Anonymous. If you do not need to authenticate your clients (or you use a custom authentication mechanism, such as forms authentication), you can configure IIS to allow anonymous access. In this event, IIS creates a Windows token to represent all anonymous users with the same anonymous (or guest) account. The default anonymous account is IUSR_MACHINENAME, where MACHINENAME is the NetBIOS name of the computer that was specified during installation.
IIS supports the following modes of authentication:
When ASP.NET is configured for Windows authentication, it relies on IIS to authenticate its clients using the configured authentication mode. IIS determines the authentication mode for a particular application by examining its metabase settings. After successfully authenticating a user, IIS passes the Windows token representing the authenticated user to the ASP.NET worker process (w3wp.exe) in which the ASP.NET application is hosted. If your application uses a virtual directory that is configured in IIS to support anonymous access, the token represents the anonymous Internet user account; otherwise, the token represents the authenticated user.
This document explains how Windows authentication works in ASP.NET version 2.0 with IIS 6.0.
ASP.NET also supports custom solutions for using Windows authentication, which bypasses IIS authentication. For example, you can write a custom ISAPI filter that checks the user's credentials against Active Directory. With this approach you must manually create a WindowsPrincipal object.
If your application uses an Active Directory user store, you should use Integrated Windows authentication. When you use Integrated Windows authentication with an ASP.NET application, the best approach is to use an Internet Information Services (IIS) authentication method coupled with the Windows authentication provider for ASP.NET. With this approach, a WindowsPrincipal object (encapsulating a WindowsIdentity object) is automatically created to represent the authenticated user. You do not need to write any authentication-specific code.
Authentication is the process of validating client identity, usually by means of a designated third-party authority. The client might be an end user, computer, application, or service. The client's identity is called a security principal. To authenticate with a server application, the client provides some form of credentials to allow the server to verify the client's identity. After the client's identity is confirmed, the application can authorize the principal to perform operations and access resources.
Learn how impersonation affects the WindowsPrincipal and WindowsIdentity objects.
Learn how the WindowsAuthenticationModule class creates WindowsPrincipal and WindowsIdentity objects.
Learn how NTLM authentication works.
Learn how Kerberos authentication works.
Learn how Windows authentication works in ASP.NET version 2.0.
This module explains how IIS Integrated Windows authentication and ASP.NET Windows authentication works in ASP.NET version 2.0. It explains how NTLM and Kerberos authentication work. Additionally, this module explains how the WindowsAuthenticationModule class constructs WindowsPrincipal and WindowsIdentity objects, and then attaches the objects to the current ASP.NET Web request to represent the authenticated user.
Internet Information Services (IIS) 6.0
J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Chaitanya Bijwe
This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies.
Explained: Windows Authentication in ASP.NET 2.0
9 out of 10 rated this helpful -
Explained: Windows Authentication in ASP.NET 2.0
Комментариев нет:
Отправить комментарий