使用ADFS保护已启用IIS 7 WebDav的虚拟文件夹 [英] Securing an IIS 7 WebDav enabled virtual folder with ADFS
问题描述
我们在IIS 7上有一个ASP.NET应用程序,它可以接受来自ADFS 2的身份验证令牌.我们在应用程序中使用了Windows Identity Foundation.
We have an ASP.NET application on IIS 7 that accepts authentication tokens from ADFS 2. We used Windows Identity Foundation in the application to do that.
在同一IIS上,我们有一个启用WEBDAV的文件夹,Microsoft Office用户将文件保存到该文件夹.在使用Windows身份验证的Intranet上,此方法工作正常.这根本不涉及任何应用程序代码.
On the same IIS, we have a WEBDAV enabled folder to which Microsoft Office users save files. This works fine on an intranet using Windows Authentication. This involves no application code at all.
我们现在也希望使用ADFS保护对WebDav文件夹的访问.但是由于IIS处理WEBDAV,所以没有可以向其添加ADFS身份验证的应用程序.
We would now like to secure access to the WebDav folder using ADFS too. But since IIS handles WEBDAV, there is no application to which I can add the ADFS authentication.
两个问题:
- 如何在IIS上设置WEBDAV以进行ADFS身份验证?
- Word和Excel 2007是否可以处理与ADFS的交互?
推荐答案
Microsoft Office在访问WebDav资源时可以执行基于表单的身份验证.要使此工作有效,服务器必须实现MS-OFBA 协议.
Microsoft Office can do forms based authentication when accessing WebDav resources. To make this work, the server must implement the MS-OFBA protocol.
IIS本身不具有MS-OFBA身份验证.但是,可以通过将IHttpModule放入bin文件夹中,将自定义身份验证添加到IIS中启用WebDav的文件夹中.该模块可以执行所需的任何身份验证.
IIS does not natively have MS-OFBA authentication. It is, however, possible to add custom authentication to a WebDav enabled folder in IIS by putting a IHttpModule in the bin folder. This module can do any authentication required.
通过MS-OFBA,Office可以显示一种或多种html形式的凭据输入.我目前正在开发一个HttpModule,它可以进行两因素身份验证以显示两个连续的表单.
Through MS-OFBA, Office can display one or more html-forms for entry of credentials. I am currently working on a HttpModule that does two-factor authentication displaying two consecutive forms.
WebDav创作规则可以使bin文件夹及其内容对WebDav客户端不可见.
WebDav Authoring Rules can make the bin folder and its contents invisible to the WebDav client.
因此,我们最终在没有ADFS的情况下进行了必需的身份验证.
So, we ended up doing the required authentication without ADFS.
这篇关于使用ADFS保护已启用IIS 7 WebDav的虚拟文件夹的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
