Click here to Skip to main content
15,944,390 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hi,

I have an web application hosted on a server outside the client network and the client wants to provide the facility to there internal users to access that web application using their AD account.

As per AD/Windows Authentication the client and server should be on same network but in my case they both are on different network.

Can we can implement this kind of functionality or any other suggestion to make it working.

Thank you
Posted
Updated 10-Dec-14 7:19am

1 solution

In some way AD must be accessible for the site, otherwise authentication is impossible...
There is a Microsoft document on how to expose your AD directory services to sites on the DMZ - http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=3957[^]
If it helps you may read this How To on how to use web form authentication to authenticate with AD - http://msdn.microsoft.com/en-us/library/ff650308.aspx[^]
 
Share this answer
 
Comments
Sanket Saxena 10-Dec-14 23:20pm    
Thanks for the reply Peter and nice links...But the client don't want to do any kind of login i.e If the AD users try to open the site they directly able to visit it.

Seems not possible but any suggestion will be appreciated.
Kornfeld Eliyahu Peter 11-Dec-14 1:48am    
I see now that what you are looking for is silent-login...
The problem with silent-login is that it has a'silent pre-request - user has to be authenticated with some, trusted, system. In a simple scenario you are already logged-in to you domain so the site your are browsing can use that information to authenticate you...
As I understood this is not your case - users are browsing from untrusted (exeternal) locations, so there is no information available for authentication...
Sanket Saxena 11-Dec-14 2:16am    
Exactly Peter this is what we need because if the server locate at the client end (same network) then no issue. But here we need to do the silent login in the application hosted on external server.
Kornfeld Eliyahu Peter 11-Dec-14 2:24am    
If you can't create some trust between that external server and you site you will not be able to do silent-login...
However, if the external server has its own domain your can setup a trust relation between your domain and between the one on the external server. Then you will be able to map users of the external server to to your users...
http://technet.microsoft.com/en-us/library/cc816837(v=WS.10).aspx
Sanket Saxena 11-Dec-14 4:13am    
I didn't implement it yet but i am pretty sure after going through your link that we can do it. Great thanks

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900