How to use active Directory for ASP.Net 5 (MVC6) Intranet application

Question

I am developing an intranet application and would like to use the existing organisations Active Directory for user authentication and policy based role authorisation.

Can someone point me in the right direction? I am getting a bit confused (well actually a lot confused).

Thankyou

Answer 1

Per Authentication and Autorization resources under http://docs.asp.net/en/latest/security/index.html

First start a new ASP.Net Web Application project, Pick the Web Application template then on the right pane press the "Change Authentication" button and pick "Windows Authentication".

You can now use [Authorize] on a class or method to check basic authentication vs active directory as of RC2 you can simply use the group names ala [Authorize(Roles=@"DOMAIN\GROUP")]

The now obsolete and cumbersome alternative (still works):

If you look at User.Claims you can see the groupsid keys exist for each of the user's groups. Building off that you can do something like [Authorize(Policy="FOOBAR")] and define it in your Startup.ConfigureServices method via

        services.AddAuthorization(
            o => o.AddPolicy(
                "FOOBAR",
                p => p.RequireClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid",
                    "ENTER GROUP SID")
                ));

Note that the second param to RequireClaim is a string array to allow for multiple groups.

Also note to figure out group ids via this command line magic dsquery group -name “ENTER GROUP NAME” | dsget group -sid