9

I am trying to automatically log in users to an Xwiki install via basic auth. This is because help is stored in the wiki, but we want the retrieval process to be transparent to the user.

We push the user off to a url (via an <a> tag) like: http://username:password@xwiki.example.org/xwiki/bin/view/Main?basicauth=1

This works fine in every browser except Internet Explorer (see: http://support.microsoft.com/kb/834489. Unfortunately, 80% of our user base uses Internet Explorer and it is not an option to have them type in the credentials manually.

Currently, we have IIS 7.5 sitting in front of Xwiki and proxying all requests to the Tomcat instance on another server. This works fine. To solve my problem, I thought I could use a IIS rewrite rule to turn a url like this:

http://xwiki.example.org/xwiki/bin/view/Main?basicauth=1&_username=username&_password=password

into this:

http://username:password@xwiki.example.org/xwiki/bin/view/Main?basicauth=1&_username=username&_password=password

The idea being that IIS would substitute the _username/_password querystring parameters into the URL and pass it off to Tomcat, and Xwiki would ignore the extra parameters.

I have created a URL rewrite rule like:

<rule name="BasicAuthRewrite" enabled="true">
   <match url="https?://(.+)&amp;?_username=(.+)&amp;_password=(.+)" />
   <action type="Rewrite" url="http://{R:2}:{R:3}@xwiki.example.org/{R:1}" />
</rule>

When I go 'Test pattern' in IIS and supply my url, all the backreferences ({R:x}) match up to the data I want. However, when I visit the URL in my browser, the rewrite rule fails to invoke.

Is there any way I can achieve my desired behaviour?

4

4 回答 4

15

可以在 IIS 上使用 URL 重写进行基本身份验证。您应该添加服务器变量 HTTP_Authorization 值 Basic 后跟用户名:base64 中的密码。记得在允许的变量中添加变量

因此,对于密码为 open sesame 的用户 Aladdin,您的格式将是 Aladdin:open sesame 和 base64 编码的 QWxhZGRpbjpvcGVuIHNlc2FtZQ==。

转化为授权:基本 QWxhZGRpbjpvcGVuIHNlc2FtZQ==

<rule name="SomeName" stopProcessing="true">
    <match url="url/to/match" />
    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
    <action type="Rewrite" url="http://www.redirecturl.com/" appendQueryString="true" />
    <serverVariables>
        <set name="HTTP_Authorization" value="Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" />
    </serverVariables>
</rule>

IIS 屏幕截图身份验证

于 2012-06-15T12:22:58.950 回答
0

这应该这样做:

<rule name="BasicAuthRewrite" stopProcessing="true">
    <match url="(.*)" />
    <conditions trackAllCaptures="true">
        <add input="{QUERY_STRING}" pattern="basicauth=1&amp;_username=(.+)&amp;_password=(.+)" />
    </conditions>
    <action type="Rewrite" url="http://{C:1}:{C:2}@xwiki.example.org/{R:1}" appendQueryString="false" />
</rule>
于 2012-02-28T23:34:12.083 回答
0

授权不能委托给 ARR。因此,如果内容是高度敏感的,需要授权的,建议不要开启缓存。 ARR

但是有解决方案。

解决方案

于 2017-05-29T12:38:28.010 回答
-1

看来这在 IIS 中是不可能的。

于 2012-03-05T22:50:23.630 回答