Re: Recommended strategy for providing access to web apps via Internet
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 10 May 2007 13:31:08 -0500
I would probably suggest using ADFS as your authentication technology to
provide this kind of access. It gives you a ton of flexibility with
allowing acess to web apps on the public internet to both your own employees
and outside users.
If you need a secondary authentication store for external users, ADAM works
well for this. ADAM also integrates with ADFS nicely, so you can work that
into your solution.
If you need to access an externally hosted application and want to
authenticate using your own identities, ADFS can work quite well for this
too. Your external vendor would also need an ADFS infrastructure and would
need to modify the app to work with ADFS (which may or may not be a big
deal), but this can work. This is actually the primary mechanism our
company uses for integrating identity with external vendor apps.
There is a fair amount to study to get up to speed with ADFS, but MS has
written some decents docs. The Deployment Guide is lengthy, but pretty
thorough.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"David Dixon" <DavidDixon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6289AF49-64C0-4356-9D61-4B3BEB415DB6@xxxxxxxxxxxxxxxx
My organization is beginning to look at providing a segment of the user
population (not employees) access to certain web apps and data. These
users
are not physically in our offices, hence we would need to build a secure
method to allow them to access these resources via the Internet. We also
have
at least one outsourced solution (which provides online discussion
capabilities) that we want to control access to as well (preferably using
AD
authentication). What I mean by control access is that we need to ensure
that
only approved and valid users defined by us (i.e. are in AD) are allowed
to
access it.
That being said, here are my questions:
1) Is it generally a good idea to build an authentication solution that
uses
our internal AD for authentication? Would ADAM be a viable option?
2) For the outsourced scenario, would it be feasible to expect that we
could
provide a link to the outsourced site from a portal and force users to
authenticate through the portal (using our internal AD for authentication)
prior to accessing the outsourced site?
3) I am hearing that the vendor of the outsourced solution is pushing LDAP
as a means to allow us to use our AD accounts for authentication purposes.
I
have heard that generally Microsoft does not recommend using LDAP for
authentication against AD. Is this true and if so, what are the primary
reasons?
I am definitely knowledgeable of the Microsoft Platform and AD, but I am
far
from a guru in this arena. Any feedback on my questions or pointers to
additional info would be greatly appreciated. Thanks!
.
- Follow-Ups:
- Re: Recommended strategy for providing access to web apps via Inte
- From: David Dixon
- Re: Recommended strategy for providing access to web apps via Inte
- Prev by Date: Re: Pushing out a .msi package through GPO problem
- Next by Date: Re: Forest DNSZones and DomainDNSZones in my root Zone DNS
- Previous by thread: Re: How to gain access to local files in a remote desktop session
- Next by thread: Re: Recommended strategy for providing access to web apps via Inte
- Index(es):
Relevant Pages
|
