問(wèn)題描述

我們正在開(kāi)發(fā)一個(gè)托管在我們網(wǎng)絡(luò)上的網(wǎng)絡(luò)應(yīng)用程序，但客戶希望我們與他們的(遠(yuǎn)程)活動(dòng)目錄同步".

We are developing a web application to be hosted on our network, but the client wishes us to 'sync' with their (remote) active directory.

基本上，他們希望使用他們的 AD 憑據(jù)登錄我們的 Web 應(yīng)用程序.

Basically, they would like to sign on to our web application using their AD credentials.

關(guān)鍵在于 Web 應(yīng)用程序(我們的)和 AD 目錄(他們的)位于兩個(gè)完全獨(dú)立且斷開(kāi)連接的網(wǎng)絡(luò)上.

The key point is that the web application (ours) and the AD directory (theirs) are on two totally separate and disconnected networks.

您推薦哪些工具和/或策略來(lái)提供此服務(wù)?

What tools and/or strategies do you recommend to provide this service?

我們的 Web 應(yīng)用程序是 c#/IIS.

Our web application is c#/IIS.

推薦答案

此方案是 Windows Identity Foundation (WIF) 支持的主要方案之一，前提是它們可以將其 AD 公開(kāi)為安全令牌服務(wù) (STS).他們可以使用 ADFS 2 做到這一點(diǎn).一般方法稱為聯(lián)合身份驗(yàn)證.WIF 與 ASP.Net 的集成非常好.

This scenario is one of the main scenarios supported by Windows Identity Foundation (WIF), provided they can expose their AD as a security token service (STS). They can do this using ADFS 2. The general approach is called identity federation. WIF integrates extremely well with ASP.Net.

網(wǎng)上有很多關(guān)于 WIF 和 ADFS 2 聯(lián)合身份驗(yàn)證的文檔.例如，試試 this 以及 WIF SDK 和 Visual Studio 工具的文檔.

There is lots of documentation on the web about WIF and identity federation with ADFS 2. For example, try this and also the documentation for the WIF SDK and Visual Studio tools.

這篇關(guān)于如何使用客戶的(遠(yuǎn)程)活動(dòng)目錄服務(wù)器對(duì)用戶進(jìn)行身份驗(yàn)證的文章就介紹到這了，希望我們推薦的答案對(duì)大家有所幫助，也希望大家多多支持html5模板網(wǎng)！