I am a small time internet hosted app (SAAS) developer, when I launch I expect most of my customers will authenticate (login) to my application using the standard email + password technique.
However I would like to offer a better single sign-on option for larger customers who will have ready-made communities of potential users of my system. Such communities will often be running Windows desktops that are already authenticated against an in-house corporate Windows domain controller.
I am looking for some option to enhance my web site user authentication process and trust or delegate to the customer's domain authentication. I would be very much the junior partner in any such integration so I doubt a large corporate is going to allow me to run a satellite domain controller hooked to their system. The economics of the SAAS app won't allow for hardware VPN circuits.
The Azure cloud will probably be used to host my SAAS app if that helps clarify the options.
Another option at your disposal is Active Directory Federation Services (ADFS). Take a look at Overview of Active Directory Federation Services (ADFS) in Windows Server 2003 R2
Since you are looking to host this both for small and large customers, I suggest you use Windows Azure ACS (Access Control Service) for your setup.
This allows your application to use any identity provider like facebook, google, live id and yahoo. ACS also will allow federation to Active Directory through ADFS.
Thus, you can give your customers all possible choices and keep your application code the same.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With