Why use forms-based authentication against an LDAP data store in Project Server 2007?

  • Article

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.

 

Topic Last Modified: 2007-06-14

In Microsoft Office Project Server 2003, users connecting to the server can be configured to use either Windows authentication or Project Server authentication. Project Server–authenticated user account information is stored in the Project Server database. Project Server-authenticated users are not able to use Windows SharePoint Services 2.0 without the use of a cumbersome workaround.

In Microsoft Office Project Server 2007, Project Server authentication is no longer supported. Instead, Office Project Server 2007 supports both Windows authentication and ASP.NET 2.0 forms-based authentication. In ASP.NET forms-based authentication, users are authenticated through a supported third-party membership provider, such as a Lightweight Directory Access Protocol data store or Microsoft SQL Server. Unlike Project Server–authenticated accounts, accounts relying on forms-based authentication benefit from full use of Windows SharePoint Services 3.0.

The Lightweight Directory Access Protocol (LDAP) is a directory service protocol designed to allow fast and efficient access to an existing directory. Directory services that support LDAP version 2 or 3 can be used for Office Project Server 2007 forms-based authentication.

The primary advantages of using forms-based authentication against an LDAP data store are:

  • It supports authentication against credentials stored in the Active Directory directory service on a Windows domain controller.

  • It supports authentication against LDAP data stores that do not run on the Windows operating system, such as Novell eDirectory, Novell Directory Services (NDS), or Sun ONE. Because Office Project Server 2007 is built on ASP.NET 2.0, it supports the ASP.NET 2.0 pluggable authentication provider model. This model enables you to store user credentials in a data store other than Active Directory. Novell, Linux, and Sun networks all have LDAP-supported directory services that can be used with Office Project Server 2007.

  • It allows you to manage non-employee accounts (for example, consultants or contractors) apart from Active Directory. This can be done through an external LDAP directory service, such as Active Directory Application Mode (ADAM). For more information about ADAM, see Create your LDAP data store with the Active Directory Application Mode (ADAM) directory service.

LDAP authentication scenarios

The following three scenarios are examples of how customers can use forms-based authentication against LDAP in Office Project Server 2007:

  • A company wants to give certain business partners or contract workers access to a specific set of company resources through Project Web Access. Adding them to the company Active Directory structure so that they can log on to Project Web Access with Windows authentication is not desired and is in fact prohibited through company policy. ADAM or a similar external directory service can be used to create a separate directory structure to include these users. These users can then access their company resources through an extranet site over HTTPS in which they are authenticated against the data store created with ADAM.

  • The company is on a Novell network, therefore it cannot use Windows authentication. The company decides to use LDAP authentication instead of the SQL Membership Provider because its Novell network already provides an LDAP-supported data store. The company creates a Project Web Access site in the default zone that authenticates against this data store.

  • A company previously used Project Server 2003 and users were authenticated through Project Server authentication. The company then migrates to Office Project Server 2007, in which Project Server authentication is not supported. The company uses ADAM, into which it recreates the Project Server 2003 user accounts. The company then creates a Project Web Access site in the default zone that authenticates against the data store created in ADAM or a similar external directory service.