AD LDS for authentication to web application

Hi there. The company I work for is looking at using AD LDS for authentication and permissions for 3 web applications we currently run.

The applications are very archaic and use  MS SQL to store all data as well as passwords.

I am new to web applications and permissions. Can someone give me some detail as to how I would use AD LDS for authentication and to restrict access depending on the permission level? I would also like to know if there is a way to have a single sign on using AD LDS for all three websites?

The websites will be redeveloped but currently we are simply looking to improve security. I am unsure as to how permissions are currently done.

By the way, the websites hold confidential information so security is a priority.

Thank you
mig1980Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CmdoProg2Commented:
I assume that your are using group/roles for permissions and assigning users to them (AD groups to authorization roles).  You can divide your site with subdirectories that can be restricted by roles.  You can also use the AD Groups as a SQL login in to grant exec permission, etc within your SQL database.  

In your web.config,  you can restrict a directory and adjust your menu by enabling security trimming. This trimming only shows the pages the user is authorized.

    <siteMap defaultProvider="DfltSite" enabled="true">
      <providers>
        <add name="DfltSite" description="Defaut SiteMap provider." type="System.Web.XmlSiteMapProvider" siteMapFile="web.sitemap" securityTrimmingEnabled="true"/>
      </providers>
    </siteMap>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"/>
....
  <location path="Supervisors">
    <system.web>
      <authorization>
        <allow roles="DomainName\GroupName"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mig1980Author Commented:
That's a great point to assign groups to subdirectories. I never thought about it that way. Is there any documentation that anyone knows of that can detail what I would need to do to setup this structure for my three websites? I am fairly new to this but am exploring it as an option unless someone can tell me of a better option for what i need done.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.