问题描述
在提出这个问题之前,我已经尽力在网上搜索.我已经在stackoverflow上看到了类似的问题,但是很长一段时间以来,都没有令人满意的答案.这是使该重复出现的问题得到解答的另一种尝试.
I have tried my best to search the web before asking this question. I've seen similar questions on stackoverflow, however, none has been answered satisfactorily for a long time now. This is one more attempt to get this recurring question answered.
问题
如何构建一个ASP.NET MVC 5网站,该网站对Intranet用户使用"Windows Auth",对Internet用户使用"Forms Auth"?我们希望使用ASP.NET Identity来完成此任务.此外,我们不想使用Active Directory组进行授权.对于Intranet用户,我们希望使用Active Directory对其进行身份验证,然后使用ASP.NET Identity来管理其角色和其他配置文件数据.
How to build an ASP.NET MVC 5 website which uses "Windows Auth" for Intranet users and "Forms Auth" for Internet users? We'd like to accomplish this using ASP.NET Identity. Moreover, we don't want to use Active Directory Groups for authorization. For Intranet users, we want to authenticate them using Active Directory and then fall back to ASP.NET Identity to manage their roles and other profile data.
如果我们不要求最终用户选择auth方法,那就太好了.该Web应用程序应无缝登录Intranet用户.他们甚至不应该知道有一个登录屏幕.同样,不应要求互联网用户输入其域凭据.他们应该立即看到基于表单的登录屏幕.
It'll be nice if we don't ask the end user to choose auth method. The web app should log in intranet users seamlessly. They shouldn't even know that there is a login screen. Likewise, the internet users shouldn't be asked to enter their domain credentials. They should see form based login screen right away.
是否有解决此问题的建议方法?还是您可以评论以下任何一种合适的解决方案?
Is there any recommended way of solving this? Or could you comment if any of the following are proper solutions?
http://world.episerver.com/blogs/Dan-Matthews/Dates/2014/8/Mixing-Forms-and-Windows-Authentication/
https://github.com/MohammadYounes/MVC5-MixedAuth
http://mvolo.com/iis-70-具有表单身份验证和Windows身份验证的二级身份验证/
仅供参考,这是2004年的文章,现在可能无济于事: https://msdn.microsoft.com/en-us/library/ms972958.aspx
FYI This is 2004 article, may not be helpful now:https://msdn.microsoft.com/en-us/library/ms972958.aspx
推荐答案
IIS配置
在整个站点的IIS中启用匿名身份验证状态,并在根目录下的某些文件夹中启用Windows身份验证(例如,/WindowsLogin).在此文件夹中放置aspx文件(对于WebForms项目)或创建ApiController(对于MVC项目).
IIS configuration
Enable Anonymous Authentication status in IIS for the whole site and Windows Authentication for some folder under root directory (for example, /WindowsLogin). In this folder place aspx file (for WebForms project) or create ApiController (for MVC project).
站点设置
在登录页面上,添加按钮使用Windows/ActiveDirectory帐户登录"(与通常的做法类似,添加按钮使用Twitter,Facebook,Gmail等登录).当用户按下此按钮时,它们将被重定向到/WindowsLogin文件夹中的页面或控制器,这需要Windows身份验证.如果站点使用某些单一登录"功能,请在该页面或控制器中找到它,在其他情况下,只需将Windows用户的会话保存在那里.如果用户访问了该页面或控制器,则他们已经被身份验证为Windows用户.
Site setup
On login page add button "Login with Windows/ActiveDirectory account" (in similar way as it is common practice to add buttons Login with Twitter, Facebook, Gmail, etc.). When user presses this button, they will be redirected to the page or controller in /WindowsLogin folder, which require Windows authentication. If site uses some Single Sign-On functionality, locate it in that page or controller, in other case just save Session for Windows users there. If user accessed that page or controller, they had been authenticated as Windows users already.
这篇关于ASP.NET身份+ Windows身份验证(混合模式-窗体+ Windows)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!