Active Directory Federated Services (ADFS) is a great technology to allow you to build applications in which users from one domain/company need to access resources (applications, databases, files, etc.) from within another domain in which they don't have user privileges.  ADFS keeps you from having to build hard-to-maintain solutions where users have user accounts/password on both domains, or having to create a third custom authentication database-like scheme to house users of the system.  With ADFS, you can setup a system where users can seamlessly (from the users perspective) access resources throughout their applications without being prompted with security logins.  The article linked below has a nice  walk-through on how to do it, with links to other resources.

Subscribe to Sheltonblog.com

↑ Grab this Headline Animator

From the article:

AD FS is a standards-based service that allows the secure sharing of identity information between trusted business partners (known as a federation) across an extranet. When a user needs to access a Web application from one of its federation partners, the user's own organization is responsible for authenticating the user and providing identity information in the form of "claims" to the partner that hosts the Web application. The hosting partner uses its trust policy to map the incoming claims to claims that are understood by its Web application, which uses the claims to make authorization decisions.

AD FS is Microsoft's implementation of the WS-Federation Passive Requestor Profile protocol (passive indicates that the client requirements are just a cookie- and JavaScript-enabled Web browser). AD FS implements the standards based WS-Federation protocol and Security Assertion Markup Language (SAML).

Here's a link to the article: Click here to access it

~ Robert Shelton