My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Wednesday, February 25, 2004
« Foundstone's Free Tools for Assessment, ... | Main | TechTV Today: How to Break Code »

In Single Sign-on Enterprise Security for Web Applications Paul shows how to create a solution that enables multiple intranet applications to share a single sign-on for security. It's an excellent solution to a common customer request. This is the article that goes along with the recent webcast he gave just the other day (which is now available on-demand).

[Kent Sharkey's blog]

Interesting article, but a bit... hmmm... .

I guess if you define "Enterprise" as consisting of ONLY Microsoft technologies, this is a possible solution.  The problem is that a true Enterprise is often a mix of varied technologies. Most large organizations who are classified as Enterprises consist of a mix of technologies from Mainframe to *nix to Portal solutions that may be running on other platforms.  The solution proposed does not address such a mix and I do not believe that Microsoft has an out of the box solution that addresses the issue.

In addition, why would I want to run through all these gyrations? If I am in an environment that has standardized on Microsoft Technologies (AD for a directory Store, WinTel Servers for Web Servers), why would I simply not use Windows Auth instead for Forms Authentication?

And If I want to mix Windows and Forms Authentication, why not add Paul Wilson's Technique for mixing for Forms and Windows auth [1] into the mix?

I must be missing something here...

[1] http://msdn.microsoft.com/asp.net/archive/default.aspx?pull=/library/en-us/dnaspp/html/mixedsecurity.asp

[Now Playing: Zinda Rehti Hain Mohabbatein - Mohabbatein]

Tags:: Security
2/25/2004 11:36 PM Eastern Standard Time  |  Comments [0]  |  Disclaimer  |  Permalink   
Comments are closed.