发表新帖
发表新帖

Integrated Windows Authentication & SSL

前端 未结
关注
2 605
长情又很酷
长情又很酷 2021-02-06 19:23

I have an administrative website on our intranet that currently uses Integrated Windows Authentication through IIS. We would like to move this application to a

相关标签:
2条回答
  • 温柔的废话
    2021-02-06 19:34

    I've solved this as an IIS problem every time, not a code problem:

    • create a new web site in IIS
    • bind it to the same IP address (and/or host header), to your SSL cert and to port 443
    • configure this to point to the same application root as the current port 80 site
    • test to make sure that directly connecting to https://site gives the expected responses
    • reconfigure the original site (still bound to port 80) to use the HTTP Redirect feature
    • configure the port 80 site to redirect to the port 443 site; optionally, remove the application and virtual directory mappings (in case someone accidentally disables the redirect)

    From then on, any user that just types the web site address into their browser will get a lightning-fast redirect message from IIS that sends them to the SSL-protected version of the site.

    0 讨论(0)
  • 被撕碎了的回忆
    2021-02-06 19:44

    We had similar issues on our intranet site and ended up switching from Integrated Windows Authentication to requesting their network username/password directly on the site. That way we can redirect them to HTTPS or other such things without worrying about when the authentication popup shows up.

    We have some code similar to this (assuming you're using ASP.NET) that authenticates the user, and then we store the authentication state in a cookie.

    public static bool AuthenticateUser(string username, string password)
{
    System.DirectoryServices.DirectoryEntry _entry = new System.DirectoryServices.DirectoryEntry(ldap_path, username, password, System.DirectoryServices.AuthenticationTypes.Delegation);

    bool _authenticated = false;
    try
    {
        Object _o = _entry.NativeObject;
        _authenticated = true;
    }
    catch
    {
        _authenticated = false;
    }
    finally
    {
        // Avoids the "multiple connections to server not allowed" error.
        _entry.Close();
        _entry.Dispose();
    }

    return _authenticated;
}

    It ended up saving us tons of headache and frustration by handling all authentication in the application rather than depending on IIS.

    0 讨论(0)
 看不清?
提交回复
热议问题