0

I've written a web site that uses Owin to login using the standard Login form. This is working fine. Each customer has their own version of the site on their server with different web.config values so it behaves the way each want it to.

I've now been asked for a version that automatically logs users in by retrieving their Windows Id and then using this to get their details from the local Active Directory.

I have a script that will do this, but I'm having difficulty calling it.

I'd like to keep as much of the code I have there already so I can continue to use the User and UserManager objects.

I'm hoping it is possible to amend something in the Startup.Auth.cs script so instead of using LoginPath for the CookieAuthenticationOptions it points to my Active Directory script.

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(30),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
           }
        });

Unfortunately replacing the LoginPath with the path of the Active Directory script causes an endless loop which results in the querystring being too long for the browser error.

I have set IIS with: Anonymous Authentication: Disabled, ASP.Net Impersonation: Enabled, Forms Authentication: Disabled, Windows Authentication: Enabled

I have been stuck on this for the past 5 days so any help would be much appreciated. Thank you.

tereško
  • 58,060
  • 25
  • 98
  • 150
spaceduk
  • 115
  • 1
  • 10

1 Answers1

1

Just create your own provider which will check username and password against your AD and add it to your CookieAuthenticationOptions object in appBuilder. Your provider class should inherit CookieAuthenticationProvider and override sign in methods you need. Here you can find list of available methods

https://msdn.microsoft.com/en-us/library/microsoft.owin.security.cookies.cookieauthenticationprovider(v=vs.113).aspx

IMujagic
  • 1,229
  • 10
  • 22
  • thanks for your answer. The only thing is that isn't `UseWindowsAzureActiveDirectoryBearerAuthentication` just for Azure Active Directories, whereas I need to connect to an Active Directory stored on a local server? – spaceduk Jan 24 '16 at 12:52
  • To add further details, I am using an LDAP connection string to connect to Active Directory – spaceduk Jan 24 '16 at 13:01
  • Sorry, my fault. In that case just create your own provider which will check username and password against your AD and add it to your CookieAuthenticationOptions object in appBuilder. Your provider class should inherit CookieAuthenticationProvider and override sign in methods you need. Here you can find list of available methods https://msdn.microsoft.com/en-us/library/microsoft.owin.security.cookies.cookieauthenticationprovider(v=vs.113).aspx – IMujagic Jan 24 '16 at 16:08
  • Thank you, that's really helpful. Problem is I am really do not have much knowledge of the CookieAuthenticationOptions - can you advice me on what option I need to use in order to add it to my AD script provider? ... and basically the other things you said!! :-| – spaceduk Jan 24 '16 at 16:15
  • Is there anywhere I can find an example of this? I am struggling 8-/ – spaceduk Jan 24 '16 at 17:07
  • I don't know if there is a real example but if you are new in this area first you need to understand how authentication process is working and then you will figure out how to create your own auth provider in asp.net. Here are some resources https://coding.abel.nu/2014/06/understanding-the-owin-external-authentication-pipeline/ http://stackoverflow.com/questions/7217105/how-can-i-manually-create-a-authentication-cookie-instead-of-the-default-method – IMujagic Jan 24 '16 at 17:14
  • Okay, brilliant thanks. I'll take a look at those links and hopefully understand it more. – spaceduk Jan 24 '16 at 17:45