使用 NT 用户名/密码对话框保护 ASP.NET 网站
我们已经在同一台 IIS (Windows 2003) 服务器上运行了网站的生产版本和开发版本。我们不希望外部所有人都可以使用开发版本。但我们也不想仅仅为了改变用户访问方式而更改身份验证系统或站点结构。
因此,当有人第一次尝试加载开发站点的网页时,最好显示类似 Windows 用户名/密码对话框的内容。如果该对话框接受服务器帐户的访问凭据,那就有意义了。成功提交 NT 用户名/密码后,用户应该能够加载开发网站的页面。
因此,基本上我们不想修改开发应用程序以接受 NT 用户名/密码进行登录。我们只是希望它受到保护,并且只有有权访问服务器本身的人才能访问。关于如何做到这一点有什么想法吗?
We've got a production and dev versions of the website running on the same IIS (Windows 2003) server. We don't want dev version to be available for everybody outside. But we also don't want to make changes to authentication system or site structure just to change the way users can access it.
So, it would be good to have something like windows usenrame/password dialog displayed first time someone tries to load the webpage of dev site. It would make sense if that dialog will accept access credentials of server accounts. After submitting successfully NT username/password, user should be able to load page of dev website.
So, basically we don't want to rework dev application to accept NT username/password for login. We simply want it to be protected and accessible only by persons that have access to the server itself. Any ideas on how this may be done?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我假设您使用的是 2.0,尽管大部分配置是相同的:
http://msdn.microsoft.com/en-us/library/ff647405.aspx
不必进行任何更改,只需将应用程序配置为使用 Windows 身份验证、拒绝匿名用户和可以选择指定允许访问的某些组。
I'm going to assume you're using 2.0, although much of the configuration is the same:
http://msdn.microsoft.com/en-us/library/ff647405.aspx
Shouldn't have to make any changes, just configure the application to use windows authentication, deny anonymous users and optionally specify certain groups that are allowed access.