First off--thanks for having a look.
首先,谢谢你的关注。
MY QUESTION
我的问题
In a .NET web app, is using Windows Authentication for a extra-net on a WAN consisting of various users, companies, user-agents, etc a bad idea?
在。net web应用程序中,在一个由各种用户、公司、用户代理等组成的广域网上使用Windows身份验证是一个坏主意吗?
BACKGROUND
背景
I am lead dev on a fast track (very fast) web application for an extra-net that will allow the client's vendors, suppliers, partners, etc to log on and push and pull certain assets such as image files, videos, flash files, etc.
我是专为一个超网络的快速(非常快速)web应用程序的开发负责人,该应用程序将允许客户的供应商、供应商、合作伙伴等登录并推拉某些资产,如图像文件、视频、flash文件等。
PLATFORM/TECHNOLOGY
平台/技术
Asp.Net 4.0, C#, MVC3
Asp。Net 4.0,c#,MVC3
PROBLEM (Maybe)
问题(也许)
The client's IT department has requested that the app use Windows Authentication to authenticate users. One of the reasons for this (they say) is that the assets that will be pushed/pulled by users reside on a third-party server (Signiant) which already uses credentials form their active directory to authenticate users.
客户的IT部门要求应用程序使用Windows身份验证对用户进行身份验证。其中一个原因(他们说)是用户将推/拉的资产位于第三方服务器(能指)上,该服务器已经使用活动目录中的凭证对用户进行身份验证。
MY VIEW
我的观点
Windows Authentication is going to cause a bunch of headaches. Viewed as a stack, this app will sit on top of the third-party server. So if we use Forms authentication, we can just populate a data table with windows credentials for each user and pass those to Signiant's servers with our requests (you have to do this anyway). If possible, we can even make an LDAP call for the creds on the fly and then pass those to Signiant's servers.
Windows身份验证将带来一系列麻烦。作为堆栈,这个应用程序将位于第三方服务器的顶部。因此,如果我们使用表单身份验证,我们只需为每个用户填充一个带有windows凭据的数据表,并使用我们的请求将这些凭证传递给能指的服务器(无论如何,您必须这样做)。如果可能的话,我们甚至可以动态地对cred进行LDAP调用,然后将这些调用传递给所指的服务器。
It just seems to me that simple functionality such as "lost password" would be come extremely difficult if we are doing the Windows Auth thing. But, full disclosure, I have never built an Asp.Net app using Windows Authentication so what do I know??
在我看来,像“丢失密码”这样的简单功能,如果我们使用Windows Auth,就会变得极其困难。但是,坦白地说,我从来没有建立过Asp。Net应用使用Windows认证,我知道什么?
Thanks!
谢谢!
Matt
马特
UPDATE 8/12/11
更新8/12/11
I still don't have an answer as to whether you should do this, but the client is adamant that it must be this way. The app is supposed to be turned over in a month so I will come back and let any followers of this topic know my findings.
我还不知道你是否应该这样做,但是客户坚持一定要这样做。这个应用程序应该在一个月后被移交,所以我会回来让这个话题的任何追随者知道我的发现。
1 个解决方案
#1
2
ASP.NET has built in support for doing AD Authentication using Forms Authentication, including password recovery.
ASP。NET支持使用表单身份验证(包括密码恢复)进行AD身份验证。
See: http://msdn.microsoft.com/en-us/library/ff650308.aspx
参见:http://msdn.microsoft.com/en-us/library/ff650308.aspx
#1
2
ASP.NET has built in support for doing AD Authentication using Forms Authentication, including password recovery.
ASP。NET支持使用表单身份验证(包括密码恢复)进行AD身份验证。
See: http://msdn.microsoft.com/en-us/library/ff650308.aspx
参见:http://msdn.microsoft.com/en-us/library/ff650308.aspx