Geek asks and answers

How to integrate AD + SSO authentication with an existing forms authenticated web application

We are running a Saas ASP.NET 3.5 web application using authentication on an open IIS 7.5 server with secure content for thousands of users. We also have some subqueries that run ASP.NET MVC 2.

User names and passwords are stored in our database, and each user has attached roles and groups with rights and access rights.

Now we were also asked to facilitate simple SSO login through Active Directory so that users do not have to enter a username and passwords twice to log in. These users will be created from different networks and domains.

No user "synchronization" should be performed from our servers on LDAP. We are not sure that any connection with LDAP is necessary, since all users will be created in our system and supported there. Form authentication will be used for most of our users.

From now on, we are not sure which is the best choice. As for our scenario, what would be the “best way”?

+5
source share
2 answers

The simple answer is SAML. This is considered “best practice,” and many major SAAS providers support it.

SAML . , . , ( , , ..) . .

.NET . , SAML (ComponentSpace ) ASP.NET. , Windows Identify Framework (WIF). WIF http://www.cloudidentity.com/blog/2010/06/23/ALL-WILL-BE-REVEALED-7-HOURS-RECORDINGS-FROM-THE-WIF-WORKSHOPS/. IdentityServer http://thinktecture.imtqy.com/

, , . , URL- . , , , . , IP- ( IP- , ). spoofing, , HTTP-.

, , , , .

+5

ADFS 2.0, AD: http://msdn.microsoft.com/en-us/magazine/ee335705.aspx

, , , , - .

+1

More articles:


All Articles