Post by faanyan
Hi, I'm doing a project about single authentication and authorization
using Web Service and Active Directory.
The main idea is that any application in an organization should adapt
themselves for using my Web Service in
parts of authentication to use only one users' identity for a user for
every applications.
The users' identities are kept in AD and used by the Web Service.
Another part is authorization.
Now, I designs that the service provides methods for application
registration so that the applications can register to the service and
that the service manages publishing the applications into the AD. The
application developers also has to grant privileges for an application
to groups/roles of users via the service. This can authorize users who
access applications.
Moreover, I want to do central authorization in a deeper level, the
business logic level of the applications. I want my service, whose
authorization core is on AD, to be able to control users using internal
processes of an application like the way GPOs work with Windows. I
wonder if it's possible? Maybe done by controlling some libraries in
NET Framwork for .NET applications or something like that (I wonder if
AD has such features)?
--
faanyan
------------------------------------------------------------------------
faanyan's Profile: http://forums.techarena.in/members/faanyan.htm
View this thread: http://forums.techarena.in/active-directory/1086810.htm
http://forums.techarena.in