Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Enterprise Application Security Architecture

Posted on 2014-04-16
3
Medium Priority
?
184 Views
Last Modified: 2014-05-17
Hi All,

We currently have a bunch of applications using forms based authentication.  One of the major probelms we're facing is that each application has its own table for users and managing credentials.  I'm looking at trying to combine everything and make it so we have one user table and then have each application refer here.

Some of our applications are accessible from the internet, but in essence all of our users are company users.  With that in mind I'm wondering if we could get away with impersonation and implement a single sign on.

Workflow would be to request a page
if the user is in the local network we see a their domain account and I can just let that pass through.

If the user is not on the domain they'll need to be referred to a login page.  I'm thinking the login page will ask for their windows credentials, authenticate against AD, impersonate them, and redirect back to the application.  I'm also assuming the login page will need to be in HTTPS as credentials are passed.

Are there any "gotchya's" with this approach?  

Any better ways of doing it?  

And what about considerations for Single Sign On?

EG:

user hits site1.company.com and successfully authenticates
user hits site2.company.com (in the same session / browser) - would be nice if I didn't have to challenge again.

I have full access over the design so any suggestions and good reading greatly appreciated.

Thanks in advanced.
0
Comment
Question by:Kyle Abrahams
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 25

Expert Comment

by:apeter
ID: 40009854
Converting many user tables into one user table.  Create new views with same names as your existing different user tables. Inside those views, you point to your new one user table.

Session management option like "state sever"(out of procss) and "sql server" can be shared by many servers.

I think in load balancing we can specify,  all requests for a particular session , we can route them to same server, so that the session is not lost.
0
 
LVL 41

Accepted Solution

by:
Kyle Abrahams earned 0 total points
ID: 40016269
0
 
LVL 41

Author Closing Comment

by:Kyle Abrahams
ID: 40071913
WIF is the way to go with this.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question