tags:

views:

143

answers:

2
+1  Q: 

Single Sign on- From our customer's Active Directory

We have an ASP.NET MVC website that a customer is requesting Active Directory single sign on. My thought is that we will need something behind their firewall in order to send encrypted credentials or a user's ID over to our server... any best practices or products that do this would be extremely helpful!

Edit:

We are trying to make this as secure, seamless, scalable (we will have more than one client doing this), and as cost-effective as possible. Originally, I thought that we may have to have some sort of appliance which merely does the logging in by reading their AD credentials and once this is achieved it passes onto the live web application on our server...

Thanks! jbarker7

+1  A: 

Ways I've seen this accomplished in the past is to have a VPN set up so the web server and their Active Directory can communicate over a secure connection. A dedicated connection between sites is better as VPNs can be flaky/unreliable for consistency. If the connection speed between the physical locations isn't that great, I'd look at making use of a read-only domain controller on the same network as the web server. Again, using a VPN/dedicated line for it's its connection back to the domain. I'll gloss over the details of what's all required for that as that's better answered on Server Fault

As long as the web server can communicate with their domain controller, you shouldn't have to do too much else besides changing configuration to point at their domain information.

Agent_9191  2010-04-05 23:02:22
Thanks for your response @Agent_9191. It seems like VPN would be overkill in this instance-- not to mention would open an entirely new can of worms in regards to policies and security concerns that we really cannot deal with or support.
Josh Barker  2010-04-06 00:57:18
A: 

We ended up creating a solution using OpenID. The client opens port 80 of their firewall and we display a login page (OpenID IdP) which establishes a secure connection with our OpenID RP located on our server.

Josh

Josh Barker  2010-08-24 21:20:08

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?