Active Directory and SSO - who has experience?

We want to implement single sign-on functionality in our organization, but we are not quite sure what our options are and what are the advantages / disadvantages of various solutions.

-We have several old ASP sites (Active Server Pages) that should use SSO -We have several ASP.net web applications that should use SSO
-We want Sharepoint to use SSO -CRM (Biztalk?) Integration (additional information about the user, such as Address, company, etc.)

Since we are mainly Microsoft oriented .net, C #, my first idea was to use Active Directory.
I also noticed that there is something like ADAM (Active Directory Application Mode) and ADFS (Active Directory Federation Services), but I cannot say that I understand when / where they should be used.

The following is a brief overview of various web applications
- “My personal page”: the user is registered in the application where they can change their personal information together with their information company and their employees. (Asp.Net)
-E-learning application (ASP)
-CMS for web publishing (ASP.Net)
-Sharepoint sites

I really could not find articles that could tell me: “AD is a great choice !, you can use it everywhere,” so if anyone has experience / feedback to give me this, it’s really useful.

Also: how to manage rights / roles? Whether all access rights / roles / roles for each application should be stored in AD or should be stored in the applications themselves.

IE: AD stores roles:
"Cms" <-allows you to log in cms
"Cms.Article.AddAllowed" <-allows you to add article
"Cms.Article.DeleteAllowed" <- allowed to delete the article

, AD , , ,

AD: "Cms" < - cms

Cms:
"Article.AddAllowed" < -
"Article.DeleteAllowed" < -

, , AD, , Cms cms?

? , AD, ?

, !