What does “active directory integration” mean in your .NET app?

Question

Our marketing department comes back with \"active directory integration\" being a key customer request, but our company does not seem to have the attention span to (1) decide on

Answer 1

As someone who is both the AD Administrator and is currently developing an internal app which needs to be AD-integrated, here are my thoughts:

• Active Directory users have a unique GUID; if your app needed to support both AD and AspNetSqlMembership authentication, you could have a GUID FK field in your User/Person table and a flag denoting which information store the user belonged to (forms or AD)
• As an admin, I should be able to limit access to my application to users beneath a given OU - I don't want my SQL Server or BackupExec worker accounts being able to log in!
• In your documentation, use an OU other than the standard "Users" OU - most real-world implementations move their users out of this container, and for novice admins it's re-assuring to have an LDAP query example that includes OUs (e.g. MyCompany/Users/Executive or somesuch)
• If you're using AD forms authentication, then it's possible you could trap and do something malicious with the password. This is best dealt with by your legal department in your service agreement/warranty.