Best Approch for Generic Authentication Framework

We have got multiple application that uses different way of authetication to authenticate user. Almost all application are developed in WPF but there are few application which are developed in ASP.NET and Silverlight.

Our ultimate goal is that every application that we had developed alread开发者_C百科y and those we develop in future will use a common authetication famework to authenticate user and this framework will return the status of the authentication

What would be the best approch for this? Is it feasible to developed such system? Has anyone did it past?

Any suggestion/question/critics are welcome.

Thanks

At the moment I am trying two approaches.

1st approch is to develop a WCF service using windows integrated user. This service will then get associated windows groups from AD server. Based on groups this gets applications from a pre-configured database and shows it to the user.

2nd approch is to use Windows Identity Framework (my ideal choice) which will read groups and just authenticate that user. Once authenticated request is forwarded to another WCF service which will give available applications to the original user. Only drawback for this is, it can only work on Windows 7 desktop (for development with VS2010) and Windows 2003 (with new AD service). Second can easily be replace by custom module for authentication with existing AD system but first one can't, so I will have to wait till my work PC gets upgraded to Windows 7.

Let me know others' views on this.

I asssume that you mean "Generic Authentication Framework" = API to program against.

Have you looked at AzMan-Windows Authorization Manager ?

I am not shure if there is a silverlight implementation for that. But the authentification logic should be on the webserice side of the silverlight app.