I have been working at a client that uses FB authentication model to authenticate all users and to create new users. This works great as everything is with the SQL Server and you could associate users to different locations/departments, which are defined in SQL Server.
However, there are scenarios where internal users need to log to SP site and they don’t necessarily have to use their FB authentication. There are other scenarios where the user may not exist in FB system, but in order to use the system they have to be created/registered in FB system. It would be really cool, if we could have the system in such a way that when an AD user logs to the SP Site, the system looks if the user exists in the FB database, if not, then checks a flag to see if I can auto add this new user all at once.
How do you do such a thing where you can auto add an AD user with their groups as they are mapped to different locations the user exists and their other data(Title/Phone…etc)? This involves a couple of different components within SP/.NET world. First, you would need to examine the claims the user is bringing when coming via AD world. This is the most important step in the process as if you cannot find the UPN, then everything will break. You would need to have the email address of the AD user also to examine if the system already has a user in the database. We have an assumption that FB/AD user have the same email address as technically they are 2 different users, but we trying to impersonate AD user with FB user. The next thing you would need is to use the identity framework to examine what are the groups users belongs to so that you can map them to locations/departments in the system. Finally, you would need to active User Profile Service in order to extract other pieces of information like Title, Phone number etc. Once you have collected all this data, you can easily go ahead and create the FB user with this information.
Thereafter, every time an AD user logs into the system, we query the db to find associated FB user and then make every single call as if the FB user is making. This is in brief how you would marry AD with FB
