Terminology help with forms/windows/active directory authentication based on my requirements

Question

My company develops an asp.net 4.0 website as part of our product. It is meant to be run within an organization (intranet).

I've been given some requirements, but I'm new to this stuff and am not exactly sure what I should be looking into. In general this is what I need to do (assuming the website is running within a Windows domain network)

• Allow automatic login to our application for any user currently logged into a domain computer. (Don't show a login screen).

• Somehow map our predefined ASP.NET Roles to user groups defined in the domain (I guess manually mapping this in some sort of XML file is fine).

• Get the authenticated user's groups so I can figure out the proper role from the above mapping

• Get the authenticated user's contact information if available in active directory

I've done some hunting on google, and so far I've seen info on using forms authentication with active directory, windows authentication, something called AD authentication, impersonation, etc.

I'm not really looking for info on how to do this (although any help would be appreciated) I'm more looking for someone to point me in the right direction based on these requirements.

Thanks.

Answer 1

To skip a login, you'll have to use integrated authentication. (Turn off annonymous access in IIS, and enable Windows authentication in your application: http://msdn.microsoft.com/en-us/library/532aee0e.aspx) Of course, this will only work in Internet Explorer, and there are security concerns even if you keep it all inside your intranet.

You can probably use an Active Directory membership provider to get the username into Page.User.Identity.

And you can use the System.DirectoryServices namespace to query AD. This is a good way to get the groups out and into a form you can use for a Role Provider, as well as your route to look up their information.