Last post Apr 01, 2014 08:55 AM by Whatty
Mar 31, 2014 02:37 PM|Whatty|LINK
I have a ASP.net application that has a custom RoleProvider which I wrote to lookup roles in a custom table and this has been working fine for quite a while.
However, we just got a client that needs us to integrate our appliation with an internal SSO system.
Basically we take the Windows ID pass to us by the browser (using WindowsAuth), lookup that ID in the SSO system (with some other data) using a REST call and it returns us an internal SSO ID (not based on AD). We then lookup that SSO ID in our tables to
determine the roles.
What I am struggling with is the best approach for this.
I have already created a custom HTTP Module that does the rest call to SSO system but ideally I would like to reuse our custom role provider, but I see a problem in getting the SSO ID to be used by that role provider (currently GetRolesForUser is passed
the Windows ID and not my SSO ID)
Am I approaching this in the correct way and how can I get the SSO ID passed to my RoleProvider or do I need to go back to the drawing board.
Thanks in advance.
Mar 31, 2014 02:45 PM|BrockAllen|LINK
Sounds like your SSO solution relies upon AD, right? So why aren't you using ADFS and WS-Federation for your SSO (this way you wouldn't need to build this piece that calls back to the SSO server/database).
Apr 01, 2014 08:55 AM|Whatty|LINK
This solution is imposed upon me by the client - all internal applications are not supposed be using the Windows domain ID - which is why we do the lookup in the SSO system and are returned a SSO ID