How to build LDAP integration for my web app?

Question

My company develops and sells a SaaS application that has hundreds of customers. Some of our customers have asked us to support LDAP integration for authenticating user acco

Answer 1

Perhaps consider Authentication Vs Authorisation

Authentication - which user is this? Authorisation - who should be able to use the application, specified users, groups?

Currently you are implying authorisation through authentication because only those who are registered to your app are allowed to use it.

If you use a directory instead of your custom datastore then

• use the directory connection method to authenticate the user
• you (may) get authentication for free - the user is known to windows, windows can identify to iis and sqlserver, maybe no need to ask the user who they are.
• you will know of more users than have authorisation and need to apply restrictions - limit connections to a particular group.
• could store user data in the directory, rather than with your app data in the sql server.

If your users really want generic LDAP, then you want to look into (C)ldap_connect, ldap_bind_s (C#) LDAPConnection System.DirectoryServices.Protocols

Or again back to AD this Demystified .Net App single sign on might help