开发者

Should I use IIS as a trusted proxy to provide ActiveDirectory SSO for a legacy app?

I'm trying to add Active Directory single-sign-on support to an existing SOAP server. Since it is written in C++ using third party transport components, adding AD SSO doesn't appear to be easy.

Therefore I am thinking to require IIS as a trusted reverse-proxy and let it do the Active Directory authentication for the SOAP server. That is, offload all authentication duties to IIS, and just rely on the X-Remote-User HTTP header at the SOAP server. Since the SOAP client is using the WinInet API, all of the authentication is done for us, and this give the SOAP server single-sign-on for free.

client 
    -> IIS (Active Directory authentication) 
        -> SOAP server (with X-Remote-User: USERID header)

This appears that it should be a fairly common problem space, however although I have found a few IIS proxy programs, I thought that this may be something built into IIS.

Is this sort of functionality built into IIS or do I need to build 开发者_运维问答a proxy myself?

Is there a better option than requiring IIS?

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