AD LDS automatic sign
https://stackoverflow.com/questions/11641791
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
we have asp.net web application and we need to support "automatic login" using domain credential (windows principal) if users visit the website via intranet or we will prompt user to enter domain credential if visited through external network via HTTPS.
Problem is that this web server (windows server 2008) is a workgroup machine and it's in DMZ. I've been told to research on AD LDS + AD FS to make this happen within limited time, whether or not it is possible to support both domain credential SSO (both internal & external) and automatic sign-in for intranet domain users.
As I read related documentations and discussions in the forums, I understand that SSO is possible with this setup, however I cannot be certain and unable to find related materials mentioning about "automatic signing" intranet domain users with this environment.
Can anyone please advice if it is possible or if there are alternative approaches. The main thing is that we want to avoid joining that existing web server to the domain.
Many thanks
Solution
ADFS will get you what you want. You'll need to modify the app to support claims (look up WIF - Windows Identity Framework). ADFS would be installed in your domain environment and then you'd configure the ASP.Net app as a relying party application in ADFS.
I don't think AD LDS will be of any use to you here.
