Add-WebApplicationProxyApplication
Add-WebApplicationProxyApplication
Publishes a web application through Web 應用程式 Proxy.
語法
Parameter Set: Add0
Add-WebApplicationProxyApplication [-Name] <String> -BackendServerUrl <Uri> -ExternalCertificateThumbprint <String> -ExternalUrl <Uri> [-ADFSRelyingPartyName <String> ] [-AsJob] [-BackendServerAuthenticationSPN <String> ] [-BackendServerCertificateValidation <String> ] [-CimSession <CimSession[]> ] [-ClientCertificateAuthenticationBindingMode <String> ] [-ClientCertificatePreauthenticationThumbprint <String> ] [-DisableHttpOnlyCookieProtection] [-DisableTranslateUrlInRequestHeaders] [-DisableTranslateUrlInResponseHeaders] [-ExternalPreauthentication <String> ] [-InactiveTransactionsTimeoutSec <UInt32> ] [-ThrottleLimit <Int32> ] [-UseOAuthAuthentication] [ <CommonParameters>]
詳細描述
The Add-WebApplicationProxyApplication cmdlet publishes a web application through Web 應用程式 Proxy. Use this cmdlet to specify a name for the web application, and to provide an external address and the address of the backend server. External clients connect to the external address to access the web application hosted by the backend server. The cmdlet checks the external address to verify that no other published web application uses it on any of the proxies in the current Active Directory Federation Services (AD FS) installation.
You can specify the relying party for use with AD FS, the service principal name (SPN) of the backend server, a certificate thumbprint for the external address, the method of pre-authentication, and whether the proxy provides the URL of the federation server to users of Open Authorization (OAuth). You can also specify whether the application proxy validates the certificate from the backend server and verifies whether the certificate that authenticates the federation server authenticates future requests.
The proxy can translate URLs in headers. You can disable translation in either request or response headers, or both.
You can also specify a timeout value for inactive connections.
This cmdlet supports passing multiple WebApplicationProxyApplication objects through the pipeline.
參數
-ADFSRelyingPartyName<String>
Specifies the name of the relying party configured on the AD FS federation server.
別名 |
RPName |
必要? |
false |
位置? |
named |
預設值 |
無 |
接受管線輸入? |
True (ByPropertyName) |
接受萬用字元? |
false |
-AsJob
別名 |
無 |
必要? |
false |
位置? |
named |
預設值 |
無 |
接受管線輸入? |
false |
接受萬用字元? |
false |
-BackendServerAuthenticationSPN<String>
Specifies the service principal name (SPN) of the backend server. Use this parameter if the application that the backend server hosts uses Integrated Windows authentication.
別名 |
SPN |
必要? |
false |
位置? |
named |
預設值 |
無 |
接受管線輸入? |
True (ByPropertyName) |
接受萬用字元? |
false |
-BackendServerCertificateValidation<String>
Specifies whether Web 應用程式 Proxy validates the certificate that the backend server presents with the WAP configuration per application. 此參數接受的值包括:
-- None
-- ValidateCertificate
別名 |
無 |
必要? |
false |
位置? |
named |
預設值 |
None |
接受管線輸入? |
True (ByPropertyName) |
接受萬用字元? |
false |
-BackendServerUrl<Uri>
Specifies the backend address of the web application. Specify by protocol and host name or IP address. Include the trailing slash (/). You can also include a port number and path. The following examples show the form of an address:
-- http://AccountingApp.Contoso.com/
-- http://Mail.Contoso.com/Remote/
-- http://Portal/
別名 |
BackendUrl |
必要? |
true |
位置? |
named |
預設值 |
無 |
接受管線輸入? |
True (ByPropertyName) |
接受萬用字元? |
false |
-CimSession<CimSession[]>
在遠端工作階段或遠端電腦上執行 Cmdlet。輸入電腦名稱或工作階段物件,例如 New-CimSession 或 Get-CimSession Cmdlet 的輸出。預設為本機電腦上的目前工作階段。
別名 |
Session |
必要? |
false |
位置? |
named |
預設值 |
無 |
接受管線輸入? |
false |
接受萬用字元? |
false |
-ClientCertificateAuthenticationBindingMode<String>
If this parameter is set to ValidateCertificate then the browser sends a certificate with each request and validates that the device certificate thumbprint from the certificate is included in the token or the cookie. 此參數接受的值包括:
-- None
-- ValidateCertificate
別名 |
無 |
必要? |
false |
位置? |
named |
預設值 |
None |
接受管線輸入? |
True (ByPropertyName) |
接受萬用字元? |
false |
-ClientCertificatePreauthenticationThumbprint<String>
Specifies the certificate thumbprint, as a string, of the certificate that a client supplies for the preauthentication feature. The thumbprint is 40 hexadecimal characters. This parameter is only relevant when you specify the value of ClientCertificate for the ExternalPreauthentication parameter.
別名 |
無 |
必要? |
false |
位置? |
named |
預設值 |
無 |
接受管線輸入? |
True (ByPropertyName) |
接受萬用字元? |
false |
-DisableTranslateUrlInRequestHeaders
Indicates that Web 應用程式 Proxy does not translate HTTP host headers from public host headers to internal host headers when it forwards the request to the published application.
Specify this parameter if the application uses path-based information.
別名 |
無 |
必要? |
false |
位置? |
named |
預設值 |
無 |
接受管線輸入? |
True (ByPropertyName) |
接受萬用字元? |
false |
-DisableHttpOnlyCookieProtection
Indicates whether to disable the use of the HttpOnly flag when Web 應用程式 Proxy sets the access cookie. The access cookie provides single sign-on access to an application.
