1

I've found a lot of information about this subject; however, not much in the way of how to implement my specific scenario. Unfortunately, my company's AD is half-pregnant, so to speak. The users are there, but that's about it.

I'm creating an intranet and obviously need to authenticate users which I'll use Windows Authentication to do so. However, since my AD does not contain any of the additional information typically used in an intranet (heirarchy of users, meaning managers and departments associated with each employee, etc.), I wanted to use Identity to satisfy that need. And although we do utilize AD Groups, it's painfully difficult to get that setup and want to use Identity for role based authorization instead of AD.

Although fairly new to Identity, it's easy enough to figure out, and Windows Auth is easy to implement.

What I'm missing is the know-how to marry the two together.

So my scenario is - Authenticate the users with Windows Authentication. Once authenticated, switch over to Identity for role-based authorization (claims?) and any other meta-data (such as user information or application specific data)

I've seen this question asked, but not sure if it really is that simple or is there more to it. And I'm not sure if it really fits my scenario. And this question seems to be exactly what I'm asking, but no responses. Finally, this question seems even closer to what I'm asking, albeit using the Membership Provider. I'm guessing this may be the way with Identity as well?

So, in my instance, I'm using Windows Authentication and so I will not have a login form or action (strict requirement to NOT have users enter username/password - it should be seemless). In the case of an employee going to the intranet for the first time, they authenticate with AD, but then how would I save that user to the Identity store? Would it make sense to send new users (employees that have never been to the intranet before) to a Register page after they've been authenticated through AD to ensure there's an associated record in Identity? I could then, as part of the registration process, have them select their department and manager. After they register, a human-based validation process would have to happen to ensure the user selected the correct department and manager, but that's the least of my worries right now.

Recommendations, links, or just some simple guidance would be appreciated. Thank You!

Community
  • 1
  • 1
Buster
  • 373
  • 2
  • 6
  • 17
  • have you looked at the usage of `PrincipalContext` – MethodMan Apr 02 '15 at 16:31
  • No, I haven't. Could you elaborate on the significance? – Buster Apr 02 '15 at 17:02
  • Do a google search and you will see the significance it will help in doing what you need via AD – MethodMan Apr 02 '15 at 18:25
  • @MethodMan Let me re-phrase my previous comment - I understand what `PrincipalContext` does, just wasn't sure where it fit in to my scenario. I'll assume you meant using it to get the users info from AD *after* they're authenticated, and then taking that information and enter it into the Identity store? – Buster Apr 02 '15 at 18:46
  • @SFAgitator have you got any solution for this question? – SeeSharp Aug 07 '16 at 08:21

0 Answers0