问题描述

我对IIS身份验证和ASPNET身份验证非常困惑.

这是有道理的，而且我确实知道为互联网用户构建的网站可以在IIS安全性中阻止匿名访问，并且可以在web.config中将身份验证模式设置为表单".

对于Intranet用户，在web.config中将IIS身份验证设置为集成的Windows身份验证"并且将身份验证模式设置为"windows"也很有意义.

以上几点对我来说很有意义，因为据我了解，当用户发出http请求时，首先IIS对用户进行身份验证，然后将请求移交给ASPNET Engine进行自身的身份验证和授权.我相信第二个身份验证是由web.config..m中的身份验证模式属性控制的，对吗?

如果以上理解有误，请纠正我.

另外，在web.config中将IIS身份验证设置为匿名"并将身份验证模式设置为"Windows"是否有意义?

谢谢!!
Rahul

Hi,
I am quite confused with IIS Authentication and ASPNET Authentication.

It makes sense and i do understand that a website builded for internet users can have Anonymous Access cheked in IIS security and to have Authentication mode set to "Forms" in web.config.

It also makes sense to have IIS Authentication set to "Integrated windows authentication" and Authentication mode set to "windows" in web.config for Intranet users.

Above points makes sense to me because as per my understanding..when user makes an http request, first IIS authenticate the user and than request is handed over to ASPNET Engine for its own authentication and authorization. I believe that this second authentication is what being controlled by Authentication mode attribute in web.config..m I right?

Please correct me if i am wrong in my above understanding.

Also, does it makes any sense to have IIS authentication set to Anonymous and Authentication mode set to "windows" in web.config???

Thanks!!
Rahul

推荐答案

这篇关于ASPNET身份验证/IIS身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！