I am developing a web based intranet for my company. I just want to know is it a good thing for users to login the application using the active directory login details or shall i create a login together with the application db. If there is anything better that this please suggest. This is my first application development so need help from experienced people.
views:
755answers:
7
+1
A:
If you create a separate login system, then your users have to remember 2 different logins. Why bother, when their "real" login is right at hand?
Danimal
2008-10-07 20:49:39
+1
A:
Less code for you to write and better integration into the wider system. And, who doesn't want FEWER passwords to remember.
JonathanMueller
2008-10-07 20:50:56
+2
A:
Generally it's a good idea to try and minimize the number of accounts people need to have.
So I'd definately try and use their active directory login.
Also if desireable, you can automatically log people into your application using various single sign on methods. (Either integrated into IIS, or other.).
This makes for a very usable application, as people always forget login details, and hate to login again to other systems.
Bravax
2008-10-07 20:53:42
can i get some reference reading material on this "automatically log people into your application using various single sign on methods. (Either integrated into IIS, or other.)."
jazzrai
2008-10-07 20:57:47
Nico's reply has a link which explains various options.
Bravax
2008-10-07 22:03:32
+2
A:
Only use Active directory for your intranet, if you infrastructure supports it.
You question is phrased as if you think the user to type there password in again to login to the intranet site - they should not do this! have windows pass on the credentials automatically. This is pretty much built in to dotnet/iis/etc.
Also AD will add group management a privledges so you can restrict areas of you intranet to members of certain groups.
And you support team already have the tools to manage all this.
PS you can enable FireFox to auto log on via NTLM and it is one of the most requested features for Chrome too so don't let browser issues put you off
Adrian
2008-10-07 20:56:58
+2
A:
There are several pros using Active Directory authentication in the intranet.
Thoses are the main ones:
- You want to to keep authentication stores number as low as possible
- Using Active Directory, users who have their desktop in the domain (as they should) will be able to use Integrated Windows Authentication. They will be able to log in without having to type their password.
- An Active Directory authentication mechanism probably exists for your language
More information:
Nico
2008-10-07 21:02:07
A:
jms
2008-10-07 21:03:40
A:
Definitely go for the Active Directory option, or use Active Directory as an LDAP server if whatever language you're using doesn't directly support AD. Active Directory actually makes a pretty good LDAP server.
If there is anything better that this please suggest.
OpenID?...
David Hicks
2008-10-07 21:04:51
Why not both? http://www.openid-ldap.org/ allows you to create your own OpenID provider using your existing AD accounts. It's pure nerdgasm.
jcm
2009-12-29 23:08:46