Hi,
I have a scenario where I have multiple Web applications which are all active directory aware and are spread across several web servers. All Web applications are in the same active directory domain and extranet facing, each application contains its own method of storing permissions which can be mapped to a security group in active directory.
My idea is to turn on integrated authentication in IIS on each web server and get every application to authenticate user against active directory thus allowing an authenticated user to do what they need to do within the application based on the permissions mapped to the relevant active directory Security group.
I have a few questions or that I think you may be able to answer:
• if the user visits one Web application and authenticates using integrated authentication, if they navigate to a different Web application which is on a different physical server but within the same domain will they have to re-authenticate? How well does Firefox, Opera and Netscape browsers perform in this situation?
• Are there any considerations that need to be made in regard to the above approach within an extranet environment ie web facing?
• Has anyone tried a solution where the default windows login form is replaced with a Web based form to authenticate within integrated authentication?
Any advice would be greatly appreciated
I have a scenario where I have multiple Web applications which are all active directory aware and are spread across several web servers. All Web applications are in the same active directory domain and extranet facing, each application contains its own method of storing permissions which can be mapped to a security group in active directory.
My idea is to turn on integrated authentication in IIS on each web server and get every application to authenticate user against active directory thus allowing an authenticated user to do what they need to do within the application based on the permissions mapped to the relevant active directory Security group.
I have a few questions or that I think you may be able to answer:
• if the user visits one Web application and authenticates using integrated authentication, if they navigate to a different Web application which is on a different physical server but within the same domain will they have to re-authenticate? How well does Firefox, Opera and Netscape browsers perform in this situation?
• Are there any considerations that need to be made in regard to the above approach within an extranet environment ie web facing?
• Has anyone tried a solution where the default windows login form is replaced with a Web based form to authenticate within integrated authentication?
Any advice would be greatly appreciated
