A client that I work with have an existing Active Directory for their employee information, they want to create an application that can log in using information stored in Active Directory. The application should have a web (.NET), mobile (android and iphone), and optional desktop interface.
I haven't worked with Active Directory before. I did some study on Active Directory, and here's what I understand so far:
There are 2 ways to authenticate with an Active Directory:
- By LDAP : for .NET, can use
System.DirectoryServices(andSystem.DirectoryServices.AccountManagement) namespace classes to
perform authentication. For android, iphone, I guess will have some
libraries in those platform to do LDAP query to Active Directory (any suggestion?) - By ADFS as identity provider: from what I understand, ADFS is an extension to AD that provides SSO feature, and it can be configured as identity provider, is that correct? And so .NET, android, iphone clients can use their libraries to do oauth/openid authentication with Active Directory through ADFS
Is my understanding above correct? And which way is better? Why should one use one but not the other? How does Azure AD come into this picture?
