I want to write an MVC 5 application that will allow users to authenticate with LDAP using individual user accounts authentication who do not have an active directory account with our MVC application.
In other words, from a development perspective, how can I take the default MVC individuals user account template and extend it so that it will accept an active directory account? In fact, I went a step further and wrote a very lean version of individual
authentication. I share some of the code below:
Model
public class LoginModel { [Required] public string Name { get; set; } [Required] public string Password { get; set; } }
AccountsController
[AllowAnonymous] public ActionResult Login(string returnUrl) { if(ModelState.IsValid) { } ViewBag.returnUrl = returnUrl; return View(); } [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task<ActionResult> Login(LoginModel details, string returnUrl) { ApplicationUser user = await UserManager.FindAsync(details.Name, details.Password); if(user == null) { ModelState.AddModelError("", "Invalid name or password."); } else { ClaimsIdentity ident = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie); AuthManager.SignOut(); AuthManager.SignIn(new AuthenticationProperties { IsPersistent = false }, ident); return Redirect(returnUrl); } ViewBag.returnUrl = returnUrl; return View(details); }
Login View
@model MyApplication.Models.LoginModel @{ ViewBag.Title = "Login";} <h2>@ViewBag.Title</h2> @Html.ValidationSummary() <div class="row"> <section id="derp"> <div class="col-md-8"> @using (Html.BeginForm()) { @Html.AntiForgeryToken(); <h4>Use Local Account.</h4> <hr /> <input type="hidden" name="returnUrl" value="@ViewBag.returnUrl" /> <div class="form-group"> @Html.LabelFor(x => x.Name, new { @class = "col-md-2 control-label" }) <div class="col-md-10"> @Html.TextBoxFor(x => x.Name, new { @class = "form-control" }) @Html.ValidationMessageFor(x => x.Name) </div> </div> <div class="form-group"> @Html.LabelFor(x => x.Password, new {@class = "col-md-2 control-label" }) <div class="col-md-10"> @Html.PasswordFor(x => x.Password, new { @class = "form-control" }) @Html.ValidationMessageFor(x => x.Password) </div> </div> <div class="form-group"> <div class="col-md-offset-2 col-md-10"> <input type="submit" value="Log in" class="btn btn-primary" /> </div> </div> } </div>
web.config
<connectionStrings> <add name="NonADDb" providerName="System.Data.SqlClient" connectionString="Data Source=(localdb)v11.0;Initial Catalog=NonADDB;Integrated Security=True;Connect Timeout=15;Encrypt=False;TrustServerCertificate=False;MultipleActiveResultSets=True" /> </connectionStrings>
Do I need to create AD as another connection string? If so, do I need to create a ADViewModel? If I am on the right track there, what do I need to do in my controller and view so I can give the user a choice in what kind of authentication they want to use?
This is where I get lost. If I don’t need to create AD as another connection string, then I am completely lost.
Update: I am currently trying to implement this as a standalone application. However, could this be done using Identity 2.0 as done above (instead of membership.ValidateUser
and Forms)? Or do I need that because I plan on having two connection strings?
hlyates
I want to write an MVC 5 application that will allow users to authenticate with LDAP using individual user accounts authentication who do not have an active directory account with our MVC application.
In other words, from a development perspective, how can I take the default MVC individuals user account template and extend it so that it will accept an active directory account?
LEt me imagine the flow: a user comes within your site. If it have not AD authentication, then you will redirect to a Login page. After putting some credentials ( from whom?!) , then … I can not immagine the scenaroi here.
Hi,
To use the windows authentication and form authentication in the same application, you can try configuring IIS to run classic mode in which mode iis windows authentication and asp.net formauthentication will run in two pipeline. So it is possible to mix
the two authentication.
Please refer to the document which might help you understand it: