场外AD认证
我有一个 Web 应用程序(不是生产),我想为其启用 AD 身份验证。问题是 DC 不是我的,而是客户的。该站点将远程托管(亚马逊、rackspace 或其他主机)。我可以让客户端的用户通过其域用户进行身份验证吗?
他们应该能够使用 Windows 登录凭据,如果可能的话,甚至在访问应用程序时输入用户密码。
我已经在这方面发挥了最大的谷歌搜索能力。
谢谢!
I have a web application (not production) for which I want to enable AD authentication. The problem is that the DC is not mine, it is the client's. The site will be hosted remotely (amazon, rackspace or some other host). Can I enable the client's users to authenticate with their domain user?
They should be able to use the windows login credentials and if possible even input their user-password when accessing the application.
I have maxed my googling skills on that one.
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
通常,执行此操作需要在防火墙上打开 LDAPS 并将其保护到一组源 IP。这确实不是一个伟大的设计,许多公司(正确地)不会允许这样做。您真正想要了解的是 Active Directory 联合服务 (ADFS) 或类似的联合。
Doing this requires opening LDAPS on firewalls and securing it to a set of source IPs, generally. That's really not a great design and many companies (rightly) won't allow this. What you really want to look in to is federation ala Active Directory Federation Services (ADFS) or similiar.