All geek questions in one place

Validating MVC 4 Using an Active Directory Database or Membership

I am creating a web application that can be accessed in two ways. Everyone who works in the same organization, I can use our active directory to access the application.

Each party must join the application through a separate membership database. Everyone should have an account in the membership database with its roles, so an ad connection is just a bonus to make it easier to keep track of your password and username. I searched the Internet but could not find a comparable situation. This is my first advertising job.

Does anyone know of a structure that can be used, or give me a hint on how I can try to solve the problem?

The moment I implemented a connection to System.Web.WebData.SimpleMembershipProvider , it works fine.

In later application development, I also need some other ad connections to check some information, but this is just a problem for another day.

Thanks for the help.

+6
source share
2 answers

Open the web.config file.

First of all, you will need a connectionString for your ActiveDirectory:

  <connectionStrings> ... <add name="ADConnectionString" connectionString=LDAP://*adserver*/DC=*domain* /> ... </connectionStrings>

Scroll down to the <membership> . Make sure the defaultProvider attribute is set to <membership> , for example:

<membership defaultProvider="SimpleMembershipProvider">

Then add a new provider for AD members inside <providers> :

  <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" />

This should do the trick for web.config. Now we need to authorize AD users at login. Go to the AccountController Login action. First, we try to authenticate the user through ActiveDirectory; there is a convenient class called PrincipalContext in the System.DirectoryServices.AccountManagement namespace. If this fails, we use the default membership provider:

  public ActionResult Login(LoginModel model, string returnUrl) { try { // try to auth user via AD using (PrincipalContext pc = new PrincipalContext(ContextType.Domain)) { if (pc.ValidateCredentials(model.UserName, model.Password)) { FormsAuthentication.SetAuthCookie(model.UserName, false); return RedirectToAction("Index", "Home"); } } // try the default membership auth if active directory fails if (Membership.ValidateUser(model.UserName, model.Password)) { FormsAuthentication.SetAuthCookie(model.UserName, false); if (Url.IsLocalUrl(returnUrl)) { return Redirect(returnUrl); } else { return RedirectToAction("Index", "Home"); } } else { ModelState.AddModelError("", "Login failed"); } } catch { } GetErrorsFromModelState(); return View(model); }

For later requirements, you can get the current ActiveDirectory username with the UserPrincipal class:

 using (var context = new PrincipalContext( ContextType.Domain)) { using (var aduser = UserPrincipal.FindByIdentity( context,IdentityType.SamAccountName, HttpContext.User.Identity.Name)) { ... } }

Hope this helps and I haven’t missed anything.

+5
source

This code will give you if the user with the username and password is valid

  public bool ValidateUser(string userName, string password) { bool authenticated = false; string dePath = string.Empty; dePath += DomainController; if (!string.IsNullOrEmpty(BaseDomainName)) { dePath += "/" + BaseDomainName; } try { DirectoryEntry entry = new DirectoryEntry(dePath, userName, password); object nativeObject = entry.NativeObject; authenticated = true; } catch { return false; } return authenticated; }

You can add DomainController and BaseDomainName in web.config appSettings as keys

+2
source

Source: https://habr.com/ru/post/947197/

More articles:


All Articles