允许非域用户查询Active Directory
[英]Allowing non domain user to query Active Directory
问题描述
Our developers have recently built a new internal 'image viewer' application for our staff to use. 
我们的开发人员最近建立了一个新的内部“图像查看器”应用程序,供我们的员工使用。 The image viewer runs as a website and uses Active Directory to authenticate the user and control what type of images that user is allowed to view. 图像查看器作为网站运行,并使用Active Directory验证用户身份并控制允许用户查看的图像类型。
I have this setup and working fine by running the website as an impersonated domain user. 我具有此设置,并且可以通过以模拟的域用户身份运行网站来正常工作。 The problem I now face is that all the images are held on a non-domain share. 我现在面临的问题是所有图像都保存在非域共享中。 How can I access this share using the domain user? 如何使用域用户访问此共享? The share is on a Novell Netware 6.5 server. 共享位于Novell Netware 6.5服务器上。
Alternatively I can run the website as a non-domain user and connect to the Netware server to retrieve the images, but then I am unable to query Active Directory. 或者,我可以以非域用户身份运行网站并连接到Netware服务器以检索图像,但随后我无法查询Active Directory。
Can I allow a non-domain user access to query AD? 我可以允许非域用户访问AD吗? I don't wish to allow anonymous queries on my domain controllers. 我不希望在我的域控制器上允许匿名查询。
1 个解决方案
解决方案1
0 2013-02-01 21:52:12
No, a non-domain user cannot query Active Directory unless you configure your domain to allow anonymous queries . 否,除非您将域配置为允许匿名查询,否则非域用户无法查询Active Directory。
Depending on how everything is setup in the web application, you may be able to insert some code to switch security contexts and impersonate a domain user at the point where the query happens. 根据Web应用程序中所有内容的设置方式,您可能可以插入一些代码来切换安全上下文,并在查询发生时模拟域用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.