9

Yesterday I got a call from a Microsoft representative asking if we supply "hosted solutions", presumably as part of the big Windows Azure push. As soon as I got off that call, our marketing director came into my office and said the majority of our customers are demanding Active Directory integration in the next version. Then it occurred to me: how does one use Active Directory in a "hosted solution" if the application does not live on the customer's network?

As a more general question about Active Directory integration, what kind of functional changes does that usually imply for an app? Does it mean a user is signed into the app just by authenticating to Active Directory or does it mean the app gets its list of users from Active Directory or does the creation of new users or groups in the app create new users or groups in Active Directory?

Am I just caught in the crossfire of a war of buzzwords?

GEOCHET
  • 21,119
  • 15
  • 74
  • 98
flipdoubt
  • 13,897
  • 15
  • 64
  • 96

6 Answers6

5

You're not. Active Directory can be run across the public Internet, though this complicates the security and setup of the network rather considerably.

Generally, authenticating an app against Active Directory means that your membership provider (for example) would call into Active Directory to do the authentication and, after that, the user is simply logged in; you don't keep active credentials, etc, in your own database. However I would consider it smart to cache that information as well, and be prepared to authenticate against that cache in addition to the directory, in case the domain controller is unavailable for authentication (an especially large risk if you're running the directory across the Internet).

TheSmurf
  • 15,337
  • 3
  • 40
  • 48
4

You can use Active Directory Federated Services to enable authentication using AD over the internet between two organizations. See: http://technet.microsoft.com/en-us/library/cc786469.aspx

I've never used it only read about it. Hope it helps.

JoshBerke
  • 66,142
  • 25
  • 126
  • 164
2

The accepted answer explains the role of Active Directory and I agree that caching basic user information may be useful in many instances.

Active Directory can be expanded outside of a corporate network, to the internet and connected web services. As another user mentioned, this is achieved through ADFS (Active Directory Federation Services) which allows "trusted" connections to be set up between separate authentication services. There were a number of scenarios explained as part of the "Office 365 Jump Start" webinars: http://technet.microsoft.com/en-us/edge/office-365-jump-start-04-microsoft-office-365-identity-and-access-solutions

After viewing these, I immediately thought that a "hosted" AD and ADFS service would be useful, where a customer doesn't want to maintain the AD servers internally (Microsoft don't recommend running less than 5 seperate servers if you're doing this!) Recently, Microsoft have also launched their Azure cloud platform. One of the services they provide is labelled "Identity" which you can see here: http://www.windowsazure.com/en-us/services/identity/

This is Microsoft's own solution to hosted AD services. In fact, they even mention using their "Identity" hosted service as a solution for SSO (Single Sign-On) for Office 356 and even Google web apps.

I am still learning about AD and Microsoft's cloud offerings, but I hope this points you in the right direction.

Adclone
  • 64
  • 4
1

There's an article here: http://www.developerfusion.com/article/121561/integrating-active-directory-into-azure/ which describes in-depth how to integrate Active Directory with Azure - hope that helps.

James Crowley
  • 3,911
  • 5
  • 36
  • 65
0

Active Directory can be run across the public internet but you will experience lag times which may cause your app to time out or crash depending on your bandwidth. In the past, I have setup accounts with another company called ultradns.com who specializes in these types of scenarios. hope that helps.

phill
  • 13,434
  • 38
  • 105
  • 141
  • I'm not sure that DNS has anything to do with integration of Active Directory. And UltraDNS.com doesn't seem to mention anything about this. – Simon East Jul 16 '15 at 05:02
0

You'd be best off going with a true hosting framework if you would like any support from MS.

I'm sure you'd like some links so:

  • HMC (Hosted Messaging and Collaboration)

  • The ONLY true blog I know about on the framework is from Kip Ng

  • The ASP.NET forums are a good resource for questions on the Framework as well.

  • An example of the work that goes into configuring AD for Exchange multitenancy is here, though it is based on an older version of the framework a lot of the same principles apply.

Also, try searching on the keyword multitenancy for some articles.

Simon East
  • 55,742
  • 17
  • 139
  • 133
slipsec
  • 3,004
  • 3
  • 34
  • 46