好吧,好像没有人有兴趣研究这个问题:)。我假设IIS + Node.js + Active Directory是一个很好的例子。
这是我最终解决此问题的方法:
Well, seems like no one is interested in looking at this question :). I'm assuming IIS + Node.js + Active Directory is an edge case.
Here's how I ended up solving this one:
- 向Active Directory添加只能从以下位置登录的特殊用户IIS计算机(奖金:限制该用户的IP /进程/访问)。
- 将AD详细信息,用户名和密码添加到
config.json
文件(请参阅片段)。
确保添加将文件保存到 .gitignore
,这样它就不会在回购中结束。
- 使用 node-ActiveDirectory 首先以步骤1的用户身份登录,然后要求已登录用户的组(请参见代码段)。
- Add a special user to the Active Directory that can only be logged into from the IIS machine (bonus: limit the IP/process/access of that user).
- Add the AD details, user name, and password to
config.json
file (see snippet).
Make sure you add the file to .gitignore
so it won't end up in repo.
- Use node-ActiveDirectory to first sign in as the user from step 1, and then ask for the groups of the logged in user (see snippet).