Authenticate against a domain using a specific machine?

Question

Background

We are transitioning to Claims-Based auth in our app (on .NET 4.5) We currently have authentication via Asp.net membership & domain auth working correctly.

The domain portion looks like this (generalized a little):

var context = new PrincipalContext(ContextType.Domain, ADDomainName);
return context.ValidateCredentials(username, password);

Problem / Goal

Sometimes we (or some consultants we use) are on a VPN connection using machines that can see our domain servers, but that aren't members of our domain.

It would be a great help to test the app from a machine that isn't on the domain, rather than having to fire up a machine that is on the domain in order to check.

Question

Is there a way to perform domain authentication against a domain controller from a machine that isn't on the domain? I haven't been able to find any research on it thus far.

Answer 1

You can use LDAP authentication and specify credentials from your code:

using(var context = new PrincipalContext(ContextType.Domain, "mydomain", @"mydomain\serviceAcct", "serviceAcctPass")) 
{
    //Username and password for authentication.
    return context.ValidateCredentials(username, password); 
}

Or, run your authenticating server under runas /netonly, which lets you run with domain network credentials from a workgroup joined computer

rem if your server is standalone
runas /netonly /user:mydomain\consultantaccount C:\dev\sts\ipsts.exe

rem or you can have it in IIS Express:
runas /netonly /user:mydomain\consultantaccount "iisexpress /path:c:\dev\sts\ /port:9090 /clr:v2.0"

I will note that I have not actually checked whether /netonly will work in this context, so if you end up trying it, I'd be interested to hear if it worked.