Menu
For earlier versions of .NET application templates i.e. 4.5.2 you can create a new Web Application, Change the Authentication to 'Work and School Accounts' and choose 'On-Premises'. In .NET 5 Web Application templates the 'Work and School Accounts' option does not have an 'On-Premises' option.
How do you go about authenticating via an on-premises Active Directory (LDAP) in .NET 5 using ASP.NET Identity. To be clear, I am not looking for Windows Authentication, I want to have users enter their credentials and process the authentication against the on-premises AD. IOW, users don't need to be logged into a windows machine, they can access from their mobile devices etc.
I've searched for hours to no avail but I wouldn't be surprised if the answer is out there somewhere. Any help is appreciated!
715
LDAP and On-Premises authentication are not the same thing, that's why, IMHO, On-Premises mode it's gone as "out-of-the-box" option - and also because Microsoft is pushing hardly for everyone to move to Azure cloud :)
On-Premises mode (as you can see here) is a way to use AD as a Federation provider (check this on SF), like Twitter or Facebook, if you prefer; you can use ADFS locally (if your AD support it) or in the cloud (with Azure).
If you're looking for LDAP authentication, the easiest way to work is to use the "Individual User Account" mode (which is like the old school forms auth) and using AD as source of truth for user auth with something like (check this SO article):
using System.Security;
using System.DirectoryServices.AccountManagement;
public struct Credentials
{
public string Username;
public string Password;
}
public class Domain_Authentication
{
public Credentials Credentials;
public string Domain;
public Domain_Authentication(string Username, string Password, string SDomain)
{
Credentials.Username = Username;
Credentials.Password = Password;
Domain = SDomain;
}
public bool IsValid()
{
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, Domain))
{
// validate the credentials
return pc.ValidateCredentials(Credentials.Username, Credentials.Password);
}
}
}
Anyway, if you're working with heterogeneous systems, of if you prefer to work with something more "secure", I suggest you to use OAuth2, which as out-of-the-box support in MVC 6.
If you want to use ASP.NET Identity with LDAP, you can create your personal Custom Storage Provider, as perfectly explainded here. This is not difficult, but it could be quite long to implement.
147
There is no on-premises option as .NET Core will not support WS-Fed at time of shipping. Even in older versions of .NET on-permises did not use LDAP, it used WS-Fed to talk to an ADFS server.
Very old versions of ASP.NET did have an AD membership provider but it was problematic in terms of security and did not come forward into ASP.NET 4.0
You could implement your own membership provider, but .NET Core has no LDAP/System.DirectoryService classes so you'd have to do it all from scratch, including making a library to talk LDAP via sockets.
TLDR: You cannot.
36
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
