I have an asp.net MVC Intranet web application that uses windows authentication. On our development environment the asp.net MVC and the active directory were on the same machine, so users were authenticated against the AD by default. Currently on the staging server we have the following:-
我有一个使用Windows身份验证的asp.net MVC Intranet Web应用程序。在我们的开发环境中,asp.net MVC和活动目录位于同一台机器上,因此默认情况下用户通过AD进行身份验证。目前在登台服务器上,我们有以下内容: -
- Our AD is on a remote server and on a different domain.
- I can only lo-gin to the asp.net MVC using the staging admin it is installed under.
我们的AD位于远程服务器和不同的域上。
我只能使用安装在它下面的登台管理员来使用asp.net MVC。
So my question is how I can force asp.net MVC web application, to authenticate users on the remote server where the AD is installed, instead on the AD where the asp.net mvc is installed under? Thanks
所以我的问题是如何强制asp.net MVC Web应用程序,在安装AD的远程服务器上对用户进行身份验证,而不是在安装了asp.net mvc的AD上进行身份验证?谢谢
1 个解决方案
#1
0
If you start with the Big Picture premise that your Dev, Stage, QA, Stress and Production environments are all separate environments that have separate AD domains then I would strongly recommend the following solution: Create Different users for each environment in each of the domains. Do not try to do a cross domain authentication or an ADFS solution just for Stage, QA, Stress.
如果您从Big Picture前提开始,您的Dev,Stage,QA,Stress和Production环境都是具有单独AD域的独立环境,那么我强烈建议您使用以下解决方案:为每个域中的每个环境创建不同的用户。不要尝试仅针对Stage,QA,Stress执行跨域身份验证或ADFS解决方案。
You want the design to be like production and if you are not using cross domain auth or ADFS in production then do not use cross domain in QA, Stage, Stress either. So in your situation I would create unique users in each of the AD environments (script them with PowerShell possibly).
您希望设计与生产类似,如果您未在生产中使用跨域auth或ADFS,则不要在QA,Stage,Stress中使用跨域。因此,在您的情况下,我会在每个AD环境中创建唯一用户(可能使用PowerShell编写脚本)。
Final Thought, Do you really need separate AD for each QA or Stage environment? If the main AD had 3 groups called “MyAppStage”, “MyAppDev”, and “MyAppProd” could you accomplish what you are trying to do without using separate AD environments?
最后的想法,对于每个QA或舞台环境,您真的需要单独的AD吗?如果主AD有3个组称为“MyAppStage”,“MyAppDev”和“MyAppProd”,您可以在不使用单独的AD环境的情况下完成您尝试做的事情吗?
#1
0
If you start with the Big Picture premise that your Dev, Stage, QA, Stress and Production environments are all separate environments that have separate AD domains then I would strongly recommend the following solution: Create Different users for each environment in each of the domains. Do not try to do a cross domain authentication or an ADFS solution just for Stage, QA, Stress.
如果您从Big Picture前提开始,您的Dev,Stage,QA,Stress和Production环境都是具有单独AD域的独立环境,那么我强烈建议您使用以下解决方案:为每个域中的每个环境创建不同的用户。不要尝试仅针对Stage,QA,Stress执行跨域身份验证或ADFS解决方案。
You want the design to be like production and if you are not using cross domain auth or ADFS in production then do not use cross domain in QA, Stage, Stress either. So in your situation I would create unique users in each of the AD environments (script them with PowerShell possibly).
您希望设计与生产类似,如果您未在生产中使用跨域auth或ADFS,则不要在QA,Stage,Stress中使用跨域。因此,在您的情况下,我会在每个AD环境中创建唯一用户(可能使用PowerShell编写脚本)。
Final Thought, Do you really need separate AD for each QA or Stage environment? If the main AD had 3 groups called “MyAppStage”, “MyAppDev”, and “MyAppProd” could you accomplish what you are trying to do without using separate AD environments?
最后的想法,对于每个QA或舞台环境,您真的需要单独的AD吗?如果主AD有3个组称为“MyAppStage”,“MyAppDev”和“MyAppProd”,您可以在不使用单独的AD环境的情况下完成您尝试做的事情吗?