需要用户使用 NTLM 重新进行身份验证
我是 NTLM(web.config 中的authenication=“windows”),有一个 asp.net mvc 2.0 站点。
现在,一旦用户登录,他们就会一次保持登录状态数周。
该应用程序的使用正在向共享使用登录服务帐户的计算机的用户开放。
我需要网站每次重新提示每个用户输入 AD 凭据,以便处理这些用户。 (网站上的活动必须链接到唯一标识的用户。)
感谢您提供的任何帮助。
特雷·卡罗尔
I'm NTLM (authenication="windows" in the web.config) with an asp.net mvc 2.0 site.
Right now once a user logs in it keeps them logged in for weeks at a time.
The use of the application is being opened up to users who share computers that use logged in service accounts.
I need the site to reprompt each user for their AD credentials each time in order to handle these users. (Activity on the site must be linked to a uniquely identified user.)
Thanks for any help that you can provide.
Trey Carroll
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
执行此操作的一种方法是使用
HTTP 401 挑战
。原则是拒绝凭证,即使它们有效地强制所有用户(或某些取决于 AD 属性/代码参数...)重新输入其凭证。
您必须在响应中发送
HTTP 401
代码,以向浏览器表明不接受已发送的凭据。根据浏览器配置,您必须发送 1 到 3 个
401
响应(您可以使用 cookie 来处理计数器)来强制浏览器提示用户,因此最多计数 3。HTTP 的 NTLM 身份验证方案
IIS 身份验证
A way to do this is to handle the Http Authentication process using the
HTTP 401 challenge
.The principle is to refuse the credentials, even if they are valid to force all users (or somes depending on AD attributes/code parameters...) to retype their credentials.
You have to send
HTTP 401
codes in the response to indicate to the browser that the credentials which have been sent are not accepted.Depending on the browser configuration, you have to send 1 to 3
401
responses (you can use cookies to handle the counter) to force the browser to prompt the user, so count up to 3.NTLM Authentication Scheme for HTTP
IIS Authentication
我会更改应用程序以使用表单身份验证。您仍然可以根据 AD 验证凭据,但您将能够强制执行登录要求。
I would change the app to use Forms authentication instead. You can still validate the credentials against AD, but you'll be able to enforce the login requirements.
您能否确保他们只使用不自动支持 NTLM 的浏览器?例如,当我访问 Sharepoint 服务器时,我必须在 Firefox 中使用我的域凭据登录。
Can you make sure that they just use a browser that doesn't support NTLM automatically? For example when I go to our Sharepoint server I have to login with my domain credentials in Firefox.