Re: SSO advice

From: Daniel Fisher\(lennybacon\) (info_at_(removethis)lennybacon.com)
Date: 10/12/04

• Next message: naijacoder naijacoder: "Windows Authentication Question !!"
• Previous message: Joe Kaplan \(MVP - ADSI\): "Re: guidance using Forms authentication"
• In reply to: michaelr: "SSO advice"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 12 Oct 2004 09:27:25 +0200

If the Apps all run in a Domain or same machine just turn off anonymous
access in IIS.

-- 
Daniel Fisher(lennybacon)
 MCP C# ASP.NET
Blog: http://www.lennybacon.com/
"michaelr" <michaelr@discussions.microsoft.com> wrote in message 
news:341C7177-49C7-4D73-BDDF-5B1367402574@microsoft.com...
> We are looking to implement Single Sign On (SSO) for our intranet and 
> other
> internal  applications.
>
> Our plan is to have an ASP.NET "portal page" which will examine the
> WindowsIndentity of the IIS-authenticated user, and present links for the
> applications that the user has authorization.
>
> In order to minimize custom programming efforts, we would like to leverage
> built in Windows functionality for authorization and authentication as 
> much
> as possible for both the portal and downstream components and 
> applications.
>
> Our research has led us to the conclusion that using Windows Integrated
> Authentication on IIS is the most effective way to authenticate the user. 
> For
> application authorization, we may use Active Directory Application Mode
> (ADAM) or a custom SQL database.
>
> However, it would be desirable to force the user to enter their 
> credentials
> upon initial logon, rather than automatically picking up the network 
> logon.
> We are concerned that Basic authentication (with HTTPS) may present
> difficulties if our applications are spread across several machines.
>
> Anyone have experience/advice on this?
> 

---

• Next message: naijacoder naijacoder: "Windows Authentication Question !!"
• Previous message: Joe Kaplan \(MVP - ADSI\): "Re: guidance using Forms authentication"
• In reply to: michaelr: "SSO advice"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Active Directory authorization ... AD should be fine as a source for authentication for your web service. ... The easiest way to use AD for authentication is to just use the transport layer authentication schemes built in to IIS. ... For app level authorization, I'd suggest checking out Microsoft's Authorization Manager framework. ... every applications. ... (microsoft.public.windows.server.active_directory) Re: Accessing Authenticate Header ... IIS configuration for anonymous access ONLY (NO Basic Authentication) ... Handler or Module reads the AUTHORIZATION header and authenticates ... (microsoft.public.dotnet.security) Re: SSO advice ... You can do both Windows Integrated aith and forms auth if you want. ... Basically, the main site is forms authentication, it has a "sub-site" within ... > applications that the user has authorization. ... (microsoft.public.dotnet.security) SSO advice ... applications that the user has authorization. ... Our research has led us to the conclusion that using Windows Integrated ... Authentication on IIS is the most effective way to authenticate the user. ... (microsoft.public.dotnet.framework.aspnet.security) SSO advice ... applications that the user has authorization. ... Our research has led us to the conclusion that using Windows Integrated ... Authentication on IIS is the most effective way to authenticate the user. ... (microsoft.public.dotnet.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)