问题描述
比方说,我有一个使用Forms身份验证和典型的会员制的ASP.NET站点(MVC在这种情况下)。该网站同时允许认证和匿名用户。
Let's say I have an ASP.NET site (MVC in this case) that uses Forms authentication and a typical membership system. The site allows both authenticated and anonymous users.
当我松开网站作为一个私人测试我想在应用程序的顶部添加另一层安全,如简单的密码系统,例如。一旦用户通过安全的这一层,我还是希望我的窗体身份验证/会员制到位左右的测试者可以查看网站作为身份验证或匿名用户。
When I release the site as a private beta I want to add another layer of security on top of the application, like superuser's simple password system, for example. Once a user has passed this layer of security, I still want my forms authentication/membership system in place so beta testers can view the site as authenticated or anonymous users.
什么是最不显眼的方式来实现这一目标?我正在寻找,这将需要新的或修改code量最少最简单的解决方案。例如。我不想修改每个控制器来检查一个特殊的cookie。必须有一个更好的办法...
What's the most unobtrusive way to achieve this? I'm looking for the easiest solution that will require the least amount of new or modified code. E.g. I don't want to modify every controller to check for a special cookie. There must be a better way...
有一个的问题在这里,但它似乎有问题的网站(一旦公众)只会匿名请求,所以它并不一定比较我的情况。 This回答表明ServerFault使用的一些饼干系统,但也有关于如何它可能已被执行没有进一步的细节。
There's a very similar question here, but it seems the site in question (once public) will only serve anonymous requests, so it doesn't necessarily compare to my situation. This answer suggests ServerFault used some cookie system, but there are no further details about how it might have been implemented.
推荐答案
在服务器级别实现安全性,在IIS和Windows的Active Directory中添加账号/密码运行IIS服务器。
Implement security at server level, in IIS and add the accounts/passwords in Active Directory of Windows running the IIS server.
您不需要更改任何code的。
You won't need to change any of the code.
这篇关于什么是添加一个安全层为网站的内测中最不显眼的方式?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!