I have a client. They will login their window by using the account in Active Directory and they want to create a web that authenticate user automatically using their current window account (i.e. Single sign on the web) by using Window Authenication in Asp.net.
As their company is quite big, therefore, their structure of Active directory is quite complex.
The following is the illustration (the below showed only a simplified version):
ABC.com
|-------- XX.ABC.com
|-------- YY.ABC.com
|-------- ZZ.ABC.com
They have a root domain called ABC.com and there are several subdom开发者_Go百科ains under it.
The IIS server is placed under "XX.ABC.com". I believe that all users under this domain have no problem for single sign on.
However, could those user in YY.ABC.com and ZZ.ABC.com be logged in the site using the AD account?
if not, then
if the server is moved to the root domain (i.e. ABC.com), could users in all subdomains(i.e. XX.ABC.com, YY.ABC.com and ZZ.ABC.com) be logged in the site?
Howver, client said that "moving the server to root domain will cause timeout problem because it may need to go through all subdomains to search for a single user". Is it true?
Is there any method that can keep the server in XX.ABC.com but still can authenicate YY.ABC.com and ZZ.ABC.com?
You can leave the server in the XX domain. Clients in YY and ZZ may (probably) need to have *.xx.abc.com added to their Local Intranet zone in IE.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论