Windows Authentication, Single sign on and Active Directory



Hello All,

First of all, let me make it very clear that I do not have any idea about
implementing the windows authentication, so all inputs would be appreciated.

The scenario :
I have a client - server application. At the moment, the passwords for the
users are stored in a password storage (encrypted). The client app shows a
login dialog, gets the username and password and sends it to the server
where the server verifies it against the password store. I would like to
move to a position where the user does not need to enter the username and
password, If they are logged on to the domain, they should go straight in.
The application is written in C# (client app) accessing the ASP.NET web
services. All of it is done in .NET framework 2.0

The way I have figured out so far is as follows :
On the client side,
1) Get the user's identity
2) Send this to the server
On the server side :
3) Validate the user's identity against the active directory
4) If the user is valid, the normal process of using the application
continues.

In the process of trying this, I have done the following:
1) Get the user's identity
System.Security.Principal.WindowsIdentity.GetCurrent().User.Value
2) send it to server (the value returned from the above call is string) so I
send it as it is.

On the server side
3) I try and create the SecurityIdentifier object as follows :
System.Security.Principal.SecurityIdentifier sid = new
SecurityIdentifier(sddlIdentity);
this call is okay. From here I don't know where to go and how to validate
this agains the active directory. I had a look at AD objects and it seems
the SID should be available in some tokengroups but this is where I have got
completely lost. (On a sidenote :Another thing is, If I try and use AD
searching, I get an error possibly because the call is run as ASPNET user
which does not have access to AD)

Kindly help me in achieving this or if this method is not the correct way of
achieving my goal, advise me accordingly.

TIA,

SP


.