授权给adfs读取ad 在ad服务器上运行 - setspn 命令 -摘自网络
Because the application pool identity for the AD FS 2.0 AppPool is running as a domain user/service account, you must configure the Service Principal Name (SPN) for that account in the domain with the Setspn.exe command-line tool. Setspn.exe is installed by default on computers running Windows Server 2008. Run the following command on a computer that is joined to the same domain where the user/service account resides:
setspn -a host/<server name> <service account>
For example, in a scenario in which all federation servers are clustered under the Domain Name System (DNS) host name fs.fabrikam.com and the service account name that is assigned to the AD FS 2.0 AppPool is named adfs2farm, type the command as follows, and then press ENTER:
setspn -a host/fs.fabrikam.com adfs2farm
It is necessary to complete this task only once for this account.
-
After the AD FS 2.0 AppPool identity is changed to the service account, set the access control lists (ACLs) on the SQL Server database to allow Read access to this new account so that the AD FS 2.0 AppPool can read the policy data.
http://technet.microsoft.com/en-us/library/dd807078(WS.10).aspx
· 10年+ .NET Coder 心语,封装的思维:从隐藏、稳定开始理解其本质意义
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 【译】Visual Studio 中新的强大生产力特性
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构
· 字符编码:从基础到乱码解决