问题
Building an ASP.NET intranet application which will authenticate domain users using Windows authentication so there is no need to login. Some users will be accessing the site over wifi and these users will not be authenticated on the domain. Therefore for these users only I need to present a login screen and authenticate them with AD using an LDAP connection (i.e. Forms authentication).
I've been hunting around for a reliable solution. There are numerous SO questions (here, here, here, many more) but so far no good answers IMHO.
The only complete solution I've seen is this one from 2004. Is this solution still viable? If so would it require that IIS is running in Classic mode (as opposed to Integrated)?
Another suggestion I've seen would be adding a separate site which performs Windows authentication and passes a simulated forms authentication ticket to the main site running under Forms auth as described here.
Or I guess a third option would be to run the whole intranet as two separate sites, both running the same application but each with different authentication mode. Obviously this is not desirable since every page would have two URLs. I'm not bothered about SEO of course, but not good for usability.
Can anyone say definitively what the best approach is to mixed-mode authentication on an ASP.NET intranet?
P.S. I've seen a few suggestions that this is the answer but that's a 403 :(
来源:https://stackoverflow.com/questions/29968243/what-is-the-best-approach-for-mixed-mode-authentication-on-an-asp-net-intranet