问题
I'm actually working on an website where users login via windows authentication.
My problem is, that actually all users have to login whenever they open our webpage. I wonder if it is possible to keep that windows authentification alive? Maybe with cookies?
I implemented the authentification by adding this to my Startup.cs:
services.Configure<IISOptions>(options =>
{
options.AutomaticAuthentication = true;
});
services.AddAuthentication(IISDefaults.AuthenticationScheme);
And activating Windows-Authentication in my project-settings.
Afterwards im able to use the Authorize-atrribute:
[Authorize]
public IActionResult Index()
{
return View();
}
If the user isn't logged in he is now asked to log in.
Is there any way to keep the windows-authentication alive, even if the user is closing his browser?
Thanks for your help and your ideas in advance!
回答1:
Well I found a way to get want I wanted, but its not the way I wanted:
I ended up by declaring my site as a trused one. The trick hereby is, that the login data is always passed to the webserver.
In chrome you can achive it htis way : Menu -> Settings -> Advanced Settings -> Change proxy settings -> Security -> Trusted Sites -> Add the URL of your page
Other ways(Firefoy, IE) to open that settings can be found here : https://effortz.com/add-website-browsers-trusted-sites-windows-os/
Doing this will onl work for the PC you are actually on. Often those settings are managed by systemadministrators. In this case, the admins can set your site trusted for all users in your network. And boom every user is automatically logged in and the login data is always available.
来源:https://stackoverflow.com/questions/51556265/asp-net-core-keep-windows-authentication