locked
How to authenticate UserManager against Active directory users RRS feed

  • Question

  • User-540818677 posted

    I am working on a new asp.net mvc5 web application that uses the new ASPNET.Identity instead of the old form authentication. For my previous asp.net mvc4 web applications, I did the following to have a form authentication which will authenticate users against our AD ldap server. The Login action method looks as follow:-

     [HttpPost]
            [AllowAnonymous]
            [ValidateAntiForgeryToken]
            public ActionResult Login(LoginModel model, string returnUrl)
            {
    
    
                MembershipProvider domainProvider;
    
                domainProvider = Membership.Providers["ADMembershipProvider"];
                if (ModelState.IsValid)
                {
    
                    // Validate the user with the membership system.
                    if (domainProvider.ValidateUser(model.UserName, model.Password))
                    {
                       
    
                        FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
                        
                    }
                    else
                    {
                        //  Response.Write("Invalid UserID and Password");
                        ModelState.AddModelError("", "The user name or password provided is incorrect.");
                        List<String> domains2 = new List<String>();
                       //code goes here
                    }
                    
                    return RedirectToLocal(returnUrl);
                   
                }

    And here is the connection strings inside the web.config:-

    <membership>
          <providers>
    <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, &#xA;            Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString"  connectionUsername="administrator" connectionPassword="*********" attributeMapUsername="sAMAccountName"/>
          
          </providers>
        </membership>
        
      <connectionStrings>
    <add name="ADConnectionString" connectionString="LDAP://WIN-SPDev.tdmgroup.local/CN=Users,DC=tdmgroup,DC=local"/>
     
       </connectionStrings>

    And everything worked well.

    Now I have created a new asp.net mvc5 which uses UserManager instead of Formautntication, the new Login Action method looks as follow inside the asp.net mvc5:-

    [HttpPost]
            [AllowAnonymous]
            [ValidateAntiForgeryToken]
            public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
            {
                
                if (ModelState.IsValid)
                {
                    var user = await UserManager.FindAsync(model.UserName, model.Password);
                    if (user != null)
                    {
                        await SignInAsync(user, model.RememberMe);
                        return RedirectToLocal(returnUrl);
                    }
                    else
                    {
                        ModelState.AddModelError("", "Invalid username or password.");
                    }
                }
    
                // If we got this far, something failed, redisplay form
                return View(model);
            }

    So can anyone advice how I can modify my new Login action inside asp.net mvc5 to authenticate users against our AD ldap server, as i use to do in my previous asp.net mvc4 web application.  ?

    Tuesday, January 13, 2015 11:50 AM

All replies

  • User-734925760 posted

    Hi john,

    According to your code, I think you can try to by CreateIdentityAsync() function to create a Identity, then signIn with the Identity.

    There is a document with demo, please refer to the link below:

    http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity

    Hope it's useful for you.

    Best Regards,

    Michelle Ge

    Wednesday, January 14, 2015 3:12 AM
  • User-540818677 posted

    According to your code, I think you can try to by CreateIdentityAsync() function to create a Identity, then signIn with the Identity.

    Thanks for the reply as i mentioned in my first post the defualt Login action method have the following :-

    var user = await UserManager.FindAsync(model.UserName, model.Password);
                    if (user != null)
                    {
                        await SignInAsync(user, model.RememberMe);
                        return RedirectToLocal(returnUrl);
                    }

    but what i need  is to force the UserManager & SignINAsync to be communicating with the AD LDAP server, something which i have achieved with the old asp.net membership using the following code:-

    MembershipProvider domainProvider;
    
                domainProvider = Membership.Providers["ADMembershipProvider"];
                if (ModelState.IsValid)
                {
    
                    // Validate the user with the membership system.
                    if (domainProvider.ValidateUser(model.UserName, model.Password))
                    {
                       
    
                        FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
                        
                    }

    and inside the web.config i have defined the following providers &connection string to refer to the AD ldap server:-

    <membership>
          <providers>
    <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, &#xA;            Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString"  connectionUsername="administrator" connectionPassword="*********" attributeMapUsername="sAMAccountName"/>
          
          </providers>
        </membership>
        
      <connectionStrings>
    <add name="ADConnectionString" connectionString="LDAP://WIN-SPDev.tdmgroup.local/CN=Users,DC=tdmgroup,DC=local"/>
     
       </connectionStrings>

    so did you get what i am asking for ?

    Thanks

    Wednesday, January 14, 2015 6:20 AM