Re: Using Active Directory for Centralized Authentication

From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 27 Jul 2006 20:50:26 -0500

Yes, lots and lots of people do this. In fact, this all "just works" if you
put your web servers into the domain and use the built in authentication
features in IIS. ASP.NET makes it very easy to leverage your groups
directly in your web applications.

If you don't want to use the built-in features in IIS to get this, .NET 2.0
comes with a new membership and role provider things that plug in to AD and
allow you to do forms authentication against AD. There are tons of
documents on MSDN about this kind of stuff.

If you aren't using ASP.NET, you can still do this, but the docs will vary
based on the web platform you are using.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<joshuahatten@xxxxxxxxx> wrote in message
news:1154038885.143693.324070@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I'd like to have our internal developers begin using Active Directory
for security within their applications. This would simplify user
management by allowing users to have the same un/pw on 20 different
applications. My thought is that we would use LDAP to directly query
AD, return authentication and group information to the web app which
will then allow or deny access and set permissions (based on what info
is returned).

A few questions:
1. Has anyone done this?
2. If so, do you have any documentation or recommendations on scaling,
design, setup?

Thank you,
J

Follow-Ups:
- Re: Using Active Directory for Centralized Authentication
  - From: joshuahatten

References:
- Using Active Directory for Centralized Authentication
  - From: joshuahatten

Prev by Date: Re: Joining a Domain.
Next by Date: Re: Any way to create a query based security group
Previous by thread: Using Active Directory for Centralized Authentication
Next by thread: Re: Using Active Directory for Centralized Authentication
Index(es):
- Date
- Thread

Relevant Pages

Re: Login Security for Intranet/Internet application
... a standard intranet app. ... However, you may also want to support IWA authentication for internal users, ... if the application depends on Windows security ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
(microsoft.public.dotnet.framework.aspnet.security)
RE: FormsAuthentication ReturnUrl - need it to be Absolute
... I understand you have multiple ASP.NET applications ... which are using forms authentication to protect the application. ... the forms authentication cookie across multiple applications, ... If the forms authentication cross site support doesn't suit your scenario. ...
(microsoft.public.dotnet.framework.aspnet)
Re: form authentication and webservices
... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... We will be using Windows Authentication on the Web Services side (same ... Dominick Baier ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Active Directory authorization
... AD should be fine as a source for authentication for your web service. ... The easiest way to use AD for authentication is to just use the transport layer authentication schemes built in to IIS. ... For app level authorization, I'd suggest checking out Microsoft's Authorization Manager framework. ... every applications. ...
(microsoft.public.windows.server.active_directory)
Re: Domain registration requirement in federated web sso with fore
... Thanks a lot Joe for this useful information. ... We have some applications, written in non microsoft languages like Java, ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... internet, then the DNS entries for the resources will need to be ...
(microsoft.public.windows.server.active_directory)