How to use identity server for authenticating active directory users?

Question

I want to use identity server for authenticating and authorizing my users. I want only for users resource use active directory users and for roles etc I want to use from asp.net identity.

Also i don't want to use windows authentication to authenticate.

I'm using identity server 4 and asp.net core 3.2.

services.AddIdentityServer().AddDeveloperSigningCredential()
    //.AddTestUsers(Config.GetUsers())
    .AddInMemoryIdentityResources(Config.GetIdentityResources())
    .AddInMemoryClients(Config.GetClients());

Answer 1

First of all, You need to install below package to use ActiveDirectory features.

Install-Package Microsoft.Windows.Compatibility 

Secondly, You need to implement IResourceOwnerPasswordValidator and check user password with ActiveDirectory within that.

public class ActiveDirectoryResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
{
    public Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
    {
        const string LDAP_DOMAIN = "exldap.example.com:5555";

        using (var pcontext = new PrincipalContext(ContextType.Domain, LDAP_DOMAIN, "service_acct_user", "service_acct_pswd"))
        {
            if (pcontext.ValidateCredentials(context.UserName, context.Password))
            {
                // user authenticated and set context.Result
            }
        }

        // User not authenticated and set context.Result
        return Task.CompletedTask;
    }
}

Then register it on Startup.cs

services.AddSingleton<IResourceOwnerPasswordValidator, ActiveDirectoryResourceOwnerPasswordValidator>();