I have an MVC 4 web application that uses Windows authentication. I keep that app on the real web server with IIS 7. The Windows authentication function works well with Internet Explorer (IE), Firefox (FF), and Safari, but it does not work with Chrome; I'm using Chrome version 27.
Here, " Works " means that when the user opens the browser (IE, FF, or Safari) and the web application browses to the site, then he / she The first thing to do is to provide a valid identity in a dialog box. After that, if its credentials are valid, then the user has permission to view the web site page. With chrome "Chrome does not work" Chrome always lets users browse the web page without seeing the credential dialog box and without having to enter credentials in the dialog box as IE, FF or Safari without them! The problem is that I have to solve how, though I tried to clear the cookies, cache for my Chrome browser and shut down and reopened the Chrome. I know that the "cookie-clean" action for Chrome is not because Windows Authentication Mode in IIS is not intended to do anything with the cookie like form authentication mode. The first time I tested my web application after Chrome deployed the web application on the server, Chrome notified me in the input credentials in the sign box , but the second Bar, Chrome does not give me any more signals Please tell me what should I do to stop the Chrome browser from bypassing the Credential Prompt Dialogue BoxThank you in advance. I followed the 2 steps below to work my MVC web application with IE, FF and Safari: in web configuration (web .config) File of my MVC 4 web application (intranet template), I specify the Windows authentication function as: On the actual web server, in IIS version 7, I open my MVC Web site application node and enable its authentication node to enable Windows authentication and Disable disabled authentication. Take a look. You can not Routin or Web to secure your MVC application (any version) Use config file. Authorize attribute is the only supporting way to secure your MVC application MVC routes and webforms Does not map URLs to physical files locations such as PHP, and traditional web servers. Therefore the use of web.config will definitely open the security hole in your site. Example: Start with default ASP.NET MVC project (Internet / Intranet). The Web Editing config: By default, you will use the default path In addition to this, any MVC 1
& lt; Authentication mode = "Windows" /> & Lt; Authority & gt; & Lt; Deny users = "?" / & Gt; & Lt; / Authorization & gt; 2
& lt; Location Path = "Home" & gt; & Lt; System.web & gt; & Lt; Authoirzation & gt; & Lt; Deny users = "*" & gt; & Lt; / Authoirzation & gt; & Lt; /system.web> & Lt; / Location & gt; / home / index to run the project, and you only bypass the web By looking at the content, do not .config with any changes in the default template? Because ASP.Net Pipeline Web. Comparing the requested URL for the specified location in the config. However, after authorization event , the event is executed in the pipeline in the route (default routing or custom routing) and allows access to the estimated restricted area. redirect () also goes through the same security measures as the authorization authority occurs again after the pipeline event.
No comments:
Post a Comment