Controlling access to a website with IIS/Active Di

2019-06-13 15:22发布

问题:

I need to secure a legacy help site on our network that points out to the world. Ideally, I want to have people authenticate with their active directory logins, because everybody in the company is already there, and they already know that stuff. Ideally, I'd need to set the default domain so people don't have to type that.

I have an example to model my solution after, but to call it weird is a bit of an understatement. Anonymous access is enabled, with authenticated access restricted to Integrated Windows Authentication and Basic Authentication, with no initial domain or realm set. The web.config file in the website has only this in its authentication field:

<authentication mode="Windows" /> <authorization> <deny users="?" /> <!-- Allow all users --> </authorization>

Of course, the site I am securing is pure HTML, so I am not even sure a web.config file will work. Is there a graceful, sustainable way to go about this? Unfortunately, I am unable to find much of anything on Google.

回答1:

Turn of anonymous authentication in IIS and enable Integrated Windows Authentication. That will work outside asp.net. If it's pure html, the web.config isn't being used.