问题
I am developing an internally-facing application that needs to automatically authenticate users via Windows Authentication and fall back to Forms authentication. The fall back would occur in situations where the user on a computer logged in as a group account (such as an operations center). I'm concerned about security where a user could "spoof" the Windows Authentication account. Do any of you all know of a design pattern and pragmatic idea that would fit this specific scenario?
Technical Constraints: .NET 3.5 on IIS 6 (IIS 7 is currently a non-starter in our environment)
Thanks!
回答1:
There's an old article on MSDN here, which involves a custom 401 redirect set up in IIS - hopefully it's of some help.
来源:https://stackoverflow.com/questions/892911/windows-authentication-and-forms-authentication-together-for-asp-net