如何验证用户与客户(远程)Active Directory服务器 [英] How to authenticate users with a customer's (remote) active directory server
问题描述
我们正在开发一个Web应用程序被我们的网络托管,但客户希望我们'同步'他们(远程)活动目录。
We are developing a web application to be hosted on our network, but the client wishes us to 'sync' with their (remote) active directory.
基本上,他们想用他们的AD凭据登录到我们的Web应用程序。
Basically, they would like to sign on to our web application using their AD credentials.
关键的一点是,Web应用程序(我们的)和AD目录(他们)是两个完全独立的,并断开网络。
The key point is that the web application (ours) and the AD directory (theirs) are on two totally separate and disconnected networks.
什么工具和/或战略你推荐提供这种服务?
What tools and/or strategies do you recommend to provide this service?
我们的Web应用程序是C#/ IIS。
Our web application is c#/IIS.
推荐答案
该方案是由Windows标识基础(WIF)支持的主要方案之一,只要他们可以公开他们的广告作为一个安全令牌服务(STS)。他们能做到这一点使用ADFS 2.一般的方法是所谓的身份联合。 WIF结合非常好与ASP.Net。
This scenario is one of the main scenarios supported by Windows Identity Foundation (WIF), provided they can expose their AD as a security token service (STS). They can do this using ADFS 2. The general approach is called identity federation. WIF integrates extremely well with ASP.Net.
有大量的文件有关WIF和身份联合网络与ADFS 2。例如,尝试<一上href="http://technet.microsoft.com/en-us/library/adfs2-federation-wif-application-step-by-step-guide%28WS.10%29.aspx"相对=nofollow>这个,也是文档的WIF SDK和Visual Studio工具。
There is lots of documentation on the web about WIF and identity federation with ADFS 2. For example, try this and also the documentation for the WIF SDK and Visual Studio tools.
这篇关于如何验证用户与客户(远程)Active Directory服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
