0

I got a simple MVC Website with Windows Authentication and an Oracle Database.

I want to provide a nearly "SSO" feeling for the user. Meaning the flow would be something like this:

  • User browses to the website
  • Windows Authentication happens
  • App checks for Username and Password for this AD User
    • If found, check if valid
      • If valid, continue
      • If NOT valid, Ask for Username and Password
        • Save them and continue
    • If NOT found, Ask for Username and Password
      • Check till valid
        • Save them and continue

First problem is, that I don't know where to store the Username and Password for the Database connection.

Second problem is, that I don't know where to check the information.

As far as I can imagine there are two solutions for the first problem:

  • storing the Data in the Active Directory (using custom attributes)
  • storing the Data in an external file (text, db)

I can't use the Oracle DB itself, because I would need an User to query the User Information, which doesn't make sense in that case.

The second problem is actually my main concern

Where would I put the logic of checking the Username and Password ?

I looked on the Web and found the following options:

What would be best practice to archive the result I described above?

Firen
  • 272
  • 1
  • 13
  • is this an intranet site? How would they even get authenticated by windows if they have not logged on? – kevinskio Oct 23 '15 at 13:12
  • Yes it is an interanet site. The windows login is already "handled" in the standard mvc app. – Firen Oct 26 '15 at 07:37
  • Could you add more details? I have code for an MVC project with an Oracle database that seems similar but the question you ask does not make sense in the context. If you authenticate using windows then the real question is what AD roles is their user a member of? If they do not have a role(permission) to see the application then you don't need their password, you need to block them out and ask them to get permission to use the app – kevinskio Oct 26 '15 at 15:13

1 Answers1

0

If I understood your question than my guess what you want is have a working SAML environment under Windows which can be done with the following: https://msdn.microsoft.com/de-de/library/bb897402.aspx

Gerrit
  • 365
  • 1
  • 3
  • 19
  • I did some research (https://technet.microsoft.com/de-de/library/ff849212(v=ws.10).aspx) and this seems like a very big task to implement for only using SSO. The other problem is, that we don't have (https://docs.oracle.com/cd/E12839_01/oid.1111/e10036/basics_13_oif_what.htm) OIF, yet. – Firen Oct 23 '15 at 12:12
  • I don't know any other option if you want to skip the login for you web app – Gerrit Oct 23 '15 at 12:27