I'm trying to add Active Directory single-sign-on support to an existing SOAP server. Since it is written in C++ using third party transport components, adding AD SSO doesn't appear to be easy.
Therefore I am thinking to require IIS as a trusted reverse-proxy and let it do the Active Directory authentication for the SOAP server. That is, offload all authentication duties to IIS, and just rely on the X-Remote-User HTTP header at the SOAP server. Since the SOAP client is using the WinInet API, all of the authentication is done for us, and this give the SOAP server single-sign-on for free.
client
-> IIS (Active Directory authentication)
-> SOAP server (with X-Remote-User: USERID header)
This appears that it should be a fairly common problem space, however although I have found a few IIS proxy programs, I thought that this may be something built into IIS.
Is this sort of functionality built into IIS or do I need to build a proxy myself?
Is there a better option than requiring IIS?