I'm really stuck on this problem. Basically, I have a Windows 2008r2 server which runs Active Directory. On another server (not in the same domain) runs a MVC3 Web Application. What I want to do is to authenticate users with active directory as well as get some basic information, i.e employeeId. I also want the users to be able to change their password through this web app.
This is a custom web application, and I don't want to use stuff like exchange.
I have somewhat managed to achieve this goal by using ad connection string in web.config or specifying administrator username and password in my code. However, this is not intuitive considering security and that the administrator account may change password at some point.
I might be wrong, but I guess what I want to do is to somewhat do requests to AD with the role of administrators.
¿Hay alguna forma de que pueda lograr esto?
¡Gracias por adelantado! Salud
preguntado el 31 de julio de 12 a las 12:07
Voy a responder a mi propia pregunta.
The best way to solve this is to use ADFS 2.0 with claim based authentication. When the user needs access he/she is redirected to ADFS 2.0's login page, and as soon as the user is authenticated ADFS 2.0 will send the appropriate claims back to the user (encrypted). These claims can the be used in a MVC 3 application using WIF framework, and can contain values like employeeId, FirstName, LastName, Email, DN etc... dependent on how ADFS 2.0 is set up for that specific application.
Espero que esto ayude a alguien.