AD Engineering Question

  • Thread starter Thread starter Yvonne
  • Start date Start date
Y

Yvonne

What issues, if any, will companies have in the Windows domain if Active
Directory is used only for authentication but not authorization?
Authorization will be handled by another application.


Thanks in advance!
Yvonne
 
In
Yvonne said:
What issues, if any, will companies have in the Windows domain if
Active Directory is used only for authentication but not
authorization? Authorization will be handled by another application.


Thanks in advance!
Yvonne
Click to expand...

Curious, authorization for what? To logon on to the domain? Are you talking
about a using a smart card?

In some cases, some folks would look at authorization and authentication as
the same. Can you please elaborate on what is being authenticated and what
you want authorized and to what (service, app, resource, etc)?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Microsot Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================
 
Yvonne said:
What issues, if any, will companies have in the Windows domain if Active
Directory is used only for authentication but not authorization?
Authorization will be handled by another application.
Click to expand...

None at all.
If you want to have a user authenticate to AD (Logon/authentication) and
then use some other method of controlling access to resources
(authorization) you can.
It would be entirely up to you to make this authorization work etc.
(Obviously the Windows model does both with the AD authentication then
producing the relevant tokens to allow for ACL based security and thus
authorisation - how you code your solution is up to you.)
--

Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups
 
AD and authentication will be fine. Can't vouche for authorization in that case.

Sounds a trifle odd though. Consider if users are logging in interactively via
Windows logon, Windows is authorizing that interactive logon. If this is web
based stuff, then obviously you can break this up effectively.
 
Back
Top