需要打开哪些端口才能从域外的IIS Web服务器上的asp.net站点向AD服务器进行身份验证?
[英]What ports need to be open to authenticate to an AD server from an asp.net site on IIS web server outside the domain?
问题描述
I am starting a project for a website that needs to use windows authentication in IIS to an active directory domain. 
我正在为一个需要在IIS中使用Windows身份验证到活动目录域的网站启动项目。 The web server however, is not on the domain. 但是,Web服务器不在域上。 It is on a separate hosting facility and during development will be on our premises. 它位于一个单独的托管设施,在开发期间将在我们的场所。 Are there specific ports on a firewall that need to be open to make that work? 防火墙上是否需要打开特定端口才能使其正常工作? Do we need a DNS or host entry to the domain server? 我们是否需要域服务器的DNS或主机条目? Or is it completely impossible? 还是完全不可能?
Barring that, can I use System.DirectoryServices to authenticate and find out what groups the user is in across the network, from our development web servers and the client's web server on the DMZ to the domain server? 除此之外,我可以使用System.DirectoryServices进行身份验证,并从我们的开发Web服务器和DMZ上的客户端Web服务器到域服务器查找用户在网络中的组织吗?
1 个解决方案
解决方案1
2 已采纳 2012-03-06 23:54:31
Microsoft Knowledge Base article 179442 tells you the ports you need to establish a security channel across a firewall. Microsoft知识库文章179442告诉您跨防火墙建立安全通道所需的端口。
(Note: I'm not actually sure you can achieve Windows authentication without having the web server be a member of a domain. It could be a stand-alone domain with a suitable trust relationship to the client domain though.) (注意:我不确定您可以在没有Web服务器成为域成员的情况下实现Windows身份验证。它可能是一个独立的域,但与客户端域具有适当的信任关系。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.