iis7 Challenge-based and login redirect-based auth

2019-02-09 23:26发布

问题:

I have an asp.net web site, earlier version of the application need to run in classic mode, the latest version can run in integrated mode. Generally the application is configured to use Forms Authentication but it can be configured to used Windows Authentication.

There is a business requirement that even when running IIS in Windows Authentication the application should still support forms authentication this is so administrators are forced to login with a username/password. This is handled internally with code that determines whether to log the user in or redirect to login

ISS6 allowed this configuration with no problems and in fact IIS 7 can be configured in this way, except for the fact that it shows an "Alert" message "iis7 Challenge-based and login redirect-based authentication cannot be used simultaneously". This message doesn't appear to be strictly true as the application seems to work as intended, happily supporting IIS as windows auth but the asp.net app thinking its forms auth.

The problem I have is with the "Alert" message, as this will no doubt cause confusion and support calls.

Is there way to provide both windows auth and forms auth and keeps IIS7 UI happy?

回答1:

There's a well detailed proposal that basically does the following:

Applies Forms authentication everywhere as this is not applicable piecemeal on a site. Then to have a gateway page (login) where the windows authentication takes place. It's not flicking a switch but I'm going to be trying it myself.

I'll report back on how it goes if there's interest.