Add-WebApplicationProxyApplication
Add-WebApplicationProxyApplication
Publishes a web application through Web 应用程序代理.
语法
Parameter Set: Add0
Add-WebApplicationProxyApplication [-Name] <String> -BackendServerUrl <Uri> -ExternalCertificateThumbprint <String> -ExternalUrl <Uri> [-ADFSRelyingPartyName <String> ] [-AsJob] [-BackendServerAuthenticationSPN <String> ] [-BackendServerCertificateValidation <String> ] [-CimSession <CimSession[]> ] [-ClientCertificateAuthenticationBindingMode <String> ] [-ClientCertificatePreauthenticationThumbprint <String> ] [-DisableHttpOnlyCookieProtection] [-DisableTranslateUrlInRequestHeaders] [-DisableTranslateUrlInResponseHeaders] [-ExternalPreauthentication <String> ] [-InactiveTransactionsTimeoutSec <UInt32> ] [-ThrottleLimit <Int32> ] [-UseOAuthAuthentication] [ <CommonParameters>]
详细说明
The Add-WebApplicationProxyApplication cmdlet publishes a web application through Web 应用程序代理. Use this cmdlet to specify a name for the web application, and to provide an external address and the address of the backend server. External clients connect to the external address to access the web application hosted by the backend server. The cmdlet checks the external address to verify that no other published web application uses it on any of the proxies in the current Active Directory 联合身份验证服务 (AD FS) installation.
You can specify the relying party for use with AD FS, the service principal name (SPN) of the backend server, a certificate thumbprint for the external address, the method of pre-authentication, and whether the proxy provides the URL of the federation server to users of Open Authorization (OAuth). You can also specify whether the application proxy validates the certificate from the backend server and verifies whether the certificate that authenticates the federation server authenticates future requests.
The proxy can translate URLs in headers. You can disable translation in either request or response headers, or both.
You can also specify a timeout value for inactive connections.
This cmdlet supports passing multiple WebApplicationProxyApplication objects through the pipeline.
参数
-ADFSRelyingPartyName<String>
Specifies the name of the relying party configured on the AD FS federation server.
别名 |
RPName |
是否为必需? |
false |
位置? |
named |
默认值 |
无 |
是否接受管道输入? |
True (ByPropertyName) |
是否接受通配符? |
false |
-AsJob
别名 |
无 |
是否为必需? |
false |
位置? |
named |
默认值 |
无 |
是否接受管道输入? |
false |
是否接受通配符? |
false |
-BackendServerAuthenticationSPN<String>
Specifies the service principal name (SPN) of the backend server. Use this parameter if the application that the backend server hosts uses Integrated Windows authentication.
别名 |
SPN |
是否为必需? |
false |
位置? |
named |
默认值 |
无 |
是否接受管道输入? |
True (ByPropertyName) |
是否接受通配符? |
false |
-BackendServerCertificateValidation<String>
Specifies whether Web 应用程序代理 validates the certificate that the backend server presents with the WAP configuration per application. 此参数可接受的值如下:
-- None
-- ValidateCertificate
别名 |
无 |
是否为必需? |
false |
位置? |
named |
默认值 |
None |
是否接受管道输入? |
True (ByPropertyName) |
是否接受通配符? |
false |
-BackendServerUrl<Uri>
Specifies the backend address of the web application. Specify by protocol and host name or IP address. Include the trailing slash (/). You can also include a port number and path. The following examples show the form of an address:
-- http://AccountingApp.Contoso.com/
-- http://Mail.Contoso.com/Remote/
-- http://Portal/
别名 |
BackendUrl |
是否为必需? |
true |
位置? |
named |
默认值 |
无 |
是否接受管道输入? |
True (ByPropertyName) |
是否接受通配符? |
false |
-CimSession<CimSession[]>
在远程会话中或在远程计算机上运行 cmdlet。输入计算机名称或会话对象,例如 New-CimSession 或 Get-CimSession cmdlet 的输出。默认为本地计算机上的当前会话。
别名 |
Session |
是否为必需? |
false |
位置? |
named |
默认值 |
无 |
是否接受管道输入? |
false |
是否接受通配符? |
false |
-ClientCertificateAuthenticationBindingMode<String>
If this parameter is set to ValidateCertificate then the browser sends a certificate with each request and validates that the device certificate thumbprint from the certificate is included in the token or the cookie. 此参数可接受的值如下:
-- None
-- ValidateCertificate
别名 |
无 |
是否为必需? |
false |
位置? |
named |
默认值 |
None |
是否接受管道输入? |
True (ByPropertyName) |
是否接受通配符? |
false |
-ClientCertificatePreauthenticationThumbprint<String>
Specifies the certificate thumbprint, as a string, of the certificate that a client supplies for the preauthentication feature. The thumbprint is 40 hexadecimal characters. This parameter is only relevant when you specify the value of ClientCertificate for the ExternalPreauthentication parameter.
别名 |
无 |
是否为必需? |
false |
位置? |
named |
默认值 |
无 |
是否接受管道输入? |
True (ByPropertyName) |
是否接受通配符? |
false |
-DisableTranslateUrlInRequestHeaders
Indicates that Web 应用程序代理 does not translate HTTP host headers from public host headers to internal host headers when it forwards the request to the published application.
Specify this parameter if the application uses path-based information.
别名 |
无 |
是否为必需? |
false |
位置? |
named |
默认值 |
无 |
是否接受管道输入? |
True (ByPropertyName) |
是否接受通配符? |
false |
-DisableHttpOnlyCookieProtection
Indicates whether to disable the use of the HttpOnly flag when Web 应用程序代理 sets the access cookie. The access cookie provides single sign-on access to an application.
