Just looking for clarification on the above topics. There are a number of domains with their own AD The domain where my ASP.NET application is running hosts the ADFS server (the root domain) there are TRUSTs established between each domain and the root domain Then there shouldn't be a problem? I don't use Forms authentication, instead I explictly need to say in the web.config that I'm using ADFS, am I right? How does ADAM fit into all of this? I don't see that I need it, as each domain has their own AD. ADAM is a separate user-store to AD? Is this right, or am I waaaaay off? Thanks

Reputation: 10291

ADFS and ASP.NET

Just looking for clarification on the above topics.

There are a number of domains with their own AD
The domain where my ASP.NET application is running hosts the ADFS server (the root domain)
there are TRUSTs established between each domain and the root domain

Then there shouldn't be a problem? I don't use Forms authentication, instead I explictly need to say in the web.config that I'm using ADFS, am I right?

How does ADAM fit into all of this? I don't see that I need it, as each domain has their own AD. ADAM is a separate user-store to AD?

Is this right, or am I waaaaay off?

Thanks

Upvotes: 1

Answers (2)

rbrayb

Reputation: 46720

Normally, if you put ADFS on top of AD, the trusts are between the instances of ADFS, not between the instances of AD. You normally remove these trusts.

ADFS doesn't use ADAM out the box. You already have AD. If you need to use ADAM, you have to add another attribute store.

Upvotes: 0

Martin D

Reputation: 111

"...Then there shouldn't be a problem?"

It's not clear from your question, but if the expectation is that users from the "any number of domains" should be able to authenticate to the ADFS server using Windows Integrated Auth, then the answer is yes, there shouldn't be a problem.

"I don't use Forms authentication, instead I explictly need to say in the web.config that I'm using ADFS, am I right?"

If you're referring to telling ADFS whether to use Windows Integrated Auth rather than Forms Auth, you want to make sure that <add name="Integrated" page="auth/integrated/"/> is the first item in the localAuthenticationTypes section of the ADFS site's web.config.

If you're referring to telling your ASP.NET application to use ADFS to authenticate users, you'll want to install Windows Identity Foundation and use the Add STS Reference feature to set up the web.config.

How does ADAM fit into all of this? I don't see that I need it, as each domain has their own AD. ADAM is a separate user-store to AD?

Yeah, if you already have your users in AD, you don't have a need for ADAM. ADAM -- now known as AD LDS -- is just a light-weight, standalone user store.

Upvotes: 1

ADFS and ASP.NET

Answers (2)

Related Questions