录或前端文件夹中的页面时则无需输入 Windows 凭据。
I'm using IIS7
我正在使用 IIS7
Any ideas?
有任何想法吗?
回答by Bert Vandamme
Found a solution:
找到了解决办法:
Adjusted the applicationHost.config file and changed the "overrideModeDefault" to "Allow" for the anonymousAuthentication en windowsAuthentication section entries
<section name="anonymousAuthentication" type="System.WebServer.Configuration.AnonymousAuthenticationSection" overrideModeDefault="Allow" /> <section name="windowsAuthentication" type="System.WebServer.Configuration.WindowsAuthenticationSection" overrideModeDefault="Allow" />Added location tags in the web.config for every folder / file that needed to be excluded from windows authentication
<location path="pathToDirOrFile"> <system.webServer> <security> <authentication> <anonymousAuthentication enabled="true" /> <windowsAuthentication enabled="false" /> </authentication> </security> </system.webServer> </location>Made sure each one of those folders contained a separate web.config file that disables identity impersonation
<configuration> <system.web> <identity impersonate="false" /> </system.web> </configuration>
调整了 applicationHost.config 文件并将 anonymousAuthentication en windowsAuthentication 部分条目的“overrideModeDefault”更改为“Allow”
<section name="anonymousAuthentication" type="System.WebServer.Configuration.AnonymousAuthenticationSection" overrideModeDefault="Allow" /> <section name="windowsAuthentication" type="System.WebServer.Configuration.WindowsAuthenticationSection" overrideModeDefault="Allow" />在 web.config 中为需要从 Windows 身份验证中排除的每个文件夹/文件添加了位置标记
<location path="pathToDirOrFile"> <system.webServer> <security> <authentication> <anonymousAuthentication enabled="true" /> <windowsAuthentication enabled="false" /> </authentication> </security> </system.webServer> </location>确保这些文件夹中的每一个都包含一个单独的 web.config 文件,以禁用身份模拟
<configuration> <system.web> <identity impersonate="false" /> </system.web> </configuration>
回答by Darin Dimitrov
NTLM authentication is usually configured in IIS so you could switch back to anonymous authentication for those folders.
NTLM 身份验证通常在 IIS 中配置,因此您可以为这些文件夹切换回匿名身份验证。
