如何为基本身份验证创建用户帐户?

我想添加基本的认证到我的网站。我按照在 配置基本身份验证(IIS7)上的 MSDN 文章的说明

使用用户界面

  1. 打开 IIS 管理器并导航到要管理的级别。有关打开 IIS 管理器的信息,请参见 打开 IIS 管理器(IIS7)。有关导航到 UI 中的位置的信息,请参见 IIS 管理器中的导航(IIS7)
  2. 视图中,双击 认证
  3. 认证页面上,选择 基本认证
  4. 行动窗格中,单击 启动使用带默认设置的基本身份验证。
  5. 或者,在 行动窗格中,单击 剪辑键入默认域和领域。
  6. 在“ 编辑基本身份验证设置”对话框的“ 默认域名”文本框中,键入默认域或将其留空。登录到您的站点时不提供域的用户将根据此域进行身份验证。
  7. 王国文本框中,键入领域或将其保留为空白。通常,您可以对领域名使用与默认域相同的值。
    • 很重要
      如果在“域”文本框中输入默认域名,则在用户名和密码查询期间,您的内部 MicrosoftWindows 域名可能会向外部用户公开。
  8. 单击 好的关闭 编辑基本身份验证设置对话框。

以下是我目前为止所做的:

IIS Manager - Authentication Authentication Page - Basic Authentication

现在我需要为基本的身份验证创建一个用户帐户。

有人知道如何在 IIS 管理器中创建用户吗?

192395 次浏览
小开

Right click on Computer and choose "Manage" (or go to Control Panel > Administrative Tools > Computer Management) and under "Local Users and Groups" you can add a new user. Then, give that user permission to read the directory where the site is hosted.

Note: After creating the user, be sure to edit the user and remove all roles.

小开

I know this is a really old question but I wanted to add a bit of explanation that I discovered the hard way (this is n00b information).

"Basic Authentication" shares the same accounts that you have on your local computer or network. If you leave the domain and realm empty, local accounts are what are actually being used. So to add a new account you follow the exact process you would for adding a normal new user account to your local computer (as answered by JoshM or shown here). If you enter a domain and realm you can create network accounts in your local active directory and these are what will be used to log the user in and out.

Because it has been around for so long, basic authentication is generally compatible with any browser/system out there but it does have to major flaws:

  • user and password are sent in the clear (except over SSL)
  • you need to have a user account for each user or client

For more information about basic authentication or user accounts see the following MSDN page.

小开

It looks to me like Windows 8 and IIS 7 no longer provides any UI to create a user name and password for basic authentication that is NOT a windows local user account. It is clearly a superior approach to create an IIS-only user/password authentication pair, but it is not clear and easy how it is done.

Command line tools exist for this purpose. Some people create a Windows account and then remove the Log on Locally User Privilege.

小开

Unfortunatelly, for IIS installed on Windows 7/8 machines, there is no option to create users only for IIS authentification. For Windows Server there is that option where you can add users from IIS Manager UI. These users have roles only on IIS, but not for the rest of the system. In this article it shows how you add users, but it is incorrect stating that is also appliable to standard OS, it only applies to server versions.

小开

If you create a user with the advanced user management (from command line: netplwiz), then modify the group, remove users, and add iis_users. They will be able to authenticate to your web page, but not the computer.

小开

Configure basic authentication using the instructions from microsoft. But for the Default Domain Name, type your computer name. To find your computer name, click start, right-click computer, click properties, and search for your computer name there :)

Next, create users like you would normally do on windows 7. or if you don't know how to do it, go control-panel, users, add account.....blah blah blah.... Get It?

Next go to iis and set permissions for the user you just created. Be carefull to set the permissions to make it exactly how you want it.

That's all! To login, the username and password!

NOTE: The username should be simple letters, not capital. I'm not sure about this, that's why i told you this.

小开

Just to add a note, since I can't comment without 50+ rep...

If you have FIPS enabled on the server, it doesn't allow you to create users. Because IIS v8 (and lower I would imagine) does not use FIPS encryption algorithms. It would be great if it supported it , because obviously a user account in windows is insecure compared to a virtual user mapped to an isolated folder. Too bad.

enter image description here

小开

in iis manager click directory to protect.

choose authorization rules.

add deny anonymous users rule.

add allow all users rule.

go back to: "in iis manager click directory to protect" click authentication disable all except basic authentication.

the directory is now protected. only people with user accounts can access the folder over the web.

小开

I was able to achieve Basic Authentication on Windows Server 2012 doing the following:

Select your site within IIS and choose Authentication enter image description here

Ensure Basic Authentication is the only enabled option enter image description here

THEN! Add a username and password via the Server Manager. Select Tools -> Computer Management enter image description here

Under System Tools -> Local Users and Groups -> Users right-click anywhere in the middle pane, choose New User.. then fill in the credentials you want to use. enter image description here

Now when you navigate to the site in the browser you should get prompted with an authentication dialog:

enter image description here

小开

@Colin

"Local Users and Groups" is windows authentication


提交答案