authenticationasp.net-identityclaims-based-identityasp.net-corevisual-studio-2015

How to use Windows Active Directory Authentication and Identity Based Claims?


Problem

We want to use Windows Active Directory to authenticate a user into the application. However, we do not want to use Active Directory groups to manage authorization of controllers/views.

As far as I know, there is not an easy way to marry AD and identity based claims.

Goals

Attempts (Fails)

Any help would be more than appreciated. I have been stuck on this problem quite a long time and would appreciate outside input on the matter.


Solution

  • Shoe your solution above pushed me toward a direction that worked for me on MVC6-Beta3 Identityframework7-Beta3 EntityFramework7-Beta3:

    // POST: /Account/Login
    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
    {
        if (!ModelState.IsValid)
        {
            return View(model);
        }
    
        //
        // Check for user existance in Identity Framework
        //
        ApplicationUser applicationUser = await _userManager.FindByNameAsync(model.eID);
        if (applicationUser == null)
        {
            ModelState.AddModelError("", "Invalid username");
            return View(model);
        }
    
        //
        // Authenticate user credentials against Active Directory
        //
        bool isAuthenticated = await Authentication.ValidateCredentialsAsync(
            _applicationSettings.Options.DomainController, 
            _applicationSettings.Options.DomainControllerSslPort, 
            model.eID, model.Password);
        if (isAuthenticated == false)
        {
            ModelState.AddModelError("", "Invalid username or password.");
            return View(model);
        }
    
        //
        // Signing the user step 1.
        //
        IdentityResult identityResult 
            = await _userManager.CreateAsync(
                applicationUser, 
                cancellationToken: Context.RequestAborted);
    
        if(identityResult != IdentityResult.Success)
        {
            foreach (IdentityError error in identityResult.Errors)
            {
                ModelState.AddModelError("", error.Description);
            }
            return View(model);
        }
    
        //
        // Signing the user step 2.
        //
        await _signInManager.SignInAsync(applicationUser,
            isPersistent: false,
            authenticationMethod:null,
            cancellationToken: Context.RequestAborted);
    
        return RedirectToLocal(returnUrl);
    }