We are in the final stages of developing a portal application, built in ASP.NET MVC, for a large organization with many subsidiaries. The portal will be used by both internal, meaning employees of the organization, and external users. The portal also has an accompanying informational CMS that is being developed in Drupal.
Since the Drupal CMS and the MVC application are running on the same domain, I've been able to share authentication between the two sites using Drupal's web services module.
Here's the latest request, which has me stumped...
The boys in marketing have now requested that when employees at the company log into Windows, they're also logged into the Portal (MVC) and the Drupal CMS.
- I'll add that this application's server will not be living within the client's domain controller.
- I don't think we're willing to enforce use of any specific browser, such as IE.
- I also add that the client is very security minded, as they should be, and getting technical/configuration support can be very difficult.
- There has to be a separate authentication process for external users, since they won't have a Window's account within the organization.
Another complication is that we've already built a fairly sophisticated user repository on top of ASP.NET Identity, which means even if a user is externally authenticated they'll still need a corresponding Identity account in the MVC application.
Is this request from marketing "a user logs into Windows, they're also logged into an external-facing, public MVC application and a Drupal CMS" even possible?
Thanks in advance.