Using Active Directory authentication for external web site?

By ralphgauer ·

A client has a WS 2000 server with Active Directory handling authentication for users on their network. I would like for their AD authentication to allow them onto a web site that is hosted externally to their network. All users run a fairly narrow range of MS software, and specifically IE of various recent versions.

The separate web site hosts sensitive information and currently has a php/Unix access control system tracking sessions and state, but I am willing to explore all possibilities leading to a single sign-on. Really, I lack a conceptual understanding of where to look next....

Can someone refer me to reading materials -- and the names of the appropriate MS technologies -- for me to pursue? Is AD intended to share credentials across an Internet connection? Any guidance welcome.

Finally, would an external MS-based web server offer solutions that are better suited to this need? It is a given that the web server must be external to their network... but to some extent the OS is not critical.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

AD Authentication

by p.j.hutchison In reply to Using Active Directory au ...

Yes, it can be done. You need an IIS server, Visual Studio .NET, an AD user for IIS for Anon access to replace IUSR_name and some source code:

Then a user can supply their AD user/password to gain access to the web site via a simple login page.

Collapse -

Thanks.... but turning the scenario around a bit....

by ralphgauer In reply to AD Authentication


Thanks.... The users authenticate within the network (typically when they sign on to their PC in the morning). Is it possible for an external web site to recognize this? The user is first authenticated by AD within the network, and then can be recognized externally in some way?

Excellent KB article... and thanks.


Collapse -

External access

by p.j.hutchison In reply to Thanks.... but turning th ...

If the web site is external, then I do not think it would work as the external web server will need access to your AD domain.
For external web sites, I suggest using a SQL database to store usernames and passwords instead as other web sites do...

For example:

Collapse -


by ralphgauer In reply to External access


Thanks... less elegant, but the approach I was considering. I was hoping to avoid maintaining two databases of authenticated users...

Thanks very much!


Collapse -

There are many solutions

by docdawning In reply to Using Active Directory au ...

Howdy indeed there are many ways of getting things to authenticate with AD.

You don't have to use MS web stuff for it at all though. Probably largely thanks to AD largely being an LDAP implementation.

Here's an example of a PHP authentication web application that I'm told will work with A

Moodle is a web-application I administer that uses PHP and I have rigged up to talk to our AD server - there's another example (that's Linux, Apache, MySQL, PHP).

Related Discussions

Related Forums