This project has moved and is read-only. For the latest updates, please go here.

Use of AD security and TicketSecurity concurrently

Feb 4, 2012 at 5:21 AM

We originally set up the system utilizing the TicketSecurity forms authentication and all is good.

As I read the guidance to implement Active Directory as the identity store, the system still utilizes a portion of TicketSecurity for roles, etc.

Can the system be configured to utilize the full TicketSecurity and Active Directory identy store concurrently.

We want to utilize the system for AD internal users and TicketSecurity external vendors as help staff so a combination would be ideal.

Thanks

Coordinator
Feb 4, 2012 at 9:07 AM

Not with the built-in mechanisms. I've done hybrid security in the past with other systems, but it isn't without some issues. The mechanics of how asp.net works with each provider are quite different. It can be done, but you'd have to customize the code.

You could use a custom security provider that can talk to both security systems (or act as a router to the standard AD and SQL providers, which is how I've done it in the past).

Alternately, you could setup to have two instances of TicketDesk using the same database. One instance for internal AD users, and the other for external SQL ones. The main problems you'd run into with this are:

  • Making sure only one system is sending emails, and that both systems can retrieve user's email addresses (SQL and AD store their emails differently, so both instances would need be able to get at the users' email addresses in either system (or you have to pull out the emails and cache them in a table that both systems can acccess... which would be my approach)

  • The other area you'd have issues with would be in having both instances see the display (friendly name) for the users. This is not too different from handling email addresses stored in different systems though.  

Anyway, hybrid security isn't common with any system, but TicketDesk is well positioned for being modified for that case. The security classes in the back end code are already pluggable via MEF..