确实需要这方面的帮助,尝试了很多东西但没有想法。
我有一个托管在内部开发服务器上的网站,可供内部员工访问。
服务器设置是Windows 2008 R2,iis 7.5 sql 2008 Express。我使用活动目录进行身份验证。
在 Chrome 中,网站会加载,并自动记录我识别出的名字。
在 IE7 中查看该站点时,响应为:
“401 - 未经授权:由于凭据无效,访问被拒绝。
您无权使用您提供的凭据查看此目录或页面。”
我已尝试以下操作:
- 在 iis 中仅将 Windows 身份验证设置为启用(其余部分禁用)
- 将 NTLM 移至提供程序的顶部列表
- 将 Web 目录的完全控制权授予Everyone/IUSR/Network Service/DeafultAppPool ...列表继续
- 选中 ie 设置(选中启用集成 Windows 身份验证)
- IE7 中的用户身份验证设置为“仅在 Intranet 区域中自动登录”。 :
- 设置以下内容 网络配置:
- 已执行:
cscript adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"
我确信它不是浏览器设置,因为我在访问时已针对 AD 进行了身份验证IE7 中的内联网。
怎么了?我该如何修复它?
非常感谢
Really need help with this and tried lots of things and run out of ideas.
I have a site hosted on an internal development server, accessible for staff internally.
the server setup is windows 2008 R2, iis 7.5 sql 2008 express. Im authenticating using active directory.
in Chrome the site loads, and automatically logs me in recognising my name.
When viewing the site in IE7 the response is:
"401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied."
I have tried the following:
- in iis set only windows authentication to enabled (the rest disabled)
- Moved NTLM to the top of the providers list
- given full control to the web directory to Everyone/IUSR/Network Service/DeafultAppPool ...list goes on.
- checked ie settings (enable integrated windows authentication is checked)
- user authentication in IE7 is set to "automatic logon only in intranet zone".
- set the following in web.config:
<anonymousIdentification enabled="false" /><authentication mode="Windows" /><identity impersonate="false" />
- Executed:
cscript adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"
im convinced its not a browser setting as im authenticated against AD when i access the intranet in IE7.
what is wrong? how can i fix it?
Many thanks
发布评论
评论(3)
从 technet 文章中,http://technet.microsoft.com/en- us/library/cc754628(v=ws.10).aspx :
IE 使用 Kerberos,而不是像 Chrome 和 Firefox 那样依赖 NTLM。您必须按照以下步骤在 IIS7.5 中强制进行 NTLM 身份验证:
From the technet article, http://technet.microsoft.com/en-us/library/cc754628(v=ws.10).aspx :
IE is using Kerberos and not falling back on NTLM like Chrome and Firefox. You must force NTLM authentication in IIS7.5 by following these steps:
在类似环境中的网络应用程序之一遇到此类问题。事实证明,IE 正在尝试使用 Kerberos 进行身份验证,而 IIS 身份验证设置中已关闭 Kerberos。 Chrome 在无法使用 Kerberos 后陷入 NTLM,因此在 Chrome 网络应用程序中工作正常。
解决方案相当简单。
Had such problems with one of web-apps in similar environment. It turned out that IE was trying to authentificate using Kerberos, while Kerberos was turned off in IIS authentification settings. Chrome is falling to NTLM after failing to go Kerberos, so in Chrome web-app worked fine.
The solution is fairly trivial.
我在 Windows 2008 R2 iis 7.5 上使用模拟进行 Windows 身份验证时遇到了同样的问题。
我在这里遵循了其他两个解决方案,但没有成功。
但是应用这些更改后,我再次切换回内核模式并且它起作用了。
我不知道它为什么有效,但在 2 个独立的虚拟目录上成功执行了此过程。
I had the same problem with Windows authentication with impersonation on windows 2008 R2 iis 7.5.
I followed the other 2 solutions here without any success.
But after applying these changes, I Switched Back On kernel mode again and it worked.
I don't know why it works, but have followed this procedure on 2 separate virtual directories with success.