This may be a duplicate (not sure), but since I can not quench my thirst for the correct answer (0: so it goes:
I need to provide one single for my asp.net web application. Where:
Case 1. A user can log in without credentials if the user is already in a domain (registered in a Windows domain).
Case 2. A user can log in if the user is not in the domain by requesting / confirming user credentials from the active directory.
Question 1a. I would be interested in comments about the steps that I “follow” and “should follow” to achieve this requirement. How can I improve this? To improve the meaning, is this the right way / ensuring the provision of the above necessary functions?
Question 1b. In addition, I currently have hard-coded roles in my database; I plan to move it as a user of the active directory; so that I could use the functionality of the .IsInRole method. What do you think about this?
Now I implemented it as follows.
For case 1, the application uses:
Windows Authentication; basically as below:
return ((WindowsIdentity)(HttpContext.Current.User.Identity)).IsAuthenticated;
An application is executed if its authenticated user.
2 :
, , .
, ; .
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
, .
, , web.config, , :
<authentication mode="Forms">
<forms loginUrl="~/UI/Pages/Login.aspx" defaultUrl="Default.aspx" name="adAuthCookie" timeout="60" path="/" />
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<identity impersonate="true"/>
, (, , ) , , , ? .. .