Re: Using Active Directory for Centralized Authentication
- From: joshuahatten@xxxxxxxxx
- Date: 31 Jul 2006 13:25:00 -0700
Thanks for the reply Joe. We may have several applications pointing to
LDAP and it's unlikely we'll use ASP.net or IIS. It will mostly be
JAVA with an iPlanet back end. I do not want to add an unreasonable
load to my Windows DCs for this traffic. I'd like to see some scaling
or best practice documents from MS (or someone else) showing what you
may need to use AD as your centralized authoriatative directory.
Since AD is our most reliable and accurate repository of user
information, I'd like to see it at the center of our organization for
proxy, application, security and other types of auth traffic.
I'm just concerned about using this as our centralized solution as
opposed to open LDAP or another LDAP solution.
Thanks,
Josh
Joe Kaplan (MVP - ADSI) wrote:
Yes, lots and lots of people do this. In fact, this all "just works" if you
put your web servers into the domain and use the built in authentication
features in IIS. ASP.NET makes it very easy to leverage your groups
directly in your web applications.
If you don't want to use the built-in features in IIS to get this, .NET 2.0
comes with a new membership and role provider things that plug in to AD and
allow you to do forms authentication against AD. There are tons of
documents on MSDN about this kind of stuff.
If you aren't using ASP.NET, you can still do this, but the docs will vary
based on the web platform you are using.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<joshuahatten@xxxxxxxxx> wrote in message
news:1154038885.143693.324070@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I'd like to have our internal developers begin using Active Directory
for security within their applications. This would simplify user
management by allowing users to have the same un/pw on 20 different
applications. My thought is that we would use LDAP to directly query
AD, return authentication and group information to the web app which
will then allow or deny access and set permissions (based on what info
is returned).
A few questions:
1. Has anyone done this?
2. If so, do you have any documentation or recommendations on scaling,
design, setup?
Thank you,
J
.
- Follow-Ups:
- Re: Using Active Directory for Centralized Authentication
- From: Joe Kaplan \(MVP - ADSI\)
- Re: Using Active Directory for Centralized Authentication
- References:
- Using Active Directory for Centralized Authentication
- From: joshuahatten
- Re: Using Active Directory for Centralized Authentication
- From: Joe Kaplan \(MVP - ADSI\)
- Using Active Directory for Centralized Authentication
- Prev by Date: Re: Oh.... I'm just wondering who's seen this stumper...
- Next by Date: Re: Custom MMC/Taskpad issues
- Previous by thread: Re: Using Active Directory for Centralized Authentication
- Next by thread: Re: Using Active Directory for Centralized Authentication
- Index(es):
Relevant Pages
|
