问题描述
我正在尝试在工作中设置一个内部网,它将使用我们的Active目录
来授权我们的用户。我们还希望他们从外面(例如在家)的
访问该网站,并通过我们的Active Directory进行身份验证。
我们不要''我想设置一个单独的Sql设置。
我试图像这样设置我的Web.config文件:
*** *********************************************** *** *****
<?xml version =" 1.0"编码= QUOT; UTF-8英寸?>
< configuration>
<! - DYNAMIC DEBUG COMPILATION
设置编译debug =" true" ;将调试符号(.pdb
信息)
插入编译页面。因为这会创建一个更大的文件,而b / b
执行速度更慢,所以只有在调试
和
其他所有时间都是
false。有关更多信息,请参阅
文档,了解
调试ASP.NET文件。
- >
< compilation defaultLanguage =" vb"调试= QUOT;真" />
<! - 自定义错误消息
设置customErrors mode =" On"或者RemoteOnly或RemoteOnly。启用自定义错误
消息,关闭消息禁用。
添加<错误>您要处理的每个错误的标签。
- >
< customErrors mode =" Off" />
<! - AUTHENTICATION
此部分设置应用程序的身份验证策略。
可能的模式是Windows,
" Forms"," Passport"和无
- >
<身份验证模式=" Windows" />
<! - 授权
本节设置应用程序的授权策略。
您可以允许或拒绝用户或角色访问应用程序资源的
。通配符:*意思是
每个人,?表示匿名
(未经身份验证的)用户。
- >
< authorization>
允许用户= " * QUOT; />
< / authorization>
<! - 应用程序级别跟踪记录
应用程序级别跟踪为每个页面启用跟踪日志输出
在应用程序中。
设置跟踪启用=" true"启用应用程序跟踪日志记录如果
pageOutput =" true",
跟踪信息将显示在每个页面的底部。
否则,您可以查看
应用程序跟踪日志,浏览trace.axd您的
网络应用程序页面
root。
- >
< trace enabled ="假QUOT; requestLimit = QUOT; 10" pageOutput =" false"
traceMode =" SortByTime"设置LocalOnly ="真" />
<! - 会话状态设置
默认情况下,ASP.NET使用cookie来识别哪些请求属于某个特定的
会话。
如果没有cookie,可以通过向URL添加
会话标识符来跟踪会话。
要禁用cookie, set sessionState cookieless =" true"。
- >
< sessionState
mode =" InProc"
stateConnectionString =" tcpip = 127.0.0.1:42424"
sqlConnectionString =" data source = 127.0.0.1; user id = sa; password ="
cookieless =" false"
timeout =" 20"
/>
<! - 全球化
此部分设置应用程序的全球化设置。
- >
< globalization requestEncoding =" utf-8"的ResponseEncoding = QUOT; UTF-8英寸/>
< /system.web>
< / configuration>
*** *********************************************** *** ******
我还将Web应用程序设置为集成Windows安全性。
但是当我尝试访问第一页时,它让我没有问我的
凭证。
我还需要做些什么才能让它发挥作用?
谢谢,
Tom
I am trying to set up an intranet at work that will use our Active directory
to authorize our users. We also want them to access the site from the
outside (such as at home) and also be authenticated by our Active Directory.
We don''t want to set up a separate Sql setup.
I tried to set up my Web.config file like so:
************************************************** ********
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to insert debugging symbols (.pdb
information)
into the compiled page. Because this creates a larger file that
executes
more slowly, you should set this value to true only when debugging
and to
false at all other times. For more information, refer to the
documentation about
debugging ASP.NET files.
-->
<compilation defaultLanguage="vb" debug="true" />
<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom error
messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.
-->
<customErrors mode="Off" />
<!-- AUTHENTICATION
This section sets the authentication policies of the application.
Possible modes are "Windows",
"Forms", "Passport" and "None"
-->
<authentication mode="Windows"/>
<!-- AUTHORIZATION
This section sets the authorization policies of the application.
You can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
allow users="*" />
</authorization>
<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page
within an application.
Set trace enabled="true" to enable application trace logging. If
pageOutput="true", the
trace information will be displayed at the bottom of each page.
Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your
web application
root.
-->
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong
to a particular session.
If cookies are not available, a session can be tracked by adding a
session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user id=sa;password="
cookieless="false"
timeout="20"
/>
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
</configuration>
************************************************** *********
I also set the Web Application to Integrated Windows security.
But when I try to access first page, it lets me without asking my
credentials.
What else do I need to do to get this to work?
Thanks,
Tom
推荐答案
实际上,拒绝应该是第一个。 ASP.NET的工作方式是它只需要处理规则,直到达到成功的规则为止。由于你列出了
允许users =" *",这意味着允许所有人,该规则将首先评估
,因为这将成功,它将不会评估
拒绝未经身份验证的用户的第二条规则。
Actually, the deny should be first. The way ASP.NET does things is that it
only processes rules until it reaches one that succeeds. Since you list
allow users="*", which means allow everybody, that rule will be evaluated
first, and since this will succeed, it will not evaluate the second rule to
deny unauthenticated users.
它只处理规则,直到达到成功的规则。既然你列出了
allow users =" *",这意味着允许每个人,那么该规则将首先被评估,并且由于这将成功,它将不会评估第二个规则
to否认未经验证的用户。
it only processes rules until it reaches one that succeeds. Since you list
allow users="*", which means allow everybody, that rule will be evaluated
first, and since this will succeed, it will not evaluate the second ruleto deny unauthenticated users.
我做了更改(有一个小错误,哪里是缺少左边
角支架)但是我我仍然可以通过Windows的任何
登录屏幕进入主页。
还有什么我需要做的吗?
请记住,我在家并尝试登录,因此应该要求进行
登录。
谢谢,
Tom
I did make the change (there was a small error where is was missing the left
angle bracket) but I am still able to get to the home page with out any
logon screen from windows.
Is there something else I need to do?
Remember, I am at home and trying to log on, so it should be asking be for a
logon.
Thanks,
Tom
这篇关于Windows授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!