<h3>Problem</h3> <p>We want to use Windows Active Directory to authenticate a user into the application. However, we do not want to use Active Directory groups to manage authorization of controllers/views.</p> <p>As far as I know, there is not an easy way to marry AD and identity based claims. </p> <h3>Goals</h3> <ul> <li>Authenticate users with local Active Directory</li> <li>Use Identity framework to manage claims</li> </ul> <h3>Attempts (Fails)</h3> <ul> <li>Windows.Owin.Security.ActiveDirectory - Doh. This is for Azure AD. No LDAP support. Could they have called it AzureActiveDirectory instead? </li> <li>Windows Authentication - This is okay with NTLM or Keberos authentication. The problems start with: i) tokens and claims are all managed by AD and I can't figure out how to use identity claims with it. </li> <li>LDAP - But these seems to be forcing me to manually do forms authentication in order to use identity claims? Surely there must be an easier way? </li> </ul> <p>Any help would be more than appreciated. I have been stuck on this problem quite a long time and would appreciate outside input on the matter. </p>

<p>Just hit AD with the username and password instead of authenticating against your DB</p> <pre class="prettyprint lang-cs prettyprint-override"><code>// POST: /Account/Login [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task<ActionResult> Login(LoginViewModel model, string returnUrl) { if (ModelState.IsValid) { var user = await UserManager.FindByNameAsync(model.UserName); if (user != null && AuthenticateAD(model.UserName, model.Password)) { await SignInAsync(user, model.RememberMe); return RedirectToLocal(returnUrl); } else { ModelState.AddModelError("", "Invalid username or password."); } } return View(model); } public bool AuthenticateAD(string username, string password) { using(var context = new PrincipalContext(ContextType.Domain, "MYDOMAIN")) { return context.ValidateCredentials(username, password); } } </code></pre>

How to use Windows Active Directory Authentication and Identity Based Claims?

Problem

We want to use Windows Active Directory to authenticate a user into the application. However, we do not want to use Active Directory groups to manage authorization of controllers/views.

As far as I know, there is not an easy way to marry AD and identity based claims.

Goals

Authenticate users with local Active Directory
Use Identity framework to manage claims

Attempts (Fails)

Windows.Owin.Security.ActiveDirectory - Doh. This is for Azure AD. No LDAP support. Could they have called it AzureActiveDirectory instead?
Windows Authentication - This is okay with NTLM or Keberos authentication. The problems start with: i) tokens and claims are all managed by AD and I can't figure out how to use identity claims with it.
LDAP - But these seems to be forcing me to manually do forms authentication in order to use identity claims? Surely there must be an easier way?

Any help would be more than appreciated. I have been stuck on this problem quite a long time and would appreciate outside input on the matter.

How do I use authentication in Active Directory?

Here's how the authentication process goes:The client requests an authentication ticket from the AD server. The AD server returns the ticket to the client. The client sends this ticket to the Endpoint Server. The Server then returns an acknowledgment of authentication to the client.

How does claims-based authentication work?

Claims-based authentication is a mechanism which defines how applications acquire identity information about users. When a user tries to access a restricted section of Kentico, for example the administration interface, the system redirects the user to a logon page of an Identity provider.

How do I use Microsoft Identity Azure AD to authenticate your users?

Enable Azure Active Directory in your App Service app. Sign in to the Azure portal and navigate to your app. Select Authentication in the menu on the left. Click Add identity provider.

How do I use Windows authentication?

On the taskbar, click Start, and then click Control Panel. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off. Expand Internet Information Services, then World Wide Web Services, then Security. Select Windows Authentication, and then click OK.

Just hit AD with the username and password instead of authenticating against your DB

// POST: /Account/Login [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task<ActionResult> Login(LoginViewModel model, string returnUrl) {     if (ModelState.IsValid)     {         var user = await UserManager.FindByNameAsync(model.UserName);         if (user != null && AuthenticateAD(model.UserName, model.Password))         {             await SignInAsync(user, model.RememberMe);             return RedirectToLocal(returnUrl);         }         else         {             ModelState.AddModelError("", "Invalid username or password.");         }     }     return View(model); }  public bool AuthenticateAD(string username, string password) {     using(var context = new PrincipalContext(ContextType.Domain, "MYDOMAIN"))     {         return context.ValidateCredentials(username, password);     } }

How to use Windows Active Directory Authentication and Identity Based Claims?

Tags:

authentication

asp.net-core

asp.net-identity

visual-studio-2015

claims-based-identity

Problem

Goals

Attempts (Fails)

hlyates

People also ask

1 Answers

James Sampica

Recent Activity

Donate For Us

How to use Windows Active Directory Authentication and Identity Based Claims?

Tags:

authentication

asp.net-core

asp.net-identity

visual-studio-2015

claims-based-identity

Problem

Goals

Attempts (Fails)

hlyates

People also ask

1 Answers

James Sampica

Related questions

Recent Activity

Donate For Us