Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AngularJS with .NET Web API: Authentication with AD

I have a .NET Web API with a bunch of end points/methods that an Angular App calls. I want to now implement the login system against our active directory, and wondering what my options are.

Back in the days, it was simple: windows or forms authentication, and then just some simple configuration in the web.config, and may be a custom provider. But now it seems like there are a lot more options with OWIN, OAuth, token based authentication, etc.

Where do I start? I have a form with username, password, and a login button on the Angular app, and I have the active directory in the backend. What should happen after the user hits the login button? Any direction would help.

Thanks.

like image 332
Prabhu Avatar asked Dec 19 '14 21:12

Prabhu


1 Answers

Well, it depends on what you actually need.

If you want to authenticate only AD users then you can try authenticate in AD on their behalf and in case of success you return either token or authentication cookie.

But I don't think it is a good idea to make users use their domain password unless you have two factor authentication.

It's better to extend AD schema with additional data for authentication through your service or even to have standalone auth server with associated domain user info. Look how it is done in SQL server (but in reverse direction): you need to define internal user corresponding to domain login. This approach allows you to have users that do not belong to AD, sometimes this can be important for outsourcing some tasks.

Look at IdentityServer

like image 192
Pavel Voronin Avatar answered Sep 20 '22 20:09

Pavel Voronin