Yooiks! I'm not quite sure what I want (which is a worry). WAAD vs AADDS You say WAAD is more light-weight, which probably suits us, I think.
Overall, as a coder, I want to put all authentication and permission/roles information for all of our apps and users in a single place where it can be maintained by admin staff, and it's easy to query from .NET code. Am I wrong to regard WAAD as some sort of "magic" database to where I can stuff all our vintage data? Perhaps I'm thinking like a reductionist and expecting a quick fix. If all you need to do is put WAAD authentication in front of a web app, > then this is a piece of piss. Just deploy your app into App Server or App > Service Environment and then turn on Azure AD auth. The App Service > intercepts requests and does the SAML login for you transparently. The > logged on user gets presented back to the app in a cookie. > This is a good clue. I'll look into the details of doing this. *GK*
