“可选” Internet Explorer 的 Windows 集成身份验证
我正在编写一个在 IIS 7 中运行的 ASP.NET (MVC 3) Web 应用程序。它将由 Intranet 用户访问,可能来自 Web 服务器所在的同一 Windows 域,我希望它能够识别尽可能当前登录的 Windows 用户。但是,我从来不希望浏览器弹出身份验证对话框。所以,我想使用集成身份验证,但又不打扰用户。如果他们在 Firefox 中浏览或者他们的安全设置不允许自动登录或其他什么,那么就将他们视为匿名用户。有什么办法可以做到这一点吗?
I'm writing an ASP.NET (MVC 3) web app that's running in IIS 7. It will be accessed by intranet users, probably from the same Windows domain that the web server is in, and I'd like it to recognise the currently logged on Windows user whenever possible. However, I never want the browser to pop up the authentication dialog box. So, I want to use integrated authentication, but without bothering the user. If they're browsing in Firefox or their security settings don't allow automatic logon or whatever then just treat them as an anonymous user. Is there any way to do this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
并不真地。要启用集成身份验证,服务器需要向浏览器发送标头。大多数浏览器以两种方式之一响应此标头。他们要么像 IE 那样默默地使用正确的令牌进行响应,要么像 Firefox 或 IE 那样,如果由于集成身份验证已关闭或位于另一个域而无法生成正确的令牌,则会提示输入凭据。
您可以检测 FF 并做出不同的响应,但无法检测 IE 是否已关闭集成身份验证。
Not really. To enable integrated authentication, the server needs to send a header to the browser. Most browsers respond to this header in 1 of 2 ways. They'll either silently respond with the correct token, as IE does, or they'll prompt for credentials, as Firefox does or IE does if it can't generate the right token because integrated auth is off or it's on another domain.
You could detect FF and respond differently, but there is no way of detecting if IE has integrated auth switched off.