Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
747 views
in Technique[技术] by (71.8m points)

iis 7 - Enabling PUT on IIS 7.5 for an ASHX handler using Windows Authentication

I have an ASP.NET (.NET 4) website that uses http PUT for an .ashx generic handler. The PUT call originates from a Silverlight front end. All works in VS 2010 on my local machine (Cassini web server).

Then I deployed to an IIS7.5 Win Server 2008 R2 box.

The silverlight/website is fine, but PUT calls to the .ashx handler are met with a Windows Login Prompt.
This is a local intranet so Windows Authentication (with NTLM & Negotiate providers) is the only enabled authentication.

Then I read this: http://blogs.msdn.com/b/joseph_fultz/archive/2009/07/23/enabling-the-put-verb-with-handlers-and-iis-7-0.aspx

I've followed his suggestion and I can now make PUT calls via my .ashx handler. Problem is only folks in the Administrators Group of the web server can do this. No one else can. They are met with the windows login prompt.

Any idea what this could be?

I can't give Everyone in the company Admin privileges on the webserver. They would no doubt cut off one of my hands, eat said hand in front of me, and then show me the door.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Ok I figured it out.

Here are the key configuration elements in IIS 7.5:

  1. Under Windows Authentication / Providers - NTLM had to be on top of Negotiate
  2. Domain Users needed write access to the directory containing the ashx handler
  3. URL Authorization was not enabled as a role on the web server. I added it and then stuck this in the web.config under system.webServer:

    <security>
        <authorization>
            <remove users="*" roles="" verbs="" />
            <add accessType="Allow" users="*" verbs="GET,HEAD,POST,PUT,DELETE,DEBUG" />
        </authorization>
    </security>
    

(I'll trim that down a bit, but for now it works)

My entire system.webServer element is as follows:

<system.webServer>
    <modules>
        <remove name="WebDAVModule" />
    </modules>
    <defaultDocument>
        <files>
            <clear />
            <add value="default.aspx" />
        </files>
    </defaultDocument>
    <handlers accessPolicy="Read, Write, Execute, Script">
        <remove name="WebDAV" />
        <remove name="SimpleHandlerFactory-Integrated-4.0" />
        <remove name="SimpleHandlerFactory-Integrated" />
        <add name="SimpleHandlerFactory-Integrated" path="*.ashx" verb="GET,HEAD,POST,DEBUG,PUT" type="System.Web.UI.SimpleHandlerFactory" resourceType="Unspecified" requireAccess="Write" preCondition="integratedMode" />
        <add name="SimpleHandlerFactory-Integrated-4.0" path="*.ashx" verb="GET,HEAD,POST,DEBUG,PUT" type="System.Web.UI.SimpleHandlerFactory" resourceType="Unspecified" requireAccess="Write" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
    <security>
        <authorization>
            <remove users="*" roles="" verbs="" />
            <add accessType="Allow" users="*" verbs="GET,HEAD,POST,PUT,DELETE,DEBUG" />
        </authorization>
    </security>

</system.webServer>

That did it.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

2.1m questions

2.1m answers

60 comments

57.0k users

...