Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
694 views
in Technique[技术] by (71.8m points)

iis 7 - IIS7 and Authentication problems

i've got a stock standard ASP.NET web site, deployed to our development machine (internal machine in our server room).

Now, this dev site can be accessed by both INTERNAL and EXTERNAL users. Now, in IIS6 we used to have it so that Anonymous Authentication was turned off and something else was turned on .. giving the users a popup model box for username and password. I think they had to type some username or password that was defined in a web.config file? (not their website account username/password)/

Now, with IIS7, when i turn Anon Auth off, and turn on Basic or Windows Auth, i get access to the site BUT it's trying to log me in with those credentials .. and not the account the user signed up with (using some stock standard asp.net webform page).

So ... is it possible to 'lock' the entire site and get the testers to get general access to the site .. which is different to their website username and password. Those usernames and passwords are for use in the site instead.

does that make sense?

cheers!


<authentication mode="Forms">
    <forms loginUrl="~/Pages/Login.aspx" protection="Validation" timeout="1000000000" requireSSL="false" slidingExpiration="true" defaultUrl="Default.aspx">
    </forms>
</authentication>

there is no authorization section.

also, when i add 'Digest Auth' to iis7 and enable that (and disable everythign else), i get the pop up window (kewl!) but i'm not sure what credentials i need to pass in. Where can i define those credentials manually (so they are seperate from the website's users) ??

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

IIS7 integrated mode does not support the two phase authentication that IIS6 does. Basically, IIS6 would perform its authentication (windows), followed by asp.net performing its authentication (forms). But with IIS7, everything is equal in integrated mode, so you can only have one or the other authentication methods.

You can either convert the app pool to use classic mode or follow this workaround to get it working with Integrated mode.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...