blocks|key|1115251|text|我有一些你可以尝试的东西--不确定它是否有效。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1115252|在过去，我们使用了Request.ServerVariables["LOGON_USER"]，但很明显，为了返回一个非空值，您需要禁用匿名访问。|offset|length|style|CODE|1115253|请参阅本文：http://support.microsoft.com/default.aspx/kb/306359|1115254|它建议在IIS端保留匿名访问，并进行表单身份验证，但拒绝匿名用户，如下所示：|1115255|<authorization>
+++<deny+users+=+"?"+/>+
+++<allow+users+="*"+/>+
</authorization>|code-block|syntax|javascript|1115256|entityMap|0|LINK|mutability|MUTABLE|url|http://support.microsoft.com/default.aspx/kb/306359^0|0|9|11|0|6|1F|0|0|0|0^^$0|@$1|2|3|4|5|6|7|Y|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|Z|8|@$D|10|E|11|F|G]]|9|@]|A|$]]|$1|H|3|I|5|6|7|12|8|@]|9|@$D|13|E|14|1|15]]|A|$]]|$1|J|3|K|5|6|7|16|8|@]|9|@]|A|$]]|$1|L|3|M|5|N|7|17|8|@]|9|@]|A|$O|P]]|$1|Q|3|-4|5|6|7|18|8|@]|9|@]|A|$]]]|R|$S|$5|T|U|V|A|$W|X]]]]

I've got something you can try - not sure if it will work.

In the past we've used <code>Request.ServerVariables["LOGON_USER"]</code> but obviously for this to return a non-empty value you need to disable Anonymous access.

See this article: <a href="http://support.microsoft.com/default.aspx/kb/306359" rel="nofollow noreferrer">http://support.microsoft.com/default.aspx/kb/306359</a>

It suggests keeping Anonymous access on the IIS side, and Forms authentication, but denying the anonymous user as follows:

<pre><code>&lt;authorization&gt;
 &lt;deny users = "?" /&gt; &lt;!-- This denies access to the Anonymous user --&gt;
 &lt;allow users ="*" /&gt; &lt;!-- This allows access to all users --&gt;
&lt;/authorization&gt;
</code></pre>

blocks|key|1330458|text|不幸的是，您正在尝试做的事情不受支持。为了让ASP.NET知道Windows用户名，您必须使用Windows身份验证。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1330459|您可以设置另一个站点/虚拟目录，将用户名信息转发到另一个页面。但是，当非Windows身份验证的用户尝试登录时会发生什么呢？|1330460|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

Unfortunately, what you are trying to do just isn't supported. In order for ASP.NET to know the Windows username, you must use Windows Authentication.

You could set up another site / virtual directory that just forwarded the username information to another page. But what happens when non-Windows authenticated users try to log in?

blocks|key|1330510|text|你可以随时在IIS7中设置两个独立的应用程序。一种是启用Windows身份验证。另一个是具有表单身份验证的主应用程序。如果用户访问windows身份验证应用程序，该页可以获取他们的凭据并将其传递给forms身份验证应用程序。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1330511|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

You could always set up 2 separate application in IIS7. One would have Windows Authentication enabled. The other would be the main app with forms authentication. If a user went to the windows authentication app, the page could grab their credentials and pass it to the forms authentication app.

blocks|key|1115402|text|有很多关于通过设置config来使用表单并允许匿名访问应用程序来混合身份验证的文章。其次，应该为集成身份验证创建一个页面，并将IIS设置设置为拒绝匿名和使用集成身份验证。在这里，您可以通过检查requets的ServerVariables集合的"Logon_User“变量来变魔术。最后，为了让集成身份验证以静默方式登录用户，它必须具有简短的托管名称。因此，如果您的表单身份验证部分通过FQDN向internet公开，则应该有某种类型的重定向到简短的主页。我认为在IIS下只有一个应用程序和两个虚拟目录就可以实现。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1115403|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

There are plenty articles on mixing the authenticaton by setting config to use the forms with allowing anonymous access to the app. Secondly, a page for integrated auth should be created with IIS settings set to deny anonymous and use Intgrated Authentication. There you would the magic trick by checking the "Logon_User" variable of the requets's ServerVariables collection. And finally for integrated authentication to silently sign in the user it has to have short hosted name. So if your forms authentication piece is exposed to internet via FQDN there should be some kind of redirect to the short host page. I think it is possible to achieve with just one application under IIS with 2 virtual directories.

