Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Help understanding with Active Directory and application
Message
De
01/05/2007 13:25:01
Naomi Nosonovsky
Wisconsin, États-Unis
 
Information générale
Forum:
Visual FoxPro
Catégorie:
Codage, syntaxe et commandes
Titre:
Re: Help understanding with Active Directory and application
Versions des environnements
Visual FoxPro:
VFP 8 SP1
OS:
Windows XP SP2
Network:
Windows 2003 Server
Database:
MS SQL Server
Divers
Thread ID:
01221565
Message ID:
01221574
Vues:
15
Tracy Holzer done that.

Re: Don't logon, just check logon and password Thread #1148711 Message #1149334

>I have been asked several times in the last 6 months into allow for integration of our application with Active Directory. By "being asked", I mean our sales rep has been asked either directly by a client or in a RFP if our application can integrate with Active Directory. I'm not sure exactly what they mean, and the sales reps have not been able to get much more than "Single Sign On". Single Sign-on is about the only thing I can see providing since all of our user rights are based on the user who is signed into the application, not defined outside of the application.
>
>I have searched the last few days on VFP and Active directory and have found the ADSBROWS.EXE application, and it does query the Active Directory, along with a few ValidateLogin type functions.
>
>What I'm thinking and asking for is input (how-to's if you've got them) on how best to achieve a single sign-on. It is my thought, that when a user account is defined in my application, an active directory login key of some fashion is stored for that user account. When the application starts, it checks the user account logged into the workstation, finds that record (based off a unique user name) gets the active directory key, then queries the active directory key against AD and determines if they are members of the OU and Group that is also part of the user record.
>
>Our major client has 50+ facilities in their active directory domain (myclient.net) Each facility has 1000+ overall users in the active directory. Now at each facility we have been 25 - 200 users who access our application. I'm assuming (asking?) that within active directory each facility is defined as an OU? and that each our would have a Group defined for users who could run my application. But I don't really know how AD is setup.
>
>Could I maybe, get the domain/user account from the workstation login. Query the groups associated with that login and if one them matches the group stored in my user account record, assume they are allowed to run the application?
>
>I'm sorry this is so broad, but I'd appreciate any thoughts on this subject.
>
>Thanks
>
>Kirk
If it's not broken, fix it until it is.


My Blog
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform