Geek Answers Handbook

LDAP Authentication with Asp.NET Authentication

I am trying to implement Active Directory authentication for my ASP.NET MVC application. I use System.DirectoryServices and during login at UserManager. If the user is not found, I try to find the user in Active Directory and if I can register the user in the asp.net mvc app with UserManager.CreateAsync ().

private ApplicationUserManager _userManager; private ApplicationRoleManager _roleManager; // // POST: /Account/Login [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task<ActionResult> Login(LoginViewModel loginModel, string returnUrl) { if (ModelState.IsValid) { var user = await UserManager.FindAsync(loginModel.UserName, loginModel.Password); if (user != null) { await SignInAsync(user, loginModel.RememberMe); return RedirectToLocal(returnUrl); } string userFullName; if (AuthenticateActiveDirectoryUser("mydomain.local", loginModel.UserName, loginModel.Password, out userFullName)) { var newUser = new ApplicationUser { UserName = loginModel.UserName, FullName = userFullName }; var result = await UserManager.CreateAsync(newUser, loginModel.Password); if (result.Succeeded) { await SignInAsync(newUser, loginModel.RememberMe); return RedirectToLocal(returnUrl); } AddErrors(result); } else { ModelState.AddModelError("", "Invalid UserName or Password"); } } return View(loginModel); } private bool AuthenticateActiveDirectoryUser( string domain, string username, string password, out string fullName) { fullName = string.Empty; var domainAndUsername = string.Format("{0}\\{1}", domain, username); var ldapPath = ""; var entry = new DirectoryEntry(ldapPath, domainAndUsername, password); try { // Bind to the native AdsObject to force authentication. var obj = entry.NativeObject; var search = new DirectorySearcher(entry) { Filter = "(SAMAccountName=" + username + ")" }; search.PropertiesToLoad.Add("cn"); var result = search.FindOne(); if (result == null) return false; try { fullName = (string)result.Properties["cn"][0]; } catch { fullName = string.Empty; } } catch (Exception ex) { return false; } return true; }

But in my implementation, the cases when the user changed the password in the Active Directory account or AD account were ignored. I can verify this manually in my code, but maybe there are other ways in ASP.NET Identity to implement authentication with an Active Directory user account?

+5
source share
1 answer

see if this can help u

  protected bool ActiveDirectoryLogin(string Username, string Password, string Domain) { bool Success = false; //System.DirectoryServices.DirectoryEntry Entry = // new System.DirectoryServices.DirectoryEntry("LDAP://196.15.32.161:389/cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa", "uid=" + Username + ",cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa", Password, AuthenticationTypes.None); System.DirectoryServices.DirectoryEntry Entry = new System.DirectoryServices.DirectoryEntry("LDAP://ldapmaster.kfupm.edu.sa:389/cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa", "uid=" + Username + ",cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa", Password,AuthenticationTypes.None); //System.DirectoryServices.DirectoryEntry Entry = // new System.DirectoryServices.DirectoryEntry("LDAP://ldapmaster.kfupm.edu.sa:389/cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa", Username , Password, AuthenticationTypes.None); System.DirectoryServices.DirectorySearcher Searcher = new System.DirectoryServices.DirectorySearcher(Entry); //Entry.Username = "uid="+Username + ",cn=KFUPM-People,o=KFUPM,dc=kfupm,dc=edu,dc=sa"; //Entry.Password = Password; //Entry.AuthenticationType = AuthenticationTypes.None; // Searcher.SearchScope = System.DirectoryServices.SearchScope.Subtree; try { Object nat = Entry.NativeObject; Success = true; // System.DirectoryServices.SearchResult Results = Searcher.FindOne(); // Success = (Results != null); } catch (Exception e) { Success = false; } return Success; }
0
source

More articles:


All Articles