kulile Ответов: 0

Тип аутентификации Aspnetcore и IIS


Good day

I have this scenario regarding our websites at work where we deploy our applications. One of these websites must be accessible from both inside the network and outside the network. The people accessing it from outside will not be out network users in most cases.

On our QA server the site is configured to be accessible from outside the network. But on IIS, the site is configured to Windows Authentication type. When trying to access it from outside the network, it pops-up the network credentials form (so that a user can submit their network credentials) before accessing the site.

This is not practical for the non-network users. And the reason this is happening is because of the Windows Authentication type. I have tried to convince my superiors that this must change to Anonymous Authentication (this works fine). But they are not budging. They say this is not secure. Some digging on the internet suggest to use FormsAuth. However, this authentication type is not compatible with AspNetCore.

I am not sure if you have encountered something like this. Or if you can point us to some direction. My conclusion at the moment is that this is not possible Windows Authentication and only possible with Anonymous Authentication.

Any advice will help us.

Thanks


Что я уже пробовал:

Я попытался изменить тип аутентификации в IIS на анонимный. Это снимает мою проблему. Но мои инфраструктурные люди не хотят этого варианта, так как они говорят, что это риск для безопасности.

Шаблон проекта настроен на использование индивидуальной учетной записи пользователя для аутентификации.

0 Ответов