CODEWITHSUNDEEP
asp.netasp.net-mvcactive-directoryldapasp.net-identity
F_Z_14
F_Z_14

Reputation: 295

LDAP Authentication with Asp.NET Identity

I trying impliment Active Directory authentication for my ASP.NET MVC application. I use System.DirectoryServices and during login find user in UserManager. If user not found I'm trying find user in Active Directory and if successful register user in asp.net mvc app with UserManager.CreateAsync().

    private ApplicationUserManager _userManager;
    private ApplicationRoleManager _roleManager;

    //
    // POST: /Account/Login
    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<ActionResult> Login(LoginViewModel loginModel, string returnUrl)
    {
        if (ModelState.IsValid)
        {
            var user = await UserManager.FindAsync(loginModel.UserName, loginModel.Password);
            if (user != null)
            {
                await SignInAsync(user, loginModel.RememberMe);
                return RedirectToLocal(returnUrl);
            }

            string userFullName;
            if (AuthenticateActiveDirectoryUser("mydomain.local", loginModel.UserName, loginModel.Password, out userFullName))
            {
                var newUser = new ApplicationUser { UserName = loginModel.UserName, FullName = userFullName };
                var result = await UserManager.CreateAsync(newUser, loginModel.Password);                   

                if (result.Succeeded)
                {
                    await SignInAsync(newUser, loginModel.RememberMe);
                    return RedirectToLocal(returnUrl);
                }

                AddErrors(result);
            }
            else
            {
                ModelState.AddModelError("", "Invalid UserName or Password");
            }
        }

        return View(loginModel);
    }

    private bool AuthenticateActiveDirectoryUser(
        string domain,
        string username,
        string password,
        out string fullName)
    {
        fullName = string.Empty;

        var domainAndUsername = string.Format("{0}\\{1}", domain, username);
        var ldapPath = "";
        var entry = new DirectoryEntry(ldapPath, domainAndUsername, password);
        try
        {
            // Bind to the native AdsObject to force authentication.
            var obj = entry.NativeObject;
            var search = new DirectorySearcher(entry) { Filter = "(SAMAccountName=" + username + ")" };
            search.PropertiesToLoad.Add("cn");
            var result = search.FindOne();
            if (result == null)
                return false;

            try
            {
                fullName = (string)result.Properties["cn"][0];
            }
            catch
            {
                fullName = string.Empty;
            }
        }
        catch (Exception ex)
        {
            return false;
        }

        return true;
    }

But in my implementation ignored cases if user change password in Active Directory account or AD Account was deleted. I can check it manually in my code, but maybe exists other ways in ASP.NET Identity to implement authentication by Active Directory user account?

Upvotes: 7

Views: 3209

Answers (1)

Shomaail
Shomaail

Reputation: 493

see if this can help u 

    protected bool ActiveDirectoryLogin(string Username, string Password, string Domain)
{
    bool Success = false;
    //System.DirectoryServices.DirectoryEntry Entry =
    //    new System.DirectoryServices.DirectoryEntry("LDAP://***.**.**.**:389/cn=***-People,o=**,dc=**,dc=edu,dc=sa", "uid=" + Username + ",cn=***-People,o=***,dc=***,dc=edu,dc=sa", Password, AuthenticationTypes.None);

    System.DirectoryServices.DirectoryEntry Entry =
        new System.DirectoryServices.DirectoryEntry("LDAP://ldapmaster.***.edu.sa:389/cn=***-People,o=***,dc=***,dc=edu,dc=sa", "uid=" + Username + ",cn=***-People,o=***,dc=***,dc=edu,dc=sa", Password,AuthenticationTypes.None);

    //System.DirectoryServices.DirectoryEntry Entry =
    //    new   System.DirectoryServices.DirectoryEntry("LDAP://ldapmaster.***.edu.sa:389/cn=***-People,o=***,dc=***,dc=edu,dc=sa", Username , Password, AuthenticationTypes.None);

    System.DirectoryServices.DirectorySearcher Searcher = new System.DirectoryServices.DirectorySearcher(Entry);
            try
    {

        Object nat = Entry.NativeObject;
        Success = true;
//            System.DirectoryServices.SearchResult Results =     Searcher.FindOne();
//            Success = (Results != null);

    }
    catch (Exception e)
    {
        Success = false;
    }

    return Success;
}

Upvotes: 1

Related Questions