[英]Existing .net web application needs to change authentication
I inherited an existing .net web application.我继承了现有的 .net Web 应用程序。 It is an external website that is used by external users and internal users.
它是一个供外部用户和内部用户使用的外部网站。 To login/authenticate internal users, it uses LDAP authentication.
为了登录/验证内部用户,它使用 LDAP 验证。 External users goes to a different DB.
外部用户转到不同的数据库。
My IT department wants to change the way internal users login.我的 IT 部门想要改变内部用户登录的方式。 They do not want to allow an external server to be able to access the AD using LDAP.
他们不想让外部服务器能够使用 LDAP 访问 AD。 Is there a more secure method to access the AD from an external server?
是否有更安全的方法从外部服务器访问 AD? Or is that not recommended at all?
或者根本不推荐这样做?
Also, is the design of the login flawed?另外,登录的设计有缺陷吗? Should internal and external users be logging in the same way?
内部和外部用户是否应该以相同的方式登录? What is considered best practice for logging in users?
登录用户的最佳实践是什么?
You could use ADFS (Active Directory Federation Services) for this.您可以为此使用 ADFS(Active Directory 联合服务)。
This will require you to install an ADFS server inside of your network (so it can contact the AD).这将要求您在网络内安装 ADFS 服务器(以便它可以联系 AD)。
The ADFS Server contains a web based STS (Security Token Service) to allow web pages to login using an AD account. ADFS 服务器包含基于 Web 的 STS(安全令牌服务),以允许网页使用 AD 帐户登录。
Basicly in a nutshell it will work as following:简而言之,它的工作原理如下:
For information to set this up in an ASP.NET application you could refer to the following url: http://blogs.msdn.com/b/alextch/archive/2011/06/27/building-a-test-claims-aware-asp-net-application-and-integrating-it-with-adfs-2-0-security-token-service-sts.aspx有关在 ASP.NET 应用程序中进行设置的信息,您可以参考以下 URL: http : //blogs.msdn.com/b/alextch/archive/2011/06/27/building-a-test-claims-意识到asp-net-application-and-integrating-it-with-adfs-2-0-security-token-service-sts.aspx
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.