Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
154 views
in Technique[技术] by (71.8m points)

Windows Authentication for ASP.NET MVC 4 - how it works, how to test it

I have never used Windows Authentication for ASP.NET MVC web applications before, but Forms Authentication. Recently, I have had an ASP.NET MVC 4 web application that requires a Windows Authentication implementation for users who are granted to log in my company web server. So, I have some questions regarding Windows Authentication. I am using Visual Studio 2012.

  • How does Windows Authentication work?

  • How do I implement Windows Authentication correctly in the web.config file?

  • How do I test if the Windows Authentication really works for my ASP.NET MVC 4 web site? In other words, how do I test it on my local development PC with local IIS (version 8), and on my company real web server with IIS version 7?

question from:https://stackoverflow.com/questions/17224174/windows-authentication-for-asp-net-mvc-4-how-it-works-how-to-test-it

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

For IIS 8.5 and MVC 4:

How does Windows Authentication work?

In this mode, User.Identity (as in HttpContext.Current.User.Identity) is populated by the underlying web server. This might be IIS Express in the link from @R Kumar demonstrated, or full blown IIS as in the video by @Thomas Benz.

Specifically, User.Identity is a WindowsIdentity object. E.g. the following cast will work:

WindowsIdentity clientId = (WindowsIdentity)HttpContext.Current.User.Identity;

How do I implement Windows Authentication correctly in the web.config file?

  <system.web>
    <authentication mode="Windows" />
  ...

How do I test if the Windows Authentication really works for my ASP.NET MVC 4 web site? In other words, how do I test it on my local development PC with local IIS (version 8), and on my company real web server with IIS version 7?

First, change the ASP.NET authorization to exclude the current user. E.g.

  <system.web>
    <authentication mode="Windows" />
    <authorization>
      <allow users="yourdomainsomeotheruser" />
      <deny users="*" />
    </authorization>

Second, enable Windows Authentication for your site using IIS Manager. It's under the 'Authentication' feature. And disable anonymous authentication.

Note that older explanation will suggest you make changes under element of your site's web.config. However, recent IIS implementations prevent this for security reasons.

Three, point your browser at the webpage. The browser should ask you to provide credentials, because the current user is not allowed access to the website. Provide the ones that are authorized for the site, and your MVC code should run.

Four, check the user identity. E.g.

WindowsIdentity clientId = (WindowsIdentity)HttpContext.Current.User.Identity;

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...