{"id":11454,"date":"2025-01-12T14:00:44","date_gmt":"2025-01-12T05:00:44","guid":{"rendered":"https:\/\/chat-messenger.com\/?p=11454"},"modified":"2026-03-12T10:42:36","modified_gmt":"2026-03-12T01:42:36","slug":"iis-sso","status":"publish","type":"post","link":"https:\/\/chat-messenger.com\/vi\/thu-cong\/camserver\/toi-dang-o-day","title":{"rendered":"SSO s\u1eed d\u1ee5ng X\u00e1c th\u1ef1c Windows t\u00edch h\u1ee3p IIS"},"content":{"rendered":"

\u65b0\u3057\u304f\u5c0e\u5165\u3059\u308b\u74b0\u5883\u3067\u306f\u4ee5\u4e0b\u3092\u3054\u5229\u7528\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n

\t\t\t
\n\t\t\t\t
\n\t\t\t\t\tH\u1ed9i th\u1ea3o tr\u00ean web Tr\u00f2 chuy\u1ec7n & Messenger<\/span>\n\t\t\t\t\t
\"\"<\/figure><\/div>\t\t\t\t\t
\n\t\t\t\t\t\t\u7d71\u5408Windows\u8a8d\u8a3c\u3067\u306eSSO | Web\u4f1a\u8b70\u306e Chat&Messenger<\/a>\n\t\t\t\t\t\t\u6982\u8981 Windows\u8a8d\u8a3c\u3092\u5229\u7528\u3059\u308b\u3053\u3068\u3067\u3001\u30e6\u30fc\u30b6\u30fc\u304cWindows\u306b\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u3044\u308b\u8a8d\u8a3c\u60c5\u5831\u3092\u5229\u7528\u3057\u3001\u8ffd\u52a0\u30ed\u30b0\u30a4\u30f3\u306a\u3057\u3067 CAMServer \u3078\u81ea\u52d5\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u3059\u3002 \u4ee5\u4e0b\u65b9\u5f0f\u306e\u3088\u3046\u306b II…<\/span>\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\n\n

T\u1ed5ng quan v\u1ec1 x\u00e1c th\u1ef1c Windows t\u00edch h\u1ee3p<\/h2>\n\n\n\n

X\u00e1c th\u1ef1c Windows t\u00edch h\u1ee3p (IWA) l\u00e0 c\u01a1 ch\u1ebf t\u1ef1 \u0111\u1ed9ng cung c\u1ea5p th\u00f4ng tin x\u00e1c th\u1ef1c ng\u01b0\u1eddi d\u00f9ng cho IIS khi IIS v\u00e0 ng\u01b0\u1eddi d\u00f9ng \u0111\u0103ng nh\u1eadp v\u00e0o c\u00f9ng m\u1ed9t mi\u1ec1n. Khi b\u1ea1n t\u1ea1o m\u1ed9t trang web b\u1eb1ng ASP.NET C#, b\u1ea1n c\u00f3 th\u1ec3 nh\u1eadn \u0111\u01b0\u1ee3c x\u00e1c \u0111\u1ecbnh x\u00e1c th\u1ef1c ng\u01b0\u1eddi d\u00f9ng v\u00e0 th\u00f4ng tin ng\u01b0\u1eddi d\u00f9ng \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c.<\/p>\n\n\n\n

\u0110i\u1ec1u n\u00e0y cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng truy c\u1eadp c\u00e1c \u1ee9ng d\u1ee5ng web \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef (ho\u1eb7c li\u00ean k\u1ebft) b\u1edfi IIS m\u00e0 kh\u00f4ng c\u1ea7n thao t\u00e1c \u0111\u0103ng nh\u1eadp b\u1ed5 sung v\u00e0 cho ph\u00e9p t\u00edch h\u1ee3p SSO v\u1edbi c\u00e1c m\u00e1y ch\u1ee7 \u1ee9ng d\u1ee5ng kh\u00e1c. <\/p>\n\n\n\n

\n
\n

*N\u1ebfu b\u1ea1n kh\u00f4ng tham gia v\u00e0o c\u00f9ng m\u1ed9t mi\u1ec1n ho\u1eb7c n\u1ebfu ng\u01b0\u1eddi d\u00f9ng ch\u01b0a \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c truy c\u1eadp v\u00e0o trang IIS, v\u00f2ng quay \u0111\u0103ng nh\u1eadp s\u1ebd \u0111\u01b0\u1ee3c hi\u1ec3n th\u1ecb v\u00e0 n\u1ebfu b\u1ea1n kh\u00f4ng x\u00e1c th\u1ef1c ch\u00ednh x\u00e1c, L\u1ed7i HTTP 401.1 - Kh\u00f4ng \u0111\u01b0\u1ee3c ph\u00e9p s\u1ebd x\u1ea3y ra.<\/p>\n<\/div>\n\n\n\n

\n
\"\"<\/figure>\n<\/div>\n<\/div>\n\n\n\n

Lu\u1ed3ng SSO (\u0110\u0103ng nh\u1eadp m\u1ed9t l\u1ea7n)<\/h2>\n\n\n\n

G\u00f3i Ultimate c\u1ee7a Chat&Messenger t\u1ea1i ch\u1ed7 cho ph\u00e9p SSO v\u1edbi x\u00e1c th\u1ef1c Windows t\u00edch h\u1ee3p. Lu\u1ed3ng SSO nh\u01b0 sau.<\/p>\n\n\n\n

