ESO Authentication on IIS for PHP and .NET applications (Shibboleth / SAML / WiF ...)

Question

I just wondered if you could answer a question regarding authentication in an enterprise's intranet. We are currently setting up a server for intranet publishing which of course needs protection via an enterprise single sign on.

Unfortunately we are stuck with an IIS server as we need to run both PHP and .NET applications. The main app is programmed in PHP, but we have to feature some jQuery included widgets that rely on ASPX handlers.

The company offers all types of authentication. We've already successfully protected the server with Shibboleth (using SAML 2.0). It shows the ESO screen to login and then redirects to our server with a logged-in session. Unfortunately the widgets that are referring to the ASPX handlers don't authenticate correctly.

I've never done authentication / SAML / WiF / anything, so please excuse my question:

What would be the most promising way for authentication with our setup (IIS featuren PHP and ASPX apps)? Should we stick to SAML and Shibboleth or should we use WiF / WS Federation / Windows Authentication?

Is it possible to support both PHP and ASPX with one authentication method?

Thanks for a response! Nik

Answer 1

I don't know much about single sign in but check The DOTNET class

The DOTNET class allows you to instantiate a class from a .Net assembly and call its methods and access its properties.

$obj = new DOTNET("assembly", "classname")

So you can keep authentication @ single library of DOT NET to support both PHP and ASPX with one authentication method.

<?php
 $stack = new DOTNET("mscorlib", "System.Collections.Stack");
 $stack->Push(".Net");
 $stack->Push("Hello ");
 echo $stack->Pop() . $stack->Pop();
?>

See also Best way to call .NET classes from PHP?