Monday, May 07, 2012 6:45 AM
I have a requirement to allow internal users to log in using their Windows AD logins (and essentially auto-login if on the domain) - hence Windows Integrated works fine for this, However - I also have a requirement to allow users logging in externally occasionally (ie. from home) to be shown a custom login form (ala FBA).
However, from some research I have done, enabling FBA and setting it up to authenticate against AD in an extended web application, while still keeping Windows Integrated in place causes a number of issues - the main one being that for a user eg. JeffJones, if he logs in externally or internally, he will be seen as two different users, following 2 different formats - ie:
This means that throughout my application I need to adjust every bit of permission logic to add or remove two accounts instead of 1.
Also, no idea how this will impact Client Integration considering FBA is now enabled; even though I am still authenticating against AD - I assume it will also give the cut-down experience we see with normal FBA.
The ideal solution is to use ISA Server / Forefront; but the client does not have ISA Server in place.
All I need is a custom login form, that will authenticate against AD; that wont cause all these issues. Adding FBA into the mix introduces a great deal of risk - Can anyone provide any ideas here?
- Edited by Jude_44 Monday, May 07, 2012 6:46 AM