ADFS保护的ASMX和WCF服务 [英] ADFS Protected ASMX and WCF service

问题描述

我们在Azure Active Directory上注册了所有本地应用程序和服务(ASMX/WCF)，以使其受到ADFS保护.我们在ADFS上集成了DUO.但是由于Azure AD应用程序代理处于图片状态，因此所有都需要经过KCD身份验证.当一个ADFS 受保护的Web应用程序调用同样受ADFS保护的任何服务，它会中断.让我知道我可以在应用程序或服务中进行的所有更改，以使它们都通过ADFS Authenticated.

解决方案

Hello Vipin，

根据您的描述，您似乎有使用2个Apps的场景.这两个应用程序都与ADFS联合，并通过内部部署中安装的Azure应用程序代理连接器在Azure上发布 环境 .我相信用户正在尝试使用公共URL访问App1，而App1则试图代表用户使用其公共URL访问App2.如果我对您的环境的理解是正确的，那么我相信这将是Kerberos多跳方案. 即使两个应用程序都受相同的ADFS保护，在这种情况下也会发生多级委派.您有任何特定的错误吗?你可以检查一下 这 文章中的相关错误，以防您遇到本文中提到的任何特定错误.如果是不同的，可以通过 本文，介绍如何使用Azure App Proxy设置KCD和多跳方案.

谢谢.

We registered all On-Premise applications and Services(ASMX/WCF) on Azure Active Directory to make them ADFS protected. We have DUO integrated on ADFS. But Since Azure AD Application proxy is in picture so all needs to be KCD authenticated. When an ADFS protected web application calls any service which is also ADFS protected, It breaks. Let me know what all changes, i can make in application or service to make both of them as ADFS Authenticated.

解决方案

Hello Vipin,

As per your description , it seems you have a scenario with 2 Apps. Both the apps are federated with ADFS and published on Azure through Azure App proxy connectors installed in your on-premise environment . I believe that the user is trying to access App1 using public URL and App1 tries to access App2 on behalf of the User using its public URL. If my understanding of your environment is correct , this would be a Kerberos multi-hop scenario I believe. Even though both the apps are protected by same ADFS , there is multi-level delegation which would happen in this scenario. Do you have any specific error that you get ? You can check this article for related errors in case you are getting any specific error as mentioned in the article. In case it is a different one , you can go through this article on how to setup KCD and multi-hop scenario using Azure App Proxy . 

Thank you. 

这篇关于ADFS保护的ASMX和WCF服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！