堆栈内存溢出
  简体   繁体   English

使用内部部署ADFS STS在ASP.NET应用程序和Office365之间单点登录

[英]Single sign on between ASP.NET app and Office365 with on-premise ADFS STS

 原文  2012-03-06 12:25:48       asp.net/ wif/ adfs2.0/ office365

问题描述

I'm building an ASP.NET web app that authenticates users with Windows Identity Foundation. 我正在构建一个ASP.NET Web应用程序,使用Windows Identity Foundation对用户进行身份验证。

The organization has an on-premise ADFS STS. 该组织有一个内部部署ADFS STS。 Their Office365 authenticates through Microsoft Federation Gateway with the on-premise STS. 他们的Office365通过Microsoft Federation Gateway与内部部署STS进行身份验证。 The new web app will also authenticate against the on-premise STS with WIF. 新的Web应用程序还将针对带有WIF的内部部署STS进行身份验证。

Can I establish silent single sign on between the new app and the Office365 environment? 我可以在新应用程序和Office365环境之间建立静默单一登录吗? So the user will not have to log into Office365 once he is logged into the web app and vice versa. 因此,用户登录Web应用程序后无需登录Office365,反之亦然。

1 个解决方案

解决方案1
 5 已采纳  2012-03-06 22:55:33

Yes, you should be able to accomplish this by federating your ASP.NET application with Office365 directly. 是的,您应该可以通过直接将ASP.NET应用程序与Office365联合来实现此目的。 As you probably already know, typically the way this works is you have Office365 synced to on prem AD, and you have a trust set up with the on-prem ADFS server. 您可能已经知道,通常它的工作方式是将Office 365同步到AD上,并且您可以使用本地ADFS服务器设置信任。 When you're signing in to your web application the user gets redirected to Office365 to type in their UPN (typically the email address). 当您登录Web应用程序时,用户会被重定向到Office365以输入他们的UPN(通常是电子邮件地址)。 Office365 uses that to figure out which on-prem ADFS server to redirect you to. Office365使用它来确定要将您重定向到哪个本地ADFS服务器。

If you're logging on from within the domain, you get authenticated right away via windows integrated auth. 如果您从域中登录,则可以通过windows integrated auth立即进行身份验证。 ADFS will redirect you back to Office365 to establish a session, and Office365 will log you in to the application itself. ADFS会将您重定向回Office365以建立会话,Office365将使您登录到应用程序本身。 If you're outside of the domain, you'll need an ADFS external proxy set up. 如果您不在域中,则需要设置ADFS外部代理。 There, instead of windows integrated auth, this special ADFS proxy will prompt the user for corporate credentials, and then redirect back to Office365 in the same way as before. 在那里,这个特殊的ADFS代理将提示用户输入公司凭据,然后以与以前相同的方式重定向回Office365,而不是Windows集成的身份验证。

Here's a nice whitepaper that explains all of this in more detail: 这是一篇很好的白皮书,它更详细地解释了所有这些:

http://www.microsoft.com/download/en/details.aspx?id=28971 http://www.microsoft.com/download/en/details.aspx?id=28971

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Office365应用的Asp.Net身份验证 - Asp.Net Identity authentication with Office365 app 从Office 365单一登录到Asp.Net网站 - Single sign on from office 365 to Asp.Net website 在Asp.Net中使用Office365 SMTP时出错 - Error while using Office365 SMTP in Asp.Net ASP.NET Identity是否可以与没有ADFS的本地Active Directory一起使用? - Does ASP.NET Identity work with an on-premise Active Directory without ADFS? 具有 Asp.Net 会员资格的 ADFS 单点登录 - ADFS Single Sign-On With Asp.Net Membership 没有Active Directory的来自ASP.NET应用程序的Office365 SSO - Office365 SSO from ASP.NET application with no Active Directory 使用ASP.NET C#Web应用程序使用Office365打开文档 - open document with office365 using ASP.NET C# web application 如何在 asp.net C# 中使用启用双重身份验证的 office365 email 帐户发送 email? - How to send email using two factor authentication enabled office365 email account in asp.net C#? DotNetNuke,经典ASP应用程序,ASP.NET应用程序之间的单点登录 - Single Sign 0n between DotNetNuke, Classic ASP app, ASP.NET app 在同一ASP.NET网站中进行表单身份验证和联合身份验证(单点登录+ ADFS 2.0 + SAML) - Forms authentication and Federation Authentication(Single Sign On + ADFS 2.0 + SAML) in Same ASP.NET Website
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM