ONLY those who have BUILT Web Application Authentication for both Enterprise Web Applications AND SAAS applications should bid. This is NOT an opportunity to LEARN, I want to leveraged experienced skills ONLY. You MUST have worked with and be knowledgeable on Active Directory Authentication. Clean code, Clear documentation, and Fast delivery will result in bonus.
I'm looking at bids to build the security component for a web application. The first client for the application will install it on site as an enterprise application, they have Active directory for Authentication. As this application will also be offered as a SAS model using a multi-tenant single database approach, it needs to address authentication this way as well. Further more, how would you handle an enterprise install for a client not using Active Directory (I assume some other LDAP authentication).
Ideally we will have a flexible authentication module to adjust to client environments. The application needs to know the user-ID to be passed to the SQL Server DB where a table mapping the User-ID to a staff number will facilitate row & column security.
It should be adjustable in the [url removed, login to view] (or if you have a better idea, do that) to allow a selection of the login method :
Single Sign on (SOS), Web Forms, SAAS.
It should also allow setting the Authentication method (LDAP, Active Directory, others...)
Set to SOS, user enters the URL and via pass-through authentication the landing page is returned showing information from SQL tied to the user.
Set to Web Forms, user enters the URL and is presented a log-in screen, enters their credentials, is authenticated, the landing page is returned showing information from SQL tied to the user.
Once authenticated, and on the landing screen (via SOS or Web Forms original authentication), a "lock" button needs to be available on the landing page. Clicking this hides the current session and displays the Web Forms log-in. The user can log back into the application under a different user id (one that may not agree with the windows authentication, so Session must be cleared and reset or if the same user logs back in it should return to the current session where they left) This is to allow users to hide & lock their session and to return later OR access the application from a computer that is not their own.
-Documentation of approach and components,
-Documented Tests you performed
-SQL components (tables, Procedures, Views),
[url removed, login to view] Application (C#, .net 4.0) and associated components ([url removed, login to view], dll's),
-UI to configure the authentication settings,
-Web forms log-in page,
-A Landing page with "lock" button that displays information about the user from SQL Server (the authentication info is fine)