C# – ASP.NET 5 / MVC 6 On-Premises Active Directory

active-directoryasp.net-core-mvcasp.net-identitycldap

For earlier versions of .NET application templates i.e. 4.5.2 you can create a new Web Application, Change the Authentication to 'Work and School Accounts' and choose 'On-Premises'. In .NET 5 Web Application templates the 'Work and School Accounts' option does not have an 'On-Premises' option.

How do you go about authenticating via an on-premises Active Directory (LDAP) in .NET 5 using ASP.NET Identity. To be clear, I am not looking for Windows Authentication, I want to have users enter their credentials and process the authentication against the on-premises AD. IOW, users don't need to be logged into a windows machine, they can access from their mobile devices etc.

I've searched for hours to no avail but I wouldn't be surprised if the answer is out there somewhere. Any help is appreciated!

Best Answer

LDAP and On-Premises authentication are not the same thing, that's why, IMHO, On-Premises mode it's gone as "out-of-the-box" option - and also because Microsoft is pushing hardly for everyone to move to Azure cloud :)

On-Premises mode (as you can see here) is a way to use AD as a Federation provider (check this on SF), like Twitter or Facebook, if you prefer; you can use ADFS locally (if your AD support it) or in the cloud (with Azure).

If you're looking for LDAP authentication, the easiest way to work is to use the "Individual User Account" mode (which is like the old school forms auth) and using AD as source of truth for user auth with something like (check this SO article):

    using System.Security;
    using System.DirectoryServices.AccountManagement;
    public struct Credentials
    {
        public string Username;
        public string Password;
    }

    public class Domain_Authentication
    {
        public Credentials Credentials;
        public string Domain;
        public Domain_Authentication(string Username, string Password, string SDomain)
        {
            Credentials.Username = Username;
            Credentials.Password = Password;
            Domain = SDomain;
        }
        public bool IsValid()
        {
            using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, Domain))
            {
                // validate the credentials
                return pc.ValidateCredentials(Credentials.Username, Credentials.Password);
            }
        }
    }

Anyway, if you're working with heterogeneous systems, of if you prefer to work with something more "secure", I suggest you to use OAuth2, which as out-of-the-box support in MVC 6.

Update

If you want to use ASP.NET Identity with LDAP, you can create your personal Custom Storage Provider, as perfectly explainded here. This is not difficult, but it could be quite long to implement.

Related Topic