Our application is built in VB6 and delivered in a SaaS model via Citrix.
Our subscribers must first authenticate to the Citrix Login Portal (AD) which gives them access to their applications. Each application has its own local user repository so except for where we've implemented some single sign on strategies, the user must enter a second layer of credentials.
Now, consider that we intend to replace the Citrix Portal with a Sharepoint Service Portal that will allow us to publish .net content while maintaining a Citrix Web for the legacy applications.
We are developing a Silverlight Application (using RIA Services) that will connect to a SQL Database (where user login and security permissions are contained). We first stubbed out the application using Forms Authetication, however, that lead to a debate regarding our intended deployment model.
To utilize this application, you must have first authenitcated into the Sharepoint site using your windows credentials, so this leads to the argument that the application must be configured for Windows authentication. If you try to deep link into the application without authenticating to the portal, you must be redirected to the portal login page.
What is the best approach for implementing the second layer of authentication into the application? Is there a means to keep using forms based but prevent access to the application if the user didn't first authenticate to the portal?