CODEWITHSUNDEEP
asp.net-corebasic-authenticationwindows-authentication
Scott
Scott

Reputation: 236

ASP.NET Core use Windows authentication when available and user name password when it isn't

We have a web site we are developing using ASP.NET Core 5.0 that we want to allow both staff and clients access.

The staff are on the domain with Active Directory accounts and the clients are not.

We want to allow staff to be automatically logged in using Windows Active Directory authentication, but have the clients directed to a login page to verify their user name password against our database.

We have both of these things working, ie if we turn on just Windows authentication for the site staff can automatically be logged in. If we turn on just anonymous authentication, we have a log in page where all users can login with a user name and password.

The issue is if we turn both Windows authentication and anonymous authentication on we can use custom middleware code which calls

context.ChallengeAsync(Microsoft.AspNetCore.Server.IISIntegration.IISDefaults.AuthenticationScheme);

to try to do a login with Active Directory, this works well and signs staff in using Active Directory silently, but for clients (ie public users) this will show the browsers login prompt asking for a domain user name password

enter image description here

We don't want this to appear for clients at all but rather to redirect them to our login page.

How can we make the call to ChallengeAsync do an Active Directory login if it can, but if it can't don't show the login prompt but rather just redirect to the login page?

Upvotes: 1

Views: 2292

Answers (1)

Majid Shahabfar
Majid Shahabfar

Reputation: 4829

This article shows how to setup an ASP.NET Core MVC application to support both users who can login in with a local login account, solution specific, or use a windows authentication login. The identity created from the windows authentication could then be allowed to do different tasks, for example, administration, or a user from the local authentication could be used for guest accounts, etc. To do this, IdentityServer4 is used to handle the authentication. The ASP.NET Core MVC application uses the OpenID Connect Hybrid Flow.

Find the repo code here.

Note: the IISExpress certificates need to be allowed when running.

{
  "iisSettings": {
    "windowsAuthentication": true,
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "https://localhost:44364/",
      "sslPort": 44364
    }
  },

Upvotes: 0

Related Questions