问题
In a ASP.net WebForms project, we currently use Forms Authentication, but the client wishes to use Windows Authentication instead. So I've changed the web.config to use Windows authentication. However, the application needs some user input and put in into a session before any webpage can be accessed. We currently do this in the postback of the loginpage.
Since Windows authentication does not have a 'Login' page, how can this be achieved? Should I check on every page it's On_Init event if the session has been set correctly..?
回答1:
If you need a specific data in session available in every single page, the easiest approach would be to have a dedicated module that checks the condition in one of early pipeline events where the session is available (the acquire request state event sounds most suitable).
public class CustomConditionCheckModule : IHttpModule
{
public void Init( HttpApplication context )
{
context.AcquireRequestState += new EventHandler( acq_req_state );
}
public void acq_req_state( object sender, EventArgs e )
{
// check your condition there - the data is in session
var session = HttpContext.Current.Session;
if ( ... the condition ... )
Response.Redirect( "~/anonymous.page.aspx" );
}
}
Then you also need a page that can be accessed anonymously (you need a section in the web.config for this):
<location path="anonymous.page.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
回答2:
I think you could go with LDAP (Active Directory Authentication) with windows authentication in web.config but if its intranet web application or another way i.e. role based security with windows authentication.
来源:https://stackoverflow.com/questions/19541114/windows-authentication-initialization-asp-net