locked
Authenticate against AD instead of FBA RRS feed

  • Question

  • User-1091584831 posted

    Hi,

    I have an asp.net (4.0) web application that uses Forms Based
    Authentication. All users are required to login to access the system. All of
    the pages including the login page use SSL. Usernames and password are stored in a sql server DB.

    I am getting requests from clients that want to skip the
    login page and instead authenticate against Active Directory or LDAP. So when
    they are logged into their computer at work they can launch a browser and
    navigate straight to the homepage of my app skipping the login page entirely.

    The web app does not exist in their domain, it is external
    to all clients.

    I have been doing some investigation into single sign on as
    well as authenticating against AD, but can't seem to find what I'm looking for.

    Can someone point me in the right direction on how to handle
    this?

    Thanks.

    Wednesday, December 28, 2011 1:55 PM

All replies

  • User-451260051 posted

    This post offers a solution, but it does require some upfront work on the users side:

    http://www.olegsych.com/2009/05/crossing-domain-boundaries-windows-authentication/

    Friday, December 30, 2011 1:30 PM
  • User-8475372 posted

    Hi,

    Create a method for querying users from active directory, and set the authentication method to windows in the IIS. 

    http://code-gate.blogspot.com/p/adldap.html . This will help you.

    Tuesday, January 3, 2012 3:27 AM
  • User-1091584831 posted

    Srikanth, if I set authentication to windows in IIS that will break authentication for any other user still wanting to authenticate via the application login.

    Not all clients want to authenticate from active directory, just some are requesting the functionality.

     

    Tuesday, January 3, 2012 1:37 PM
  • User-1091584831 posted

    Thanks tehremo,

    I was able to get that working in a test environment.

    Unfortunately we have a lot of users who are on Macs, so I don't think this solution will work for them.

    Any other suggestions?

     

    Thanks!

    Wednesday, January 4, 2012 1:52 PM