Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Integrate Windows domain authentication with an external web site

I am a small time internet hosted app (SAAS) developer, when I launch I expect most of my customers will authenticate (login) to my application using the standard email + password technique.

However I would like to offer a better single sign-on option for larger customers who will have ready-made communities of potential users of my system. Such communities will often be running Windows desktops that are already authenticated against an in-house corporate Windows domain controller.

I am looking for some option to enhance my web site user authentication process and trust or delegate to the customer's domain authentication. I would be very much the junior partner in any such integration so I doubt a large corporate is going to allow me to run a satellite domain controller hooked to their system. The economics of the SAAS app won't allow for hardware VPN circuits.

The Azure cloud will probably be used to host my SAAS app if that helps clarify the options.

like image 953
camelCase Avatar asked Oct 27 '22 00:10

camelCase


2 Answers

Another option at your disposal is Active Directory Federation Services (ADFS). Take a look at Overview of Active Directory Federation Services (ADFS) in Windows Server 2003 R2

like image 81
Chetan Avatar answered Nov 09 '22 13:11

Chetan


Since you are looking to host this both for small and large customers, I suggest you use Windows Azure ACS (Access Control Service) for your setup.

This allows your application to use any identity provider like facebook, google, live id and yahoo. ACS also will allow federation to Active Directory through ADFS.

Thus, you can give your customers all possible choices and keep your application code the same.

like image 20
Frode Stenstrøm Avatar answered Nov 09 '22 12:11

Frode Stenstrøm