Question
I have a web application that I need to secure.
We phased the development tasks/epics to help the focus and meet the deadlines:
Phase 1:
Phase 2:
Phase 3:
Additional info:
We have created a Windows Azure Active Directory but that seem to be problematic with both the user name and the login page. WAAD was chosen as it removes the pain of having to create a "custom" user management platform and because of the "as a service" approach.
I can't find anybody doing this on the web.
Would anybody have an idea to know how to start based on the requirements?
Solution
I would recommend starting by reading up on the Claims-based Identity model. The current version of WIF (Windows Identity Framework) supports claims based identity.
In a nutshell this model is much more extensible (say Federation) and you don't have to worry about the nitty gritty details of security code. You can start using claims now against your existing AD and then easily move to phase 2 and 3 by just pointing to, or adding, a new identity provider that you 'trust'.
OTHER TIPS
Azure AD will enable your customers to be able to sign in to your application using their on-premises (federated) AD identities or pure cloud managed identities (many O365 customers are pure cloud managed). Consumer IdP federation (MSA, Facebook, Google) isn't available with Azure AD yet - but it is something that is on our radar. Azure AD customers can already customize the sign-in page to add branding of their Organization - however the customization of sign-in page per application isn't available yet (also on our radar).
I am curious about the requirement of having arbitrary strings as username - why is this so important?
thanks
https://stackoverflow.com/questions/23605552
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian