M
michaelr
We are looking to implement Single Sign On (SSO) for our intranet and other
internal applications.
Our plan is to have an ASP.NET “portal page†which will examine the
WindowsIndentity of the IIS-authenticated user, and present links for the
applications that the user has authorization.
In order to minimize custom programming efforts, we would like to leverage
built in Windows functionality for authorization and authentication as much
as possible for both the portal and downstream components and applications.
Our research has led us to the conclusion that using Windows Integrated
Authentication on IIS is the most effective way to authenticate the user. For
application authorization, we may use Active Directory Application Mode
(ADAM) or a custom SQL database.
However, it would be desirable to force the user to enter their credentials
upon initial logon, rather than automatically picking up the network logon.
We are concerned that Basic authentication (with HTTPS) may present
difficulties if our applications are spread across several machines.
Anyone have experience/advice on this?
internal applications.
Our plan is to have an ASP.NET “portal page†which will examine the
WindowsIndentity of the IIS-authenticated user, and present links for the
applications that the user has authorization.
In order to minimize custom programming efforts, we would like to leverage
built in Windows functionality for authorization and authentication as much
as possible for both the portal and downstream components and applications.
Our research has led us to the conclusion that using Windows Integrated
Authentication on IIS is the most effective way to authenticate the user. For
application authorization, we may use Active Directory Application Mode
(ADAM) or a custom SQL database.
However, it would be desirable to force the user to enter their credentials
upon initial logon, rather than automatically picking up the network logon.
We are concerned that Basic authentication (with HTTPS) may present
difficulties if our applications are spread across several machines.
Anyone have experience/advice on this?