Re: AD & ADAM together in harmony

well, you could setup a new domain in the extranet and enable a cross forest
trust. you cannot pass credentials thru the firewall, so you would need to
use basic authentication for site acces from the extranet


"GrITMan" <GrITMan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0654A1BF-CA02-4D21-B929-BEE67E005CCE@xxxxxxxxxxxxxxxx
We are planning on building an Intranet/Extranet for our payroll
application.
The idea is to use AD integrated IIS security for internal users to
automatically identify and authenticate them on IE access, and use ADAM
for
clients.

The architecture will involve an internally hosted web server that will be
available to internal users, plus we will publish these pages via ISA
reverse
proxy and SSL externally to the outside world.

The problem we have is figuring out how we go about switching from AD to
ADAM during the authentication process? If, for example, the user does
not
authenticate automatically, how do we get it to check ADAM instead of
popping
up a username and password dialogue for AD?
We have been told to use Forms authentication instead of IIS, but no
indication of actually how this would work or how to develop it.

The second option I have suggested to the dev team is to split the
authentication physically into two separate pages, one for internal, one
for
external access. Thus we authenticate at the point of entry and then
converge on single site content keeping that authentication in the
session.
Again though, if we enable windows integrated security for the site, it
applies to the whole site, so even if we authenticate external users up
front
with ADAM, further down the the line they will hit AD security somewhere
and
we're back to square one (even this is a guess, we're not sure how this
will
pan out)

What I want to know is a) are we going about this the right way? and b) if
we are, how do we do this?

Any suggestions or advice will be welcome

Thanks

GrITMan


.

Relevant Pages

  • Re: adam bind-redirect
    ... a third party doing authentication) then the proxy-redirect isnt an option. ... could benefit from bind redirect/User Proxy Object ... >> Our Adam will have a user store where we put custom user attributes. ... > Integrated authentication gives you a Windows security context ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM - SSO and provisioning considerations
    ... single credential store. ... > that app will launch our app, so it can pass the username or SID on the ... ADAM doesn't simplify your architecture from what I can tell in your posts. ... LDAP bind is not an authentication process. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Use of Active Directory vs Database (e.g. SQL server)
    ... the main reason to use ADAM for authentication is that it ... If you go with SQL for the user store, you have to build all that. ... the app going to have its own SQL server database for OLTP ...
    (microsoft.public.windows.server.active_directory)
  • Re: Random logon failure with ADAM Bind Proxy
    ... There was a similar problem discussed here a while ago, see "ADAM user ... I have been using ADAM bind proxy to authenticate users against AD. ... a.ADAM bindproxy authentication was working fine. ... DirectoryEntry user = new DirectoryEntry(userDN, ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM - SSO and provisioning considerations
    ... put ADAM on XP that I can tell from your post. ... Active Directory provides a LDAP identity store, an authentication ... Your third party apps have to authenticate today with your application. ... > SQL Server is our data store: ...
    (microsoft.public.windows.server.active_directory)