Client 存取原則宣告 AD FS 中的類型Client access policy claim Types in AD FS

若要提供其他要求操作資訊,Client 存取原則,請使用下列理賠要求類型,負責要求標頭處理資訊的 AD FS。To provide additional request context information, Client Access Policies use the following claim types, which AD FS generates from request header information for processing. 如需詳細資訊請查看的角色宣告引擎的For more information see The role of the claims engine.

X MS-轉送-Client-IPX-MS-Forwarded-Client-IP

宣告類型:Claim type: http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip

此 AD FS 宣告代表「盡量嘗試」,請確實提出要求的使用者 (例如,Outlook client) 的 IP 位址。This AD FS claim represents a “best attempt” at ascertaining the IP address of the user (for example, the Outlook client) making the request. 此宣告可能包含以多個 IP 位址,包括每個 proxy 轉寄要求的位址。This claim can contain multiple IP addresses, including the address of every proxy that forwarded the request. 此宣告會填入 HTTP 標頭目前僅限設定換貨 Online,以 AD FS 傳遞驗證要求時,會填入標頭。This claim is populated from an HTTP header that is currently only set by Exchange Online, which populates the header when passing the authentication request to AD FS. 宣告值可以下列其中一個動作:The value of the claim can be one of the following:

  • 單一 IP 位址直接連接至換貨 Online client 的 IP 位址A single IP address - The IP address of the client that is directly connected to Exchange Online

    ![筆記]Client 公司網路上的 IP 位址會出現外部介面組織的輸出 proxy 或閘道 IP 位址。![Note] The IP address of a client on the corporate network will appear as the external interface IP address of the organization’s outbound proxy or gateway.

  • 一或多個 IP 位址One or more IP addresses

    • 如果換貨 Online 無法判斷連接 client 的 IP 位址,它將會設定 x 轉送的標頭的值為基礎的可以根據 http 包含非標準標頭要求和支援許多戶端、負載平衡器,與市面上的 proxy 的值。If Exchange Online cannot determine the IP address of the connecting client, it will set the value based on the value of the x-forwarded-for header, a non-standard header that can be included in HTTP based requests and is supported by many clients, load balancers, and proxies on the market.
    • 將會以逗號分隔指出 client IP 位址和每個 proxy 傳遞要求的地址多個 IP 位址。Multiple IP addresses indicating the client IP address and the address of each proxy that passed the request will be separated by a comma.

      ![筆記]將不會出現在清單中相關 Exchange Online 基礎結構的 IP 位址。![Note] IP addresses related to Exchange Online infrastructure will not be present in the list.

![警告]換貨 Online 目前支援只 IPV4 位址。不支援 IPV6 位址。![Warning] Exchange Online currently supports only IPV4 addresses; it does not support IPV6 addresses.

X MS-Client 的應用程式X-MS-Client-Application

宣告類型:Claim type: http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application

此 AD FS 宣告代表結束 client,彈性對應至所使用的應用程式使用的通訊協定。This AD FS claim represents the protocol used by the end client, which corresponds loosely to the application being used. 此宣告會填入 HTTP 標頭目前僅限設定換貨 Online,以 AD FS 傳遞驗證要求時,會填入標頭。This claim is populated from an HTTP header that is currently only set by Exchange Online, which populates the header when passing the authentication request to AD FS. 而定,應用程式的此宣告值將下列其中一個動作:Depending on the application, the value of this claim will be one of the following:

