Friday, February 11, 2011

Is it a good idea to use Active Directory user login to your application.

I am developing a web based intranet for my company. I just want to know is it a good thing for users to login the application using the active directory login details or shall i create a login together with the application db. If there is anything better that this please suggest. This is my first application development so need help from experienced people.

  • If you create a separate login system, then your users have to remember 2 different logins. Why bother, when their "real" login is right at hand?

    From Danimal
  • Less code for you to write and better integration into the wider system. And, who doesn't want FEWER passwords to remember.

  • Generally it's a good idea to try and minimize the number of accounts people need to have.
    So I'd definately try and use their active directory login.

    Also if desireable, you can automatically log people into your application using various single sign on methods. (Either integrated into IIS, or other.).
    This makes for a very usable application, as people always forget login details, and hate to login again to other systems.

    jazzrai : can i get some reference reading material on this "automatically log people into your application using various single sign on methods. (Either integrated into IIS, or other.)."
    Bravax : Nico's reply has a link which explains various options.
    From Bravax
  • Only use Active directory for your intranet, if you infrastructure supports it.

    You question is phrased as if you think the user to type there password in again to login to the intranet site - they should not do this! have windows pass on the credentials automatically. This is pretty much built in to dotnet/iis/etc.

    Also AD will add group management a privledges so you can restrict areas of you intranet to members of certain groups.

    And you support team already have the tools to manage all this.

    PS you can enable FireFox to auto log on via NTLM and it is one of the most requested features for Chrome too so don't let browser issues put you off

    jms : In IIS check out Integrated Authentication.
    From Adrian
  • There are several pros using Active Directory authentication in the intranet.

    Thoses are the main ones:

    • You want to to keep authentication stores number as low as possible
    • Using Active Directory, users who have their desktop in the domain (as they should) will be able to use Integrated Windows Authentication. They will be able to log in without having to type their password.
    • An Active Directory authentication mechanism probably exists for your language

    More information:

    From Nico
  • on topic.
    http://stackoverflow.com/questions/22135/how-do-i-use-ntlm-authentication-with-active-directory#22191

    From jms
  • Definitely go for the Active Directory option, or use Active Directory as an LDAP server if whatever language you're using doesn't directly support AD. Active Directory actually makes a pretty good LDAP server.

    If there is anything better that this please suggest.

    OpenID?...

    jcm : Why not both? http://www.openid-ldap.org/ allows you to create your own OpenID provider using your existing AD accounts. It's pure nerdgasm.

0 comments:

Post a Comment