Kirk Evans Blog

.NET From a Markup Perspective

Resources on AD, ADAM, and MIIS

How often have you written code that accesses a custom database table to manage a user’s ID and password, then queries a custom table for roles for the user, and written UI screens to manage the data?  What if you could implement a more secure and manageable solution in a fraction of the time? 

I admit, you typically implement security in an application once and leave it alone.  If you have a new project, you use techniques you are familiar with, like weird QueryString decorations and hidden form field tricks.  The need to learn different approaches for security for architects and developers pulling double-duty only comes up once every so often, and projects have this funny way of imposing deadlines that don’t include research time.  Every project has this mythical dream state of “downtime”.  You know, the time after the project has shipped where everyone can sit back and relax. The problem is that Line of Business applications rarely get to this state: there are constant maintenance issues, triage reports, and feature requests.  You just don’t get time to learn a new trick or go back and fix something that, in management’s eyes, ain’t broke.

Over the past 2 weeks, I have been working on 3 different presentations at the same time, one being a presentation on ADAM for a corporate development group.  As I built the presentation and demos, I thought about the types of questions that I see in newsgroups and forums, and the types of discussions we have at the local user groups regarding authentication, authorization, and personalization.  Then it hit me: this is something that an enormous number of man hours are burned on for many projects.  Developers like to create their own solutions for login, but are unaware of the solutions that already exist. 

Some of the solutions I have heard about (use a hidden frame and JavaScript to support SSO in web apps, create your own authentication key and decorate th QueryString) are so simple to hack that it scares me… and here they are recommending the same to others.

The breakdown is pretty easy.  How do you implement SSO for Windows?  Active Directory.  What if I want to add lots of settings for an application without affecting AD?  ADAM.  What if I want to manage passwords and synchronize users across directories?  MIIS.