views:

68

answers:

1

We provide a hosted web application for multiple companies. Now we see the need to provide the ability for uses to 'auto login' if the are already logged into/identified by their individual local domains. What would be the best solutions for this? Would it be to have a certificate associated to their local AD account that our web application knows and therefore can identify and logon the user?

Any thoughts how to go about this?

This need to be implemented on a ASP .NET MVC application. Any examples greatly appreciated :-)

Cheers, Tommy

A: 

What you've described is really a textbook example for using the new "Geneva" claims-based identity framework. The idea is that your server establishes a trust relationship with each of your users' companies. Each company would set up Active Directory Federation Services, which would issue a claim to your application when the user attempts to access it. Your application, using the Windows Identity Framework would check the claim comes from a trusted party, then extract the user's identity from it. It is all explained in AD FS 2 Federation with a Windows Identity Foundation (WIF) Application Step-By-Step Guide.

This approach will have much less of a maintenance overhead than using certificates.

Andrew Strong