The client I am working with wants to consolidate user profile data into one central location instead of having it replicated in each database on each web application. I was thinking about centralizing it and using LDAP to access the data. They are a .NET shop so should I use Active Directory with LDAP? They also have a Java/PHP website that would need to access this profile data which is possible with LDAP, correct? Should I go with a custom approach? Are using customer accounts in Active Directory a best practice?
Share
Using Active Directory to store user accounts is a good choice. However, rather than exposing the AD to web applications, you can easily create an abstraction over it using the free Active Directory Federation Services 2 (ADFS2). ADFS2 implements the server side of the WS-Federation protocol. It gives you the single sign-on for free. Implementing client slide of this protocol in ASP.NET/Java/PHP is easily possible using some existing frameworks.