Extranet access for Windows Azure WEB application proxy Server-adfs
We described earlier, configuring the Federation Service under Windows Azure, Implementing the Vangen Windows Azure active Direcroty service through local Active Direcroty user authentication, after the default action Only in the same internal network can access, then if we want to external access, we need to do, of course, according to the common sense we need to release the corresponding ADFS port, such as 80, 443 and so on. But on the official website The method is that we need to deploy a proxy service separately and then publish the proxy. If we do not deploy ADFS's proxy, we directly release ADFS 80, 443 port theoretically should also be feasible, specifically I did not try, Microsoft is doing this perhaps for security reasons, directly to the corresponding services in the public network is not safe, so borrow proxy to protect, My understanding is this, today, our main introduction is according to the official website, we deploy ADFS proxy (WEB application proxy Server) to complete the corresponding extranet publishing.
Http://technet.microsoft.com/zh-cn/library/dn528859.aspx
We create a new computer for Windows 2012R2. Then install the appropriate service.
650) this.width=650; "title=" clip_image001 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image001" src= "http://s3.51cto.com/wyfs02/M02/58/C5/wKiom1S8W4njpccYAAPtupHcaE0613.jpg" height= "884"/>
1. Installing the WEB application Proxy role service through the user interface
On the WEB application proxy server, in the Server Manager console, in the dashboard , click Add Roles and features.
In the Add Roles and Features Wizard , click next three times to go to the server Role selection screen.
In the Select Server Roles dialog box, select remote Access, and then click Next.
Click "Next" two times.
In the Select Role Services dialog box, select Web Application proxy , click Add features, and then click Next.
In the Confirm Installation Selections dialog box, click Install.
In the Installation Progress dialog box, confirm that the installation was successful, and then click Close.
2. Installing the WEB application Proxy role service through Windows Powershel
The following Windows PowerShell cmdlet performs the same functionality as the previous procedure. Enter one cmdlet per line, even if it is displayed in multiple lines because of formatting constraints that cause them to wrap.
The following Windows PowerShell cmdlet performs the same functionality as the previous procedure. Enter one cmdlet per line, even if it is displayed in multiple lines because of formatting constraints that cause them to wrap.
Install-windowsfeature Web-application-proxy-includemanagementtools
We are here to install the role service through PowerShell
650) this.width=650; "title=" clip_image002 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image002" src= "http://s3.51cto.com/wyfs02/M00/58/C5/wKiom1S8W4mRnA-7AAI6Dwq9g8E659.jpg" height= "595"/>
Role Service Installation Complete
650) this.width=650; "title=" clip_image003 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image003" src= "http://s3.51cto.com/wyfs02/M01/58/C5/wKiom1S8W4qAAOe8AAQPuHeVObc522.jpg" height= "713"/>
After installing the service we recommend rebooting the system
Configuring WEB application proxy through the user interface
1. On the WEB application proxy Server, open the Remote access Management console:RAMgmtUI.exe, and then press Enter. 2. If the User Account Control dialog box appears, verify that the action that appears is the action that you want, and then click Yes.
3. In the Navigation Pane, click Web application proxy.
4. In the middle pane of the Remote Access Management console, click Run Web Application Proxy Configuration Wizard.
5. In the Welcome dialog box of theWeb Application Proxy Configuration Wizard , click Next.
1.650) this.width=650; "title=" clip_image004 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image004" src= "http://s3.51cto.com/wyfs02/M02/58/C5/wKiom1S8W4rBGr0JAAOPokac8Bs604.jpg" height= "861"/>
In the Federation Server dialog box, do the following, and then click Next:
In the Federation Service Name box, enter the fully qualified domain name (FQDN) of the AD FS server, for example, fs.fabrikam.com.
In the user name and password boxes, enter the credentials for the local administrator account on the AD FS server.
650) this.width=650; "title=" clip_image005 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image005" src= "http://s3.51cto.com/wyfs02/M02/58/C2/wKioL1S8XFyyHIFuAAMdQkfa6Co013.jpg" height= "862"/>
In theAD FS Proxy Certificate dialog box, from the list of currently installed certificates on the Web application proxy server, select the certificate that Web application proxy uses to implement the AD FS proxy feature, and then click Next .
Note: We import the certificate for the ADFS export private key in advance to the personal certificate of the Adfs-proxy computer
650) this.width=650; "title=" clip_image006 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image006" src= "http://s3.51cto.com/wyfs02/M01/58/C2/wKioL1S8XF2g-nOWAARksDu6fWQ116.jpg" height= "845"/>
650) this.width=650; "title=" clip_image007 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image007" src= "http://s3.51cto.com/wyfs02/M02/58/C2/wKioL1S8XF3gMZ8LAAKAS0JA9YE871.jpg" height= "814"/>
The certificate you select here should be the certificate that the consumer is the Federation Service name (for example, fs.fabrikam.com).
View the settings in the Confirmation dialog box. If necessary, you can copy the PowerShell cmdlet to automate other installations. Click Configure.
2.650) this.width=650; "title=" clip_image008 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image008" src= "http://s3.51cto.com/wyfs02/M02/58/C5/wKiom1S8W4vCmMRGAAPhssHtSXs998.jpg" height= "868"/>
In the Results dialog box, confirm that the configuration was successful, and then click Close.
650) this.width=650; "title=" clip_image009 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image009" src= "http://s3.51cto.com/wyfs02/M00/58/C2/wKioL1S8XF7gqIRDAAK0MU87vzA834.jpg" height= "857"/>
Click Close to automatically jump to the routing access Management Console.
650) this.width=650; "title=" clip_image010 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image010 "src=" http://s3.51cto.com/wyfs02/M01/58/C2/wKioL1S8XF7CyBkMAANWqkhcMPk869.jpg "height=" 874 "/>
Then we need to publish the server (WEB application proxy Server) 443, 80 in the external network.
This article is from the "Gao Wenrong" blog, make sure to keep this source http://gaowenlong.blog.51cto.com/451336/1605502
Extranet access for Windows Azure WEB application proxy Server-adfs