We have two ASP .NET web applications living on different servers. All authentication in our organization is done via Windows Authentication against Active Directory - so no username and password authentication in the web apps themselves.
We'd like to use claims based authorization and have these two web applications share information about what claims a given user has.
I'm trying to figure out how to go about this.
We have ADFS 2.0 and I know I can set up Federated Authentication using this...but where should my AD users' claims be stored and how are they hydrated and thus shared. Do the claims themselves end up in cookies after authentication?
Specifically, the scenario should be this:
- User navigates to web app 1
- Business decisions are made based on the ClaimsPrincipal's AuthorizationDecision ClaimsTypes
- Web app 1 redirects to web app 2 (or they navigate there directly later)
- Business decisions are made based on the same AuthorizationDecision ClaimsTypes' values
- Why? Because web app 1 and web app 2 both pull some common data from a third party data source - and they both need to know if the user is authorized to view certain entity types in that third party data.
Aucun commentaire:
Enregistrer un commentaire