How do you use Active Directory in a "hosted solution"?

Question

Yesterday I got a call from a Microsoft representative asking if we supply "hosted solutions", presumably as part of the big Windows Azure push. As soon as I got off that call, our marketing director came into my office and said the majority of our customers are demanding Active Directory integration in the next version. Then it occurred to me: how does one use Active Directory in a "hosted solution" if the application does not live on the customer's network?

As a more general question about Active Directory integration, what kind of functional changes does that usually imply for an app? Does it mean a user is signed into the app just by authenticating to Active Directory or does it mean the app gets its list of users from Active Directory or does the creation of new users or groups in the app create new users or groups in Active Directory?

Am I just caught in the crossfire of a war of buzzwords?

Answer 1

You're not. Active Directory can be run across the public Internet, though this complicates the security and setup of the network rather considerably.

Generally, authenticating an app against Active Directory means that your membership provider (for example) would call into Active Directory to do the authentication and, after that, the user is simply logged in; you don't keep active credentials, etc, in your own database. However I would consider it smart to cache that information as well, and be prepared to authenticate against that cache in addition to the directory, in case the domain controller is unavailable for authentication (an especially large risk if you're running the directory across the Internet).

Answer 2

You can use Active Directory Federated Services to enable authentication using AD over the internet between two organizations. See: http://technet.microsoft.com/en-us/library/cc786469.aspx

I've never used it only read about it. Hope it helps.

Answer 3

Active Directory can be run across the public internet but you will experience lag times which may cause your app to time out or crash depending on your bandwidth. In the past, I have setup accounts with another company called ultradns.com who specializes in these types of scenarios. hope that helps.

Answer 4

You'd be best off going with a true hosting framework if you would like any support from MS.

I'm sure you'd like some links so:

HMC(Hosted Messaging and Collaboration)

The ONLY true blog I know about on the framework is from Kip Ng

The ASP.NET forums are a good resource for questions on the Framework as well.

An example of the work that goes into configuring AD for Exchange multitenancy is here, though it is based on an older version of the framework a lot of the same principles apply.

Also, try searching on the keyword multitenancy for some articles.