>I recently had to deal with how to handle passwords. I first looked at using GPG to create the password then Hash+salt (very similar BTW). Then I realized that I had active directory tools available. So that is what I'm doing using AD to hold everything. I figured that if it was good enough for MS I guess it will work for me. You can setup user groups to control access to your app .
>
>Of course I was working with a desktop app and had a MS server available.
>
>Johnf

Hi John,

I am coming back to explore the idea/suggestion of using AD. I am trying to wrap some of the concepts of AD around what I need to do. So, if you (or anybody else who reads) don't, I want to ask a couple of questions:

1. In my application, when I/manager grant access to the application, you assign a user to a User Group (feature of the application). Say, I have to assign a person JOHN SMITH to the application, what value from the AD I need to know to set it into a field of my application?
2. When a user opens/loads the application, how do you authenticate him/her? My understanding that you "get" some value from the AD for the currently logged user (in this PC) and compare it with a value in your application database. Right?

TIA for clarifying these questions; or informing me that my understanding is wrong.