Web SSO设计：维护一个单独的客户帐户存储 [英] Web SSO design: Maintain a separate store of customer accounts

问题描述

您好

在technet.microsoft.com上找到以下信息（ http://technet.microsoft.com/en-us/library/ dd807033（WS.10，打印机）.aspx ）  web
网站。

"借助Web SSO设计，通常在外围网络中托管AD安全的应用程序或服务的组织可以维护单独的存储外围网络中的客户帐户，可以更轻松地将客户
帐户与员工帐户隔离开来。

您可以使用Active 目录域服务（AD  DS），SQL  Server或a来管理外围网络中客户的本地帐户自定义属性存储。 "

为什么这表示如果ADFS2.0仅允许AD身份验证，则可以为客户维护单独的帐户存储。我想如果我不能使用AD LDS那么也许我可以将SQL用作帐户商店或其他东西。

  Fred

解决方案

您可以停止搜索 -  

ADFS 2支持一个帐户存储：AD DS。

当您需要在DMZ中拥有客户帐户的方案时 - 您需要一个（隔离的）Active Directory。这不是那么糟糕 - AD是一个强大的帐户商店。 

当您需要相同的可靠性功能时，AD LDS解决方案的复杂性不会太低。

Hi

Found the info below on the technet.microsoft.com (http://technet.microsoft.com/en-us/library/dd807033(WS.10,printer).aspx) web site.

"With the Web SSO design, an organization that typically hosts an AD FS-secured application or service in a perimeter network can maintain a separate store of customer accounts in the perimeter network, which makes it easier to isolate customer accounts from employee accounts.

You can manage the local accounts for customers in the perimeter network by using either Active Directory Domain Services (AD DS), SQL Server, or a custom attribute store."

Why does this say you can maintain a separate account store for customers, if ADFS2.0 only allows AD autentication. I thought if I can't use AD LDS then maybe I could user SQL as a account store or something else.

 Fred

解决方案

You can stop searching - 

ADFS 2 supports one account store: AD DS.

When you need a scenario with customer accounts in the DMZ - you need an (isolated) Active Directory. That's btw not so bad - AD is a robust account store. 

A AD LDS solution would have not much less complexity when you want the same reliability features.

这篇关于Web SSO设计：维护一个单独的客户帐户存储的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！