Important: by default, HttpOnly is enabled to help ensure network protection. If you disable HttpOnly flag protection, the browser may share this cookie with other components on the client device, such as ActiveX, Java Applets and JavaScript, so they can access this application without the need to perform additional preauthentication
別名 |
無 |
必要? |
false |
位置? |
named |
預設值 |
無 |
接受管線輸入? |
True (ByPropertyName) |
接受萬用字元? |
false |
-DisableTranslateUrlInResponseHeaders
Indicates that Web 應用程式 Proxy does not translate internal host names to public host names in Content-Location, Location, and Set-Cookie response headers in redirect responses.
If the proxy does not translate host names in the Content-Location or Location response headers, subsequent client requests resolve incorrectly. If the proxy does not translate the host name in the Set-Cookie response header, the published web application might not use cookies properly.
別名 |
無 |
必要? |
false |
位置? |
named |
預設值 |
false |
接受管線輸入? |
True (ByPropertyName) |
接受萬用字元? |
false |
-ExternalCertificateThumbprint<String>
Specifies the certificate thumbprint, as a string, of the certificate to use for the address specified by the ExternalUrl parameter. The thumbprint is 40 hexadecimal characters.
The certificate must exist in the Local Computer or Local Personal certificate store. You can use a simple certificate, a subject alternative name (SAN) certificate, or a wildcard certificate.
別名 |
ExternalCert |
必要? |
true |
位置? |
named |
預設值 |
無 |
接受管線輸入? |
True (ByPropertyName) |
接受萬用字元? |
false |
-ExternalPreauthentication<String>
Specifies the pre-authentication method that Web 應用程式 Proxy uses. 此參數接受的值包括:
-- ADFS
-- ClientCertificate
-- PassThrough
別名 |
PreAuthN |
必要? |
false |
位置? |
named |
預設值 |
ADFS |
接受管線輸入? |
True (ByPropertyName) |
接受萬用字元? |
false |
-ExternalUrl<Uri>
Specifies the external address, as a URL, for the web application. Include the trailing slash (/).
別名 |
無 |
必要? |
true |
位置? |
named |
預設值 |
無 |
接受管線輸入? |
True (ByPropertyName) |
接受萬用字元? |
false |
-InactiveTransactionsTimeoutSec<UInt32>
Specifies the length of time, in seconds, until Web 應用程式 Proxy closes incomplete HTTP transactions.
別名 |
無 |
必要? |
false |
位置? |
named |
預設值 |
300 |
接受管線輸入? |
True (ByPropertyName) |
接受萬用字元? |
false |
-Name<String>
Specifies a friendly name for the published web application.
別名 |
FriendlyName |
必要? |
true |
位置? |
1 |
預設值 |
無 |
接受管線輸入? |
True (ByPropertyName) |
接受萬用字元? |
false |
-ThrottleLimit<Int32>
指定為執行此 Cmdlet 可建立的最大同時作業數。如果省略這個參數或輸入 0 的值,則 Windows PowerShell® 會根據在電腦上執行的 CIM Cmdlet 數目,計算 Cmdlet 的最佳節流限制。節流限制僅適用於目前 Cmdlet,不適用於工作階段或電腦。 Do not specify a value for this parameter greater than 1.
別名 |
無 |
必要? |
false |
位置? |
named |
預設值 |
1 |
接受管線輸入? |
false |
接受萬用字元? |
false |
-UseOAuthAuthentication
Indicates that Web 應用程式 Proxy provides the URL of the federation server that performs Open Authorization (OAuth) when users connect to the application by using a Windows Store app.
別名 |
無 |
必要? |
false |
位置? |
named |
預設值 |
false |
接受管線輸入? |
True (ByPropertyName) |
接受萬用字元? |
false |
<CommonParameters>
此 Cmdlet 支援一般參數:-Verbose、-Debug、-ErrorAction、-ErrorVariable、-OutBuffer 與 -OutVariable。如需詳細資訊,請參閱 about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216)。
輸入
輸入類型是您可以使用管線處理方式傳遞給 Cmdlet 的物件類型。
輸出
輸出類型是 Cmdlet 所發出的物件類型。
範例
Example 1: Publish a web application
This command publishes a web application that specifies the value of AD FS for the ExternalPreauthentication parameter.
PS C:\> Add-WebApplicationProxyApplication -Name "Contoso App" -ExternalPreauthentication ADFS -ExternalUrl https://ContosoApp.Contoso.com/ -ExternalCertificateThumbprint "69DF0AB8434060DC869D37BBAEF770ED5DD0C32A" -BackendServerUrl http://ContosoApp:8080/ -ADFSRelyingPartyName "ContosoAppRP"
Example 2: Publish a web application that omits external preauthentication
This command publishes a web application named ContosoApp. The command specifies a backend server URL and an external URL. The application uses pass-through preauthentication.
PS C:\> Add-WebApplicationProxyApplication -Name "ContosoApp" -BackendServerUrl http://ContosoApp/ -ExternalUrl https://ContosoApp.Contoso.com/ -ExternalPreauthentication "PassThrough" -ExternalCertificateThumbprint "D1A657E1A4F276FCC45613C0F6B3BC91AFC4633F"
相關主題
Get-WebApplicationProxyApplication
Remove-WebApplicationProxyApplication
Set-WebApplicationProxyApplication
Web Application Proxy Overview
Publishing Internal Applications using Web Application Proxy