Active Directory based authentication

Question

0.00/5 (No votes)

See more:

Hi,

I have an web application hosted on a server outside the client network and the client wants to provide the facility to there internal users to access that web application using their AD account.

As per AD/Windows Authentication the client and server should be on same network but in my case they both are on different network.

Can we can implement this kind of functionality or any other suggestion to make it working.

Thank you

Posted 10-Dec-14 6:01am

Sanket Saxena

Updated 10-Dec-14 7:19am

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Kornfeld Eliyahu Peter · Accepted Answer · 2014-12-10T10:16:00

Solution 1

In some way AD must be accessible for the site, otherwise authentication is impossible...
There is a Microsoft document on how to expose your AD directory services to sites on the DMZ - http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=3957[^]
If it helps you may read this How To on how to use web form authentication to authenticate with AD - http://msdn.microsoft.com/en-us/library/ff650308.aspx[^]

Posted 10-Dec-14 10:16am

Kornfeld Eliyahu Peter

Comments

Sanket Saxena 10-Dec-14 23:20pm

Thanks for the reply Peter and nice links...But the client don't want to do any kind of login i.e If the AD users try to open the site they directly able to visit it.

Seems not possible but any suggestion will be appreciated.

Kornfeld Eliyahu Peter 11-Dec-14 1:48am

I see now that what you are looking for is silent-login...
The problem with silent-login is that it has a'silent pre-request - user has to be authenticated with some, trusted, system. In a simple scenario you are already logged-in to you domain so the site your are browsing can use that information to authenticate you...
As I understood this is not your case - users are browsing from untrusted (exeternal) locations, so there is no information available for authentication...

Sanket Saxena 11-Dec-14 2:16am

Exactly Peter this is what we need because if the server locate at the client end (same network) then no issue. But here we need to do the silent login in the application hosted on external server.

Kornfeld Eliyahu Peter 11-Dec-14 2:24am

If you can't create some trust between that external server and you site you will not be able to do silent-login...
However, if the external server has its own domain your can setup a trust relation between your domain and between the one on the external server. Then you will be able to map users of the external server to to your users...
http://technet.microsoft.com/en-us/library/cc816837(v=WS.10).aspx

Sanket Saxena 11-Dec-14 4:13am

I didn't implement it yet but i am pretty sure after going through your link that we can do it. Great thanks