简体繁体 English

是否可以从Azure托管的应用程序访问本地AD实例？

[英]Is it possible to access an on-premises AD instance from an Azure-hosted app?

原文 2018-05-04 00:49:03 6 1 c#/ azure/ active-directory/ asp.net-core-mvc

I am currently maintaining a web application hosted on a server within the building, and it uses data retrieved from the Active Directory domain on the network. 我目前正在维护建筑物内服务器上托管的Web应用程序，它使用从网络上Active Directory域检索的数据。

The app uses libraries such as System.DirectoryServices.AccountManagement to access AD, and it works great. 该应用程序使用诸如System.DirectoryServices.AccountManagement库来访问AD，并且运行良好。

However, we also have an Azure instance with AAD which syncs with the on-prem AD, and so eventually we want to move this application to an Azure app service. 但是，我们还有一个具有AAD的Azure实例，该实例与本地AD同步，因此最终我们希望将此应用程序移至Azure应用程序服务。

However, the domain AD is not visible after publishing the app to Azure. 但是，将应用程序发布到Azure之后，域AD不可见。 Is there a way to connect to this using the "classic" C# AD libraries? 有没有一种方法可以使用“经典” C＃AD库进行连接？ Or does the entire app need to be rewritten to use AAD/MS Graph API? 还是需要重写整个应用程序才能使用AAD / MS Graph API？

The 2 main reasons why I want to achieve this: 我要实现这一目标的2个主要原因：

Currently the app employs some AD calls/functions which have not been implemented in the Graph API 目前，该应用程序使用了一些尚未在Graph API中实现的AD调用/功能
It would be easier if we didn't have to re-write the entire app just to change hosts 如果我们不必为了更改主机而重新编写整个应用程序，那会更容易

Please let me know if I can provide any other details which might be useful. 请让我知道是否可以提供其他有用的信息。

1 个解决方案

the domain AD is not visible after publishing the app to Azure 将应用发布到Azure之后，域AD不可见

Sounds like a firewall issue. 听起来像是防火墙问题。 I assume you're getting "The server is not operational" type of errors? 我假设您收到“服务器无法运行”类型的错误？ You'll have to ask your network folks to open up the way for your domain to be accessible from Azure. 您必须要求网络人员打开从Azure访问域的方式。

These are the TCP ports that AD uses. 这些是AD使用的TCP端口。 Some or all will need to be allowed, depending on what you need: 根据您的需求，将需要允许部分或全部：