If I set Windows Authentication to true in IIS7 and set Anonymous Authentication to false, I will get a WWW-Authenticate header. I assume this is the cue to the browser to po开发者_如何学JAVApup the authentication dialog. I'm trying to figure out where in the ASP.NET pipeline the WWW-Authenticate header gets set (and what class is responsible for setting it it). I've done quite a bit of Googling and looking at WindowsAuthenticationModule and UrlAuthorizationModule in reflector but can't seem to pinpoint it!
Several modules in IIS 7 perform tasks related to security in the request-processing pipeline. In addition, there are separate modules for each of the authentication schemes, which enable you to select modules for the types of authentication you want on your server.
The one you are looking for is the WindowsAuthenticationModule, which performs NTLM integrated authentication. It is located in Inetsrv\Authsspi.dll.
The picture below shows the HTTP request processing pipeline mechanism of IIS7.
For a complete in-depth elaboration, including the above material, visit: http://learn.iis.net/page.aspx/101/introduction-to-iis-7-architecture/
That should answer all your questions :-)
If you have Windows Authentication set in IIS the authentication will occur between the client and IIS.
.NET may access the details when is set in the web.config but IIS sends the WWW-Authenticate header and manages credential exchange.
See more:
https://www.owasp.org/index.php/Authentication_In_IIS
http://msdn.microsoft.com/en-us/library/ff647405.aspx
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论