  • 如果使用 Exchange 使用同步的裝置的值為 Microsoft.Exchange.ActiveSync。In the case of devices that use Exchange Active Sync, the value is Microsoft.Exchange.ActiveSync.
  • 使用 Microsoft Outlook client 可能會導致任何下列值:Use of the Microsoft Outlook client may result in any of the following values:
    • Microsoft.Exchange.AutodiscoverMicrosoft.Exchange.Autodiscover
    • Microsoft.Exchange.OfflineAddressBookMicrosoft.Exchange.OfflineAddressBook
    • Microsoft.Exchange.RPCMicrosoft.Exchange.RPC
    • Microsoft.Exchange.WebServicesMicrosoft.Exchange.WebServices
    • Microsoft.Exchange.MapiMicrosoft.Exchange.Mapi
  • 下列其他此標頭可能的值:Other possible values for this header include the following:
    • Microsoft.Exchange.PowershellMicrosoft.Exchange.Powershell
    • Microsoft.Exchange.SMTPMicrosoft.Exchange.SMTP
    • Microsoft.Exchange.PopImapMicrosoft.Exchange.PopImap
    • Microsoft.Exchange.PopMicrosoft.Exchange.Pop
    • Microsoft.Exchange.ImapMicrosoft.Exchange.Imap

X-MS-Client-使用者代理程式X-MS-Client-User-Agent

宣告類型:Claim type: http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent

此 AD FS 理賠要求提供代表 client 存取服務使用的裝置類型的字串。This AD FS claim provides a string to represent the device type that the client is using to access the service. 這可以針對想要避免存取特定裝置 (例如智慧型手機的特定類型) 時使用。This can be used when customers would like to prevent access for certain devices (such as particular types of smart phones). 此宣告會填入 HTTP 標頭目前僅限設定換貨 Online,以 AD FS 傳遞驗證要求時,會填入標頭。This claim is populated from an HTTP header that is currently only set by Exchange Online, which populates the header when passing the authentication request to AD FS. 此宣告值範例包括 (但不是限於) 下列值。Example values for this claim include (but are not limited to) the values below.

![筆記]以下是範例 x ms-使用者代理值可能會包含對其 x ms-client 的應用程式是 「 Microsoft.Exchange.ActiveSync 「 client![Note] The below are examples of what the x-ms-user-agent value might contain for a client whose x-ms-client-application is “Microsoft.Exchange.ActiveSync”

  • 1.0 漩渦日Vortex/1.0
  • 蘋果-iPad1C1 日 812.1Apple-iPad1C1/812.1
  • 蘋果-iPhone3C1 日 811.2Apple-iPhone3C1/811.2
  • 蘋果-iPhone 日 704.11Apple-iPhone/704.11
  • Moto-DROID2/4.5.1Moto-DROID2/4.5.1
  • 100.202 SAMSUNGSPHD700 日SAMSUNGSPHD700/100.202
  • Android 0.3 日Android/0.3

![筆記]它也可是空的這個值。![Note] It is also possible that this value is empty.

X-MS-ProxyX-MS-Proxy

宣告類型:Claim type: http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy

此 AD FS 宣告指示要求已經通過聯盟 proxy 伺服器。This AD FS claim indicates that the request has passed through the federation server proxy. 此宣告後端服務聯盟傳遞驗證要求時,會填入標頭聯盟伺服器 proxy 會填入。This claim is populated by the federation server proxy, which populates the header when passing the authentication request to the back end Federation Service. AD FS 再將它轉換為理賠要求。AD FS then converts it to a claim.

宣告的值為傳遞要求聯盟伺服器 proxy 的 DNS 名稱。The value of the claim is the DNS name of the federation server proxy that passed the request.

X MS-端點-絕對值-路徑 (作用中與被動式)X-MS-Endpoint-Absolute-Path (Active vs Passive)

宣告類型:Claim type: http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path

此宣告類型可用來判斷來自從 「 作用中的 「 (進階) 與 「 被動式 」 (web-瀏覽器為基礎) 戶端要求。This claim type can be used for determining requests originating from “active” (rich) clients versus “passive” (web-browser-based) clients. 這可讓外部瀏覽器為基礎的應用程式例如 Outlook Web Access、 SharePoint Online 或 Office 365 入口網站時,會被封鎖來自從豐富例如 Microsoft Outlook 要求允許要求。This enables external requests from browser-based applications such as the Outlook Web Access, SharePoint Online, or the Office 365 portal to be allowed while requests originating from rich clients such as Microsoft Outlook are blocked.

宣告的值為收到要求 AD FS 服務的名稱。The value of the claim is the name of the AD FS service that received the request.