Common code base for Active Directory and Form Authentication websites RRS feed

  • Question

  • I host a website with forms authentication that a client requested that I convert to Active Directory for installing inside their firewalls.  The website has a SQL server DB and stores documents for items in the database in folders within the Website folders (I am not using Sharepoint YET). I also have a Windows client Web Services application that connects to the SQL DB and uploads documents and this web services app also used on a Windows app on a Tablet for collecting data in the field.  There are no challenges with the Windows Apps, but now I am spending far too much time applying updates to both my hosted and the AD site to keep updates available in both locations.   I should have investigated this before starting the migration, but I now know how necessary these changes are if possible.   Is there a good guide for utilizing common code for both an AD and a hostedforms website.  Would there be any advantage to swithcing to PAssport authentication on my hosted website to simplify compatibility?

    Tuesday, July 23, 2013 4:07 PM

All replies

  • A couple of things spring to mind. There is an AD update xml mechanism (I forget the name) that you can subscribe to change events to keep your items in sync. But I would take a look at Identity Server/ADFS if all you are worried about is the security aspect of your solutions; http://msdn.microsoft.com/en-us/magazine/cc163520.aspx


    Sunday, July 28, 2013 7:46 AM
  • Thanks Paul for your response.  I looked over the ADFS document on the link you provided, and it looks very interesting.  My hosted version of the site has a database where we manually maintain the user listing, so this sounds appealing but each company with users on my site would have a slightly different source of 'home realm discovery' to provide the login credentials for each of their users.  

    I also searched for 'AD update xml mechanism' and did not find anything.  Can you expand on how this update mechanism might function or suggest a link with information on it?

    Sunday, July 28, 2013 8:48 PM
  • Sunday, July 28, 2013 9:24 PM
  • Thankks paul,

    We are exploring all options, and an article on codeguru for 'ASP.NET mixed mode authentication' by Quin Street is giving us some ideas. (I cant include links in my posts yet)

    in the example  'they would like their intranet users to be able to seamlessly logon on to the system (windows integrated authentication) and make authorization decisions based on their domain  roles, as well as be able to have external parties log onto the system using standard forms authentication. 

    'In ASP.Net, you cannot have a single application with different modes of authentication. For this to work we will need to have 2 applications, or in IIS terms, 2 virtual directories. These act as 2 different entry points to the same application. One is a very simple application that uses windows integrated authentication, the other is the complete/main application using forms authentication. The windows authorisation site exists only for the purposes of extracting an intranet users roles and passing them to the forms authentication site.'

    We think that this might allow us to use the same code base on both sites, with just the windows authorization site added on the intranet version of the site.

    Tuesday, July 30, 2013 2:35 PM
  • Sounds plausible, although I've worked on a single site that mixes both. The key is to intercept the authentication call yourself and pass it on to the relevant underlying provider. E.g. http://pauliom.com/2009/02/08/are-you-sure-you-want-to-create-your-own-custom-membership-provider/


    Tuesday, July 30, 2013 3:51 PM