Re: AD & ADAM together in harmony

You might want to look into ADFS for this. It supports using both AD and
ADAM as the source for authentication and can provide both windows
impersonation tokens for those users as well as role based information. The
role information is limited to .NET 2.X applications but if you are building
new this may not be an issue.

-Robert
"GrITMan" <GrITMan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0654A1BF-CA02-4D21-B929-BEE67E005CCE@xxxxxxxxxxxxxxxx
We are planning on building an Intranet/Extranet for our payroll
application.
The idea is to use AD integrated IIS security for internal users to
automatically identify and authenticate them on IE access, and use ADAM
for
clients.

The architecture will involve an internally hosted web server that will be
available to internal users, plus we will publish these pages via ISA
reverse
proxy and SSL externally to the outside world.

The problem we have is figuring out how we go about switching from AD to
ADAM during the authentication process? If, for example, the user does
not
authenticate automatically, how do we get it to check ADAM instead of
popping
up a username and password dialogue for AD?
We have been told to use Forms authentication instead of IIS, but no
indication of actually how this would work or how to develop it.

The second option I have suggested to the dev team is to split the
authentication physically into two separate pages, one for internal, one
for
external access. Thus we authenticate at the point of entry and then
converge on single site content keeping that authentication in the
session.
Again though, if we enable windows integrated security for the site, it
applies to the whole site, so even if we authenticate external users up
front
with ADAM, further down the the line they will hit AD security somewhere
and
we're back to square one (even this is a guess, we're not sure how this
will
pan out)

What I want to know is a) are we going about this the right way? and b) if
we are, how do we do this?

Any suggestions or advice will be welcome

Thanks

GrITMan


.

Relevant Pages

  • Re: adam bind-redirect
    ... a third party doing authentication) then the proxy-redirect isnt an option. ... could benefit from bind redirect/User Proxy Object ... >> Our Adam will have a user store where we put custom user attributes. ... > Integrated authentication gives you a Windows security context ...
    (microsoft.public.windows.server.active_directory)
  • RE: Combine Forms Authentication with Windows
    ... | Subject: RE: Combine Forms Authentication with Windows ... since those internal users need to call ... | | So you need integraded security, this means that the users need ...
    (microsoft.public.dotnet.general)
  • Re: ADAM Hell
    ... I'd say that DNN is trying to use Windows authentication ... to bind to ADAM instead of simple bind. ... Another way to get around with would be to create a Windows user on the ADAM ...
    (microsoft.public.windows.server.active_directory)
  • Re: About ADAM , replication and authentication.
    ... On authentication, ... To authenticate as a Windows user, you supply a username, password and ... If you have adam users, you can use just user DN and password (or SPN, ... >>> another server a replica. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Authentication Using ADAM ?
    ... Those service all require Windows or Domain authentication by default, ADAM provides ADAM authentication only which is useful inside of ADAM or for applications that don't need Windows auth. ...
    (microsoft.public.windows.server.active_directory)