.NET
ASP
ASP Code
ASP.NET
ASP.NET Code
BrainDump
C#
Code Examples
Database
Database Code
IIS
Microsoft Access
MS SQL Server
Silverlight
Visual Basic.NET
Windows Scripting
Windows Security
XML

Mobile Linux
App Generation ROI
IBM® developerWorks

ASP Web Hosting
ASP.NET Web Hosting
Windows Web Hosting

Weekly Newsletter
Developer Updates
Free Website Content

Articles

Forums

All Feeds

Write For Us Get Paid

Request Media Kit

Site Map

Privacy Policy
Support

USERNAME

PASSWORD

>>> SIGN UP!

Lost Password?

ASP

RSS

Apply Single-Sign-On to Your Application

By: Softwaremaker	Search For More Articles! Disclaimer Author Terms
Rating: / 90
2003-12-23

Table of Contents:

Apply Single-Sign-On to Your Application

Sign-On: LDAP as the Key

What are the Pitfalls?

Two Solutions

Conclusion

	ADD THIS ARTICLE TO:
	Del.ici.ous	Digg
	Blink	Simpy
	Google	Spurl
	Y! MyWeb	Furl

Email Me Similar Content When Posted

Add Developer Shed Article Feed To Your Site

Email Article To Friend

Print Version Of Article

PDF Version Of Article

Apply Single-Sign-On to Your Application - Sign-On: LDAP as the Key

(Page 2 of 5 )

Single Sign-On: LDAP as the Key
One of the methods I recommend is the use of the organizational directory. One of the key differences between a directory and a database is the frequency of the usage and of the data, as well as the rate of change. A Directory is very much like the Yellow Pages. You don’t refer to it every minute or second of the day (frequency of usage) and it gets published perhaps once a year (rate of change). All basic essential user identities are being stored in a company's directory within the IT Infrastructure. This can be in an IBM or Unix Mainframe, Novell Server or Windows Active Directory. What is needed is a way to query and lookup the indexes of these directories to find the user and authenticate them. This is achieved by a common, widely-adopted and widely-accepted standard called Lightweight Directory Access Protocol (LDAP). Much like how Structured Query Language (SQL) queries databases, LDAP is used to query directories to return certain information.

In more ways than you think, it doesn’t make sense for an application to hold another set of user data where the host platform of the application already holds a copy. The LDAP Directory is managed, rightfully, by the System Owner and he/she will also rightfully assign the proper rights to the different roles each application requires. Each user is authenticated just once with their user-credentials at logon time. From then on, their user-session is mapped onto their user-credentials, policies and authorization.

Launching an application will involve retrieving their current user session details and then querying the LDAP Directory for their user-roles and rights with that information. This is all transparent to the user, and once the user gets authenticated and authorized by the LDAP Query, he/she will have access to all or portions of the application, depending on the roles of the user. Once that happens, Single-Sign-On is achieved.

Next: What are the Pitfalls? >>