如何处理 ASP.NET 身份验证
我有以下问题: 我想使用 asp.net 页面保护对 IIS 下托管的某些文件的访问。 该页面将从另一个应用程序调用:
var request = WebRequest.Create("www.smth.com/protectData.aspx")
as HttpWebRequest;
request.Credentials = new NetworkCredentials("john doe", "john");
request.PreAuthenticate = true;
var response = request.GetResponse();
如何读取被调用页面 (protectData.aspx) 上发送的凭据?
我已经准备好代码来验证凭据...我尝试实现自定义成员资格,但 HttpContext.Current.User
为空。 aspx 页面托管在一个 Web 应用程序中,该应用程序托管一个经过身份验证的 WCF 服务 自定义政策:
system.serviceModel>
serviceAuthorizationprincipalPermissionMode="自定义"
授权策略
添加policyType =“CustomPolicy.CustomPolicy,CustomPolicy”/>
授权策略
系统.serviceModel
对于 aspx 页面,我现在没有适当的安全措施,基本上我只想从请求中获取凭据并使用现有代码验证它们。
任何帮助表示赞赏, 阿德里安
I have the following problem:
I want to protect the access to some files hosted under IIS using an asp.net page.
The page will be called from another application using:
var request = WebRequest.Create("www.smth.com/protectData.aspx")
as HttpWebRequest;
request.Credentials = new NetworkCredentials("john doe", "john");
request.PreAuthenticate = true;
var response = request.GetResponse();
How to read the credentials sent on the called page (protectData.aspx)?
I have code in place in order to validate the credentials... I've tried implementing custom membership, but HttpContext.Current.User
is null.
The aspx page is hosted in a web application which hosts a WCF service authenticated with
custom policy:
system.serviceModel>
serviceAuthorization principalPermissionMode="Custom"
authorizationPolicies
add policyType="CustomPolicy.CustomPolicy, CustomPolicy" />
authorizationPolicies
system.serviceModel
For aspx pages I have no security in place for now, basically I want just to get the credentials from request and validate them using existing code.
Any help is appreciated,
Adrian
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你基本上有两个选择。您可以使用 HTTP 传输身份验证或基于表单的身份验证。
对于传输身份验证,您必须设置 IIS 来保护客户端尝试访问的资源。该资源可以是您的文件,也可以是 ASPX 页面。然后,ASPX 页面将能够读取 HttpContext.Current.User 变量,并能够决定该用户是否可以访问该资源。
对于基于表单的身份验证,IIS 不需要对请求进行身份验证。相反,您可以将表单发布到网络表单,然后该表单可以查看请求中的用户名/密码并决定是否允许访问。
基于表单的身份验证 (FBA) 的一种变体是在 POST 正文中发布用户名/密码,然后 ASPX 页面可以读取、解码并决定是否允许访问。
You basically have two options. You can use HTTP Transport authentication, or Forms Based Authentication.
For Transport authentication, you will have to setup IIS to protect the resource that the client is trying to access. This resource can be your file, or the ASPX page. The ASPX page will then be able to read the HttpContext.Current.User variable, and be able to decide if that user can access the resource.
For Forms Based Auth, IIS does not need to authenticate the request. Instead, you do a Forms post to a webform that can then look at the username/password in the request and decide whether to allow access or not.
A variation of Forms Based Auth (FBA) is to post the username/password in the POST body, that the ASPX page can then read, decode, and decide whether to allow access.