[英]Windows Authentication SSO in ASP.NET Remote Web Application
There is a requirement to implement Single Sign On (SSO) in our website so that users accessing it from the intranet won't have to type in their credentials. 要求在我们的网站上实现单点登录(SSO) ,以便从Intranet访问它的用户不必输入其凭据。
The problem here is that the website is going to be hosted on the internet, on a remote server. 这里的问题是该网站将托管在Internet上的远程服务器上。
Is there some way this can be done? 有什么办法可以做到吗?
--EDIT-- - 编辑 -
I looked at following link: 我看了以下链接:
http://en.wikipedia.org/wiki/Active_Directory_Federation_Services http://en.wikipedia.org/wiki/Active_Directory_Federation_Services
And the example scenario that is mentioned in there is exactly what we require. 上面提到的示例场景正是我们所需要的。
There is an Active Directory Domain Controller that is used to authenticate users in the intranet. 有一个Active Directory域控制器 ,用于对Intranet中的用户进行身份验证。
Once the user logs into the machine, and opens up the remote website, the website should somehow verify that the user is already logged into the intranet using AD credentials and automatically allow access to the website. 用户登录到计算机并打开远程网站后,该网站应以某种方式验证用户是否已使用AD凭据登录到Intranet,并自动允许访问该网站。
Also, the website is supposed to be getting a Security Token that can be used to authenticate the user. 同样,该网站应该获得一个可用于验证用户身份的安全令牌 。
Of course, for example, Microsoft's way of doing that for connecting Office365 to your Intranet is called Active Directory Federation Services . 当然,例如,Microsoft将Office365连接到您的Intranet的方式称为Active Directory联合身份验证服务 。
It is (as most single sign on solutions) not entirely straight forward, and it assumes a domain on your intranet, but since Office365 uses it, it is and will most likely continue to be well supported in the future. 它(作为大多数单一登录解决方案)并不完全简单,并且假定您的Intranet上有一个域,但是由于Office365使用它,因此将来很可能会继续为它提供良好的支持。
It's just a matter of integrating your web app with the authentication provider that you are using for SSO. 只需将您的Web应用程序与用于SSO的身份验证提供程序集成在一起即可。 The details are going to vary dramatically if your using OAuth vs. Shibboleth vs. ADFS vs. etc, so there really isn't enough information in your question to give a helpful answer. 如果您使用OAuth,Shibboleth,ADFS和其他内容,则细节将发生巨大变化,因此问题中确实没有足够的信息来提供有用的答案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.