none
Using Active Directory for public services RRS feed

  • Question

  • I know not traditional that using on-premise active directory (Local AD) for public services, but I don't have alternative that has AD's features. For example many software that integrated with AD.

    I want know active directory is good choice for using as authentication/authorization/account solution in a website? (For public services)

    Note: I don't give permission to public users that they can access directly to AD. It is possible use the ADFS between AD and public users.

    Saturday, January 21, 2017 11:58 PM

All replies

  • Hi Sadegh,

    You are in the right direction.

    Few options includes using Office365 Azure AD, which would make you life easier.

    However you can rely on Active Directory and claims-based authentication using ADFS as well on Windows Server 2012 R2.

    References:

    Active Directory and claims-based authentication:

    https://msdn.microsoft.com/en-us/library/gg334502.aspx

    Claims-Based Identity Overview:

    https://msdn.microsoft.com/en-us/library/ee895363.aspx

    An Introduction to Claims:
    https://msdn.microsoft.com/en-us/library/ff359101.aspx


    Regards,

    Satyajit

    Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

    Sunday, January 22, 2017 2:04 PM
  • Hi Satyajit,

    Thank you so much for your reply.

    I know AAD has many new feature (Like self-registration) and using these easier my project as well, but I can't use it for some reasons.

    You say me, if I using ADFS between PDC (AD) and public users (Internet) don't should worry? And this solution is secure?

    For using Active Directory as IAM in my website, I have a big problem, and it is that my public users can't self-register and manage their profile. I see many software that with its, we can do many self-action like enable users or restore password, but none of them don't provide self-registration. Do you have any solution for this problem?

    Sunday, January 22, 2017 4:08 PM
  • Yes, ADFS is meant for public internet exposure itself and is secure, provided you follow the recommendations.

    Setting up a ADFS environment isn't very straight forward and lots of things to consider.

    For Self-service you can have  IIS based 3rd party solutions (AzureAD has it already built-in)


    Some references on Self-Service:

    Active Directory (2008) password Reset using a web browser



    Regards,

    Satyajit

    Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

    Saturday, February 4, 2017 6:04 PM