getting started with Single Sign On / Windows Authentication

First off, The Problem:

We have a Web A开发者_开发技巧pp with a Flash front-end that talks to our ASP.NET web service via SOAP which then deals with all of our server side code (C#).

Right now, we implement a simple user sign on in our application, storing the info in our MSSQL DB.

A client has requested what I understand to be Windows authentication through our application using the currently logged in user.

So, I have been tasked with investigating this. Nobody, including myself, has any experience in this area.

I have been reading up on some basic Active Directory information, and some simple tutorials. I understand how to get access to the directory using ADSI through code. What I'm really interested in seeing is how the entire thing should be architected. I don't want to throw together a hacky solution.

Does anyone know of a good tutorial for this kind of thing or have any advice on getting started? More importantly, does this even sound viable?

I know I haven't given much information, but feel free to ask and I will provide answers.

Thanks.

Edit:

Will, to give you an idea of the scope of this, the network will include every computer in a large hospital. So yes, this is huge. Clearly I need to start small. I would like to come up with something that will work at my office first. Maybe ~10 Windows computers on a single domain. One Domain Controller.

I am also open to any good books on the subject.

If you are going to tie into Active Directory you will want to take a look at the System.DirectoryServices namespace. The implementations can vary wildly depending on your system architecture, but this should give you a good starting point.

Enjoy!