I wrote and maintain an internal company asp.net web app that uses the SQL Server membership provider. My users and my bosses want me to convert this to use our company's Active Directory for authentication so they don't have to log in. I'm really having a hard time trying to figure out where to start.
First of all, I have complete control over the app and the SQL database. I do not have any control over our Active Directory server. As a start, what will I need from our IT department so that I can proceed? ...at the moment I don't even know the proper questions to ask: the hostname of the AD server? The users will all already have accounts in the Active Directory, but what about assigning them to roles for my app? Is this something that IT administrators will have to do?
I dont know if this complicates matters, but the server my app runs on is not on the domain and there's no way my boss is going to join it to the domain. Does it need to be on the domain to be able to query AD?
What do I need to ask IT for? Can any computer query AD? Does it need an account (machine or user)?
As you can probably see from my questions, I can't figure out where to start. Any help will be much appreciated.