联合服务 [英] Federated Services
问题描述
我有一个 .NET Web 应用程序,身份验证通常通过 Windows 身份验证完成.通常,它位于本地 LAN 上并且是域的成员,因此用户可以直接向 AD 进行身份验证.但是有人告诉我,当 Web 服务器位于外围网络时,我必须弄清楚要对域进行身份验证.有人告诉我,adfs 是要走的路.但是我不确定如何实现这一点.我阅读了有关 Web 应用程序代理的信息,但那些应用程序会在局域网上运行.依赖信任听起来像我想要的,但在 technet 上尚不清楚它是如何工作的,以及如何与除共享点站点之外的任何东西集成.有人告诉我不要使用类似 RODC 的东西,因为他们不想进一步扩展域,这是有道理的.关于如何通过 adfs 对 Active Directory 进行身份验证以及应用程序在外围的任何建议
I have a .NET web application, authentication is typically done through windows authentication. Normally it's placed on a local lan and is a member of a domain so users authenticate directly to AD. However I was told that I had to figure out to authenticate to the domain when the web server is on a perimeter network. I was told that adfs is the way to go. However I'm unsure of how to implement this. I read about the web application proxys but those would have the application on the lan. A relying trust sounds like what I want but it's not clear on technet how this works and how to integrate with anything other than a sharepoint site. I was told not to use something like a rodc because they don't want to extend the domain any further, which makes sense. Any suggestions on how to authenticate to active directory through adfs with the application being on the perimeter
推荐答案
Patterns & 提供了一本关于联合身份验证的免费且广为人知的电子书.实践组,基于声明的身份和访问控制
There is a free and well known e-book on federated authentication from the Patterns & Practices group, Claims based identity and access control
https://msdn.microsoft.com/en-us/library/ff423674.aspx
本书涵盖了设置联合应用程序、编写联合客户端和服务器等所需的全部内容.读完后,回来提出更具体的问题.
The book covers all you need to set up federated applications, write federated clients and servers and much more. When you are done with reading, come back with more specific questions.
这篇关于联合服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
