问题
Background
We are transitioning to Claims-Based auth in our app (on .NET 4.5) We currently have authentication via Asp.net membership & domain auth working correctly.
The domain portion looks like this (generalized a little):
var context = new PrincipalContext(ContextType.Domain, ADDomainName);
return context.ValidateCredentials(username, password);
Problem / Goal
Sometimes we (or some consultants we use) are on a VPN connection using machines that can see our domain servers, but that aren't members of our domain.
It would be a great help to test the app from a machine that isn't on the domain, rather than having to fire up a machine that is on the domain in order to check.
Question
Is there a way to perform domain authentication against a domain controller from a machine that isn't on the domain? I haven't been able to find any research on it thus far.
回答1:
You can use LDAP authentication and specify credentials from your code:
using(var context = new PrincipalContext(ContextType.Domain, "mydomain", @"mydomain\serviceAcct", "serviceAcctPass"))
{
//Username and password for authentication.
return context.ValidateCredentials(username, password);
}
Or, run your authenticating server under runas /netonly, which lets you run with domain network credentials from a workgroup joined computer
rem if your server is standalone
runas /netonly /user:mydomain\consultantaccount C:\dev\sts\ipsts.exe
rem or you can have it in IIS Express:
runas /netonly /user:mydomain\consultantaccount "iisexpress /path:c:\dev\sts\ /port:9090 /clr:v2.0"
I will note that I have not actually checked whether /netonly will work in this context, so if you end up trying it, I'd be interested to hear if it worked.
来源:https://stackoverflow.com/questions/22058645/authenticate-against-a-domain-using-a-specific-machine