Important: by default, HttpOnly is enabled to help ensure network protection. If you disable HttpOnly flag protection, the browser may share this cookie with other components on the client device, such as ActiveX, Java Applets and JavaScript, so they can access this application without the need to perform additional preauthentication
别名 |
无 |
是否为必需? |
false |
位置? |
named |
默认值 |
无 |
是否接受管道输入? |
True (ByPropertyName) |
是否接受通配符? |
false |
-DisableTranslateUrlInResponseHeaders
Indicates that Web 应用程序代理 does not translate internal host names to public host names in Content-Location, Location, and Set-Cookie response headers in redirect responses.
If the proxy does not translate host names in the Content-Location or Location response headers, subsequent client requests resolve incorrectly. If the proxy does not translate the host name in the Set-Cookie response header, the published web application might not use cookies properly.
别名 |
无 |
是否为必需? |
false |
位置? |
named |
默认值 |
false |
是否接受管道输入? |
True (ByPropertyName) |
是否接受通配符? |
false |
-ExternalCertificateThumbprint<String>
Specifies the certificate thumbprint, as a string, of the certificate to use for the address specified by the ExternalUrl parameter. The thumbprint is 40 hexadecimal characters.
The certificate must exist in the Local Computer or Local Personal certificate store. You can use a simple certificate, a subject alternative name (SAN) certificate, or a wildcard certificate.
别名 |
ExternalCert |
是否为必需? |
true |
位置? |
named |
默认值 |
无 |
是否接受管道输入? |
True (ByPropertyName) |
是否接受通配符? |
false |
-ExternalPreauthentication<String>
Specifies the pre-authentication method that Web 应用程序代理 uses. 此参数可接受的值如下:
-- ADFS
-- ClientCertificate
-- PassThrough
别名 |
PreAuthN |
是否为必需? |
false |
位置? |
named |
默认值 |
ADFS |
是否接受管道输入? |
True (ByPropertyName) |
是否接受通配符? |
false |
-ExternalUrl<Uri>
Specifies the external address, as a URL, for the web application. Include the trailing slash (/).
别名 |
无 |
是否为必需? |
true |
位置? |
named |
默认值 |
无 |
是否接受管道输入? |
True (ByPropertyName) |
是否接受通配符? |
false |
-InactiveTransactionsTimeoutSec<UInt32>
Specifies the length of time, in seconds, until Web 应用程序代理 closes incomplete HTTP transactions.
别名 |
无 |
是否为必需? |
false |
位置? |
named |
默认值 |
300 |
是否接受管道输入? |
True (ByPropertyName) |
是否接受通配符? |
false |
-Name<String>
Specifies a friendly name for the published web application.
别名 |
FriendlyName |
是否为必需? |
true |
位置? |
1 |
默认值 |
无 |
是否接受管道输入? |
True (ByPropertyName) |
是否接受通配符? |
false |
-ThrottleLimit<Int32>
指定可建立的用于运行此 cmdlet 的并发操作的最大数目。如果省略了此参数或输入了值 0,那么 Windows PowerShell® 将基于正在计算机上运行的 CIM cmdlet 的数目,计算 cmdlet 的最佳中止值。中止值仅适用于当前 cmdlet,而不适用于会话或计算机。 Do not specify a value for this parameter greater than 1.
别名 |
无 |
是否为必需? |
false |
位置? |
named |
默认值 |
1 |
是否接受管道输入? |
false |
是否接受通配符? |
false |
-UseOAuthAuthentication
Indicates that Web 应用程序代理 provides the URL of the federation server that performs Open Authorization (OAuth) when users connect to the application by using a Windows Store app.
别名 |
无 |
是否为必需? |
false |
位置? |
named |
默认值 |
false |
是否接受管道输入? |
True (ByPropertyName) |
是否接受通配符? |
false |
<CommonParameters>
此 cmdlet 支持通用参数:-Verbose、-Debug、-ErrorAction、-ErrorVariable、-OutBuffer 和 -OutVariable。有关详细信息,请参阅 about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
输入
输入类型是指可通过管道传送给 cmdlet 的对象的类型。
输出
输出类型是 cmdlet 所发出对象的类型。
示例
Example 1: Publish a web application
This command publishes a web application that specifies the value of AD FS for the ExternalPreauthentication parameter.
PS C:\> Add-WebApplicationProxyApplication -Name "Contoso App" -ExternalPreauthentication ADFS -ExternalUrl https://ContosoApp.Contoso.com/ -ExternalCertificateThumbprint "69DF0AB8434060DC869D37BBAEF770ED5DD0C32A" -BackendServerUrl http://ContosoApp:8080/ -ADFSRelyingPartyName "ContosoAppRP"
Example 2: Publish a web application that omits external preauthentication
This command publishes a web application named ContosoApp. The command specifies a backend server URL and an external URL. The application uses pass-through preauthentication.
PS C:\> Add-WebApplicationProxyApplication -Name "ContosoApp" -BackendServerUrl http://ContosoApp/ -ExternalUrl https://ContosoApp.Contoso.com/ -ExternalPreauthentication "PassThrough" -ExternalCertificateThumbprint "D1A657E1A4F276FCC45613C0F6B3BC91AFC4633F"
相关主题
Get-WebApplicationProxyApplication
Remove-WebApplicationProxyApplication
Set-WebApplicationProxyApplication
Web Application Proxy Overview
Publishing Internal Applications using Web Application Proxy