Symfony Security Cookbook: Difference between revisions
(Created page with "Category:Symfony Category:IIS Category:Web Development == Windows authentication and IIS == This wouldn't be an issue in most cases because there are probably nex...") |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 6: | Line 6: | ||
Windows authentication can be used to limit access to development sites, but it is not compatible with Symfony's unit tests. No solutions were obvious for passing along the Windows authentication to a request made in a unit test. | Windows authentication can be used to limit access to development sites, but it is not compatible with Symfony's unit tests. No solutions were obvious for passing along the Windows authentication to a request made in a unit test. | ||
== Symfony security and IIS == | == Symfony security, anonymous authentication, and IIS == | ||
Just in case Windows authentication was in use on a development site, it's necessary to disable it when using Symfony's security strategies. | Just in case Windows authentication was in use on a development site, it's necessary to disable it when using Symfony's security strategies. | ||
| Line 18: | Line 18: | ||
* '''Forms Authentication''': disabled | * '''Forms Authentication''': disabled | ||
* '''Windows Authentication''': disabled | * '''Windows Authentication''': disabled | ||
== Logging out == | |||
`<nowiki>http://logout@dev-server.com/</nowiki>` | |||
Google Chrome doesn't support this. If Chrome is remembering authentication, authentication can be verified using an incognito window. | |||
Latest revision as of 20:08, 3 March 2015
Windows authentication and IIS[edit]
This wouldn't be an issue in most cases because there are probably next to no production IIS servers running Symfony apps.
Windows authentication can be used to limit access to development sites, but it is not compatible with Symfony's unit tests. No solutions were obvious for passing along the Windows authentication to a request made in a unit test.
Symfony security, anonymous authentication, and IIS[edit]
Just in case Windows authentication was in use on a development site, it's necessary to disable it when using Symfony's security strategies.
A symptom of this is that different browsers will exhibit different behavior when logging in. Some (Firefox) will authenticate successfully, while others will attempt inappropriate authentication methods first, which will fail.
IIS Manager > [web server] > [symfony_site] > IIS > Authenication
- Anonymous Authentication: enabled
- ASP.NET Impersonation: disabled
- Forms Authentication: disabled
- Windows Authentication: disabled
Logging out[edit]
`http://logout@dev-server.com/`
Google Chrome doesn't support this. If Chrome is remembering authentication, authentication can be verified using an incognito window.