Windows域之外的应用服务器可以验证该域的用户吗? [英] Can an application server outside a windows domain verify a user of that domain?

问题描述

我正在使用C#构建一个包含应用程序服务器的 Winform应用程序.适用于我的公司客户，该客户拥有自己的Windows域.

I am building a Winform App which includes an App server using C#. It's for a corporate client of mine and the client has it's own windows domain.

但是，应用服务器将不在其域中. 该应用将位于云VM中.

However, the app server will NOT be in their domain. The app will sit in a cloud VM.

客户(像其他客户一样)希望使他们的用户更轻松.他们想使用用户的窗口ID.他们不希望其用户必须再次登录才能访问我的应用程序.只要用户是 windows域组的一部分，就应该允许他(她)访问该应用程序，而无需输入密码.

The client (like any client) wants to make things easy for their users. They want to use their user's windows Id. They don't want their users having to log in again to access my App. As long as the user is part of a windows domain group, he/she should be given access to the app without the need to type in a password.

我想知道是否可以这样做，因为我的App Server 不是其域的一部分.

I'm wondering if this can be done since my App Server is NOT part of their domain.

如果是，怎么办?

推荐答案

在Kerberos(加入域的计算机中的正常域身份验证方法)不可用的情况下，NTLM将用作备用.参考:

NTLM would used as a fallback in cases where Kerberos (normal domain authentication method amongst domain-joined computers) is not available. Reference:

http://msdn.microsoft.com/zh-CN/library/windows/desktop/aa378749(v=vs.85).aspx http://en.wikipedia.org/wiki/NTLM

这篇关于Windows域之外的应用服务器可以验证该域的用户吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！