blocks|key|1115469|text|实际上，你可以做到。对于@dr_draik来说有点晚了，但这是我在谷歌搜索结果中突然出现的，所以我想我应该分享一些知识。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1115470|如果您处于经典模式-同时启用Windows和Forms身份验证。你会收到一个警告，告诉你不能同时做这两件事，但是你可以用ignore+it。然后，您可以围绕各种属性拼写，如Code：|offset|length|1115471|HttpContext.Current.Request.ServerVariables["LOGON_USER"]|style|CODE|1115472|然后把用户名从那里搜出来。|1115473|如果你处于集成模式-+4021905+IIS7+Challenge-based+and+login+redirect-based+authentication+cannot+be+used+simultaneiously通向IIS+7.0+Two-Level+Authentication+with+Forms+Authentication+and+Windows+Authentication，这是一个允许你有选择地更改不同页面的身份验证的模块。|1115474|entityMap|0|LINK|mutability|MUTABLE|url|http://forums.iis.net/t/1174844.aspx|1|https://stackoverflow.com/questions/4021905/iis7-challenge-based-and-login-redirect-based-authentication-cannot-be-used-simul|2|http://mvolo.com/iis-70-twolevel-authentication-with-forms-authentication-and-windows-authentication/^0|0|1O|9|0|0|0|1L|0|0|B|2R|1|34|2D|2|0^^$0|@$1|2|3|4|5|6|7|Z|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|10|8|@]|9|@$D|11|E|12|1|13]]|A|$]]|$1|F|3|G|5|6|7|14|8|@$D|15|E|16|H|I]]|9|@]|A|$]]|$1|J|3|K|5|6|7|17|8|@]|9|@]|A|$]]|$1|L|3|M|5|6|7|18|8|@]|9|@$D|19|E|1A|1|1B]|$D|1C|E|1D|1|1E]]|A|$]]|$1|N|3|-4|5|6|7|1F|8|@]|9|@]|A|$]]]|O|$P|$5|Q|R|S|A|$T|U]]|V|$5|Q|R|S|A|$T|W]]|X|$5|Q|R|S|A|$T|Y]]]]

Actually, you can do it. Bit late for @dr_draik, but this cropped up in a google result for me so I thought I'd share some knowledge.

If you're in classic mode - Enable both Windows and Forms auth. You'll get a warning about not being able to do both at once, but you can <a href="http://forums.iis.net/t/1174844.aspx" rel="noreferrer">ignore it</a>. Then, you can spelunk around various properties like 
Code:

<code>HttpContext.Current.Request.ServerVariables["LOGON_USER"]</code> 

and fish the username out of there.

If you're in integrated mode - <a href="https://stackoverflow.com/questions/4021905/iis7-challenge-based-and-login-redirect-based-authentication-cannot-be-used-simul">4021905 IIS7 Challenge-based and login redirect-based authentication cannot be used simultaneiously</a> leads to <a href="http://mvolo.com/iis-70-twolevel-authentication-with-forms-authentication-and-windows-authentication/" rel="noreferrer">IIS 7.0 Two-Level Authentication with Forms Authentication and Windows Authentication</a> which is a module that allows you to selectively change the auth for different pages.

blocks|key|1330701|text|我找到了一个不使用特殊插件的解决方案。这很棘手，需要将这里引用的所有页面的元素拼凑在一起。我把它贴了出来：http://low-bandwidth.blogspot.com.au/2014/11/iis7-mixed-windows-and-forms.html|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1330702|本质上，必须启用表单、窗口和匿名身份验证。登录屏幕应该是基于表单的，并包含一个触发Windows登录的按钮，该按钮发出HTTP+401响应质询，如果成功，将创建一个基于表单的登录票证。|1330703|问题相当复杂，这篇文章详细介绍了原则和解决方案。|1330704|entityMap|0|LINK|mutability|MUTABLE|url|http://low-bandwidth.blogspot.com.au/2014/11/iis7-mixed-windows-and-forms.html^0|1H|26|0|0|0|0^^$0|@$1|2|3|4|5|6|7|P|8|@]|9|@$A|Q|B|R|1|S]]|C|$]]|$1|D|3|E|5|6|7|T|8|@]|9|@]|C|$]]|$1|F|3|G|5|6|7|U|8|@]|9|@]|C|$]]|$1|H|3|-4|5|6|7|V|8|@]|9|@]|C|$]]]|I|$J|$5|K|L|M|C|$N|O]]]]

I found a solution using no special add-ons. It was tricky and involved cobbling together elements from all the pages referenced here.
I posted about it: <a href="http://low-bandwidth.blogspot.com.au/2014/11/iis7-mixed-windows-and-forms.html" rel="nofollow">http://low-bandwidth.blogspot.com.au/2014/11/iis7-mixed-windows-and-forms.html</a>

In essence, forms, windows and anon authentication have to be enabled.
The login screen should be forms based, and contain a button to trigger Windows login, that issues an HTTP 401 response challenge which if successful creates a forms based login ticket.

The issues are rather complex, and the post goes through the principles and the solution in detail.

I have an (ASP.NET 3.5) intranet application which has been designed to use forms authentication (along with the default aspnet membership system). I also store additional information about users in another table which shares its primary key with the aspnet_users table.

For users who are part of our domain I store their domain account name in the secondary users table, and I want to automatically log in users whose domain account name matches a name stored in the table.

I have read the guides which are available - they're all from two years ago or more and assume that you are able to activate Windows Authentication on a separate login page that allows you to extract the domain account name. From what I can tell, though, this is not possible in IIS7 (the overall authentication method is applied on all pages and cannot be selectively deactivated, and both authentication methods can't be applied on the same page).

Is there a way of getting IIS to pass through the windows domain account name of the requesting user? I don't need proper AD authentication, just the domain name.

Mixing Forms authentication with Windows authentication

身份验证

Windows

我有一个(ASP.NET 3.5) intranet应用程序，它被设计为使用表单身份验证(以及默认的ASP.NET成员系统)。我还将有关用户的附加信息存储在另一个表中，该表与aspnet_users表共享其主键。对于属于我们域的用户，我将其域帐户名存储在辅助用户表中，并且我希望自动登录其域帐户名与表中存储的名称相匹配的...

问混合使用窗体身份验证和Windows身份验证
EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问混合使用窗体身份验证和Windows身份验证EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问混合使用窗体身份验证和Windows身份验证
EN