Sync Web portal Store retrieve Data ADAM Authentication

验证: 解决方案 Sync Web portal Store / retrieve Data ADAM Authentication Server Web Client Rich Client Infrastructure Active Directory

鉴权：Authorization Manager authorization Az Man Web portal ADAM Bob Mary (User) (Admin) Authentication 用使议建 Server 基于角色的鉴权基于查询的组保证业务灵活性应用程序设计时定义角色策略 Az. Man Infrastructure Directory

鉴权：Az. Man: Windows Server 2003, Windows 2000 (需下载) 高可伸缩性的角色和策略存储： AD / ADAM Policy definition script: Set App = Az. Man. Store. Create. Application(“Asset. Tracker") App. Create. Operation(“View. Rpt") Set Task=App. Create. Task(“View Report") Task 1. Add. Operation CStr(“View. Rpt")

鉴权：实现 Authorization Manager '------- at application boot -Az. Pol. Initialize 0, “msldap: //Server: port/CN=My. Store, DC=… App = Az. Store. Open. Application(“Asset. Tracker") '------- at client Connect -Context = App. Initialize. Client. Context. From. Name '------- on request -Context. Access. Check(“View. Rpt", Scope, Operations, Names, Values) Context. Get. Roles () 满足需求一致的角色映射，可在多个应用间重用角色分配可由管理员指定，未硬编码入应用

鉴权：解决方案 Sync Auth. Z Az Man Web portal App Data ADAM Server Web Client Rich Client Authentication Infrastructure Active Directory

身份存储: 活动目录 Sync Web portal LDAP ADAM App partition Client Server AD Infrastructure Active Directory 用于企业范围内的身份及配置数据 ADAM 用于应用范围内的身份及配置数据

身份存储: 实现 Managed code: System. Directory. Services : 较高层次的接口，易用 System. Directory. Services. Protocols : 提供较低层的LDAP访问，适用于高性能的应用 ADO. NET : 部分功能 Native code: Active Directory Service Interfaces (ADSI) LDAP Win 32 API set for C and C+

身份存储: 解决方案 Sync Web portal Store/ Retrieve Data Az Man App Data ADAM Authentication Server Web Client Rich Client Infrastructure Active Directory

生命周期管理：解决方案 ADAMSync <configuration> <security-mode>object</security-mode> <source-ad-partition>DC=contoso, DC=com</source-ad-partition> <target-dn>dc=contoso, dc=com</target-dn> <query> <base-dn>dc=contoso, dc=com</base-dn> <object-filter>(samaccountname=xxxx)</object-filter> <attributes> <include></include> <exclude>reports</exclude> </attributes> </query> </configuration> 满足需求： ADAM与AD之间的同步简单且易于维护

生命周期管理：解决方案 ADAM Sync Web portal Store/ Retrieve Data Az Man App Data ADAM Server Web Client Rich Client Authentication Infrastructure Active Directory

应用需求访问控制验证： Windows Integrated 鉴权： Authorization Manager 身份存储用户凭证(credentials)及配置信息(profile data)： AD & ADAM 对身份数据生命周期的管理: ADAMSync

资源 AD Portal: http: //microsoft. com/ad ADAM portal: http: //microsoft. com/adam MIIS Portal: http: //microsoft. com/miis Identity Management Portal: http: //www. microsoft. com/idm Solution Accelerator for Identity and Access Management: http: //www. microsoft. com/technet/security/topics/ide ntitymanagement/idmanage/default. mspx Identity Management Solution Technologies: http: //www. microsoft. com/windowsserversystem/over view/benefits/access/tech. mspx