\n
\n
  1. Tr\u01b0\u1edbc ti\u00ean, kh\u00e1ch h\u00e0ng truy c\u1eadp v\u00e0o trang x\u00e1c th\u1ef1c Windows t\u00edch h\u1ee3p \/cam-iissso<\/li>
  2. Trang \/cam-iissso s\u1eed d\u1ee5ng ASP.NET \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh xem n\u00f3 c\u00f3 \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c hay kh\u00f4ng v\u00e0 li\u00ean k\u1ebft \u0111\u1ebfn CAMServer.<\/li>
  3. CAMServer th\u1ef1c hi\u1ec7n t\u00ecm ki\u1ebfm LDAP \u0111\u1ec3 x\u00e1c nh\u1eadn r\u1eb1ng \u0111\u00f3 l\u00e0 ng\u01b0\u1eddi d\u00f9ng AD th\u00f4ng th\u01b0\u1eddng, t\u1ea1o ssoToken (gi\u00e1 tr\u1ecb ng\u1eabu nhi\u00ean duy nh\u1ea5t t\u1eeb 30 byte tr\u1edf l\u00ean) v\u00e0 URL \u0111\u1ec3 truy c\u1eadp CAMServer, \u0111\u1ed3ng th\u1eddi y\u00eau c\u1ea7u chuy\u1ec3n h\u01b0\u1edbng.<\/li>
  4. Truy c\u1eadp CAMServer v\u00e0 x\u00e1c th\u1ef1c b\u1eb1ng ssoToken. N\u1ebfu x\u00e1c th\u1ef1c th\u00e0nh c\u00f4ng, ID phi\u00ean \u0111\u1ec3 truy c\u1eadp API s\u1ebd \u0111\u01b0\u1ee3c ch\u1ec9 \u0111\u1ecbnh.<\/li><\/ol>\n<\/div>\n\n\n\n
    \n
    \"\"<\/figure>\n<\/div>\n<\/div>\n\n\n\n

    ID ng\u01b0\u1eddi d\u00f9ng c\u1ee7a ng\u01b0\u1eddi d\u00f9ng s\u1ebd s\u1eed d\u1ee5ng SSO ph\u1ea3i kh\u1edbp v\u1edbi UserPrincipalName trong Active Directory v\u00e0 ph\u1ea3i \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd tr\u01b0\u1edbc trong Chat&Messenger. UserPrincipalName l\u00e0 T\u00f4i mu\u1ed1n l\u1ea5y danh s\u00e1ch ng\u01b0\u1eddi d\u00f9ng Active Directory v\u00e0 t\u1ea1o CSV.<\/a> Vui l\u00f2ng tham kh\u1ea3o th\u00eam th\u00f4ng tin sau.<\/p>\n\n\n\n

    Y\u00eau c\u1ea7u \u0111\u1ec3 \u0111\u1ea1t \u0111\u01b0\u1ee3c SSO<\/h2>\n\n\n\n

    Tham gia Windows Server v\u00e0o Domain<\/h3>\n\n\n\n

    Vui l\u00f2ng k\u1ebft n\u1ed1i Windows Server ch\u1ea1y CAMServer\/IIS v\u00e0o mi\u1ec1n Active Directory.<\/p>\n\n\n\n

    \u0110\u1ec3 ki\u1ec3m tra t\u00ean mi\u1ec1n m\u00e0 Windows Server hi\u1ec7n t\u1ea1i \u0111ang tham gia, h\u00e3y v\u00e0o "Tr\u00ecnh qu\u1ea3n l\u00fd m\u00e1y ch\u1ee7" \u2192 nh\u1ea5p v\u00e0o "M\u00e1y ch\u1ee7 c\u1ee5c b\u1ed9" tr\u00ean menu b\u00ean tr\u00e1i \u2192 nh\u1ea5p v\u00e0o "T\u00ean m\u00e1y t\u00ednh" v\u00e0 tham kh\u1ea3o c\u1ed9t T\u00ean mi\u1ec1n.<\/p>\n\n\n\n

    Ngo\u00e0i ra, IIS ph\u1ea3i n\u1eb1m tr\u00ean c\u00f9ng m\u1ed9t m\u00e1y ch\u1ee7 v\u1edbi CAMServer v\u00e0 ch\u1ea1y tr\u00ean c\u1ed5ng 80. N\u1ebfu b\u1ea1n \u0111\u1eb7t LoadBalancer tr\u01b0\u1edbc CAMServer, CAMServer s\u1ebd ch\u1ea1y tr\u00ean c\u1ed5ng 8080, do \u0111\u00f3 IIS c\u0169ng c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng c\u1ed5ng 443.<\/p>\n\n\n\n

    C\u00e0i \u0111\u1eb7t IIS<\/h3>\n\n\n\n
    \n
    \n

    \u30b5\u30fc\u30d0\u306e\u5f79\u5272\u304b\u3089IIS\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u304f\u3060\u3055\u3044\u3002IIS\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u6642\u306b\u3001\u5f79\u5272\u30b5\u30fc\u30d3\u30b9\u306e\u9078\u629e\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u4ee5\u4e0b\u30c1\u30a7\u30c3\u30af\u3092\u884c\u3046\u3002<\/p>\n\n\n\n