Geek Answers Handbook

Individual Asp.Net Identity Accounts Using LDAP

I am using VS 2013 Asp.net 4.5.1 and have created an internal webforms application using the "Individual user accounts" option for authentication. I want to use LDAP to authenticate users and use the SQL database created for the User Accounts option to store user information and roles. We do not have Active Directory Federation Services (AD FS), so I cannot use the level authentication method.

AD username will be stored in SQL DB

How can I authenticate users using LDAP and then use AspNet.Identity.EntityFramework to get user and role information from an SQL database?

+7
asp.net-identity ldap
source share
3 answers

You can use this implementation as an example, this is the UserStore client for RavenDB:

Configure ASPNET Authentication for RavenDB

This video series describes how to work with security in .NET (the second video explains how to do this).

Configure ASPNET authentication with authentication

+1
source share

Brock Allen discusses how to implement an “external login” in his extensive article on new identification patterns using External logins .

Active Directory Federation Services (ADFS) supports many authentication protocols, including SSO. However, if this is just POWA authentication (simple Windows authentication), IIS will support this out of the box. You would simply specify the Active Directory (AD) user / AD group in your web.config Authentication node and use the Identity.Name field to search for user information in lazy loading and / or mod-request caching.

For claims-based authentication using ADFS, you can emulate how it works using the Identity and Access Tool and selecting the Use local STS option.

0
source share

Why not save profiles and roles in LDAP (ADLDS)? ADLDS does a great job of tracking down multi-valued attributes that I find useful. A role (group membership) in ADLDS is reflective (you can request a role for members or request a user for their membership in roles). ADLDS also provides referential integrity — you cannot have a member in a role if the member does not exist. I think you are facing serious referential integrity issues with accounts and profiles in two separate stores or learning to love a distributed transaction coordinator.

0
source share

More articles:


All Articles