ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,165 questions
Authenticate users inside .NET 6.0 Asp.NET core MVC using LDAP
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 90%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJJ%3C/text%3E%3C/svg%3E)
john john
941
Reputation points
I am creating a new ASP.NET core MVC web application based on .NET 6.0, and i want to authenticate the users using our windows 2016 LDAP server, so i benefit from this link @ https://thesoftwayfarecoder.com/ldap-authentication-in-asp-net-core/ although i am using .NET 6.0 unlike the link which uses older version.
So i did the following:-
1- I created a new ASP.NET Core MVC Project .NET 6.0.
2- Define to use User Accounts:-
3- Install NuGet package – Microsoft.Windows.Compatibility:-
4- define our configuration to query our Active Directory:
public class LdapConfig
{
public string Path { get; set; }
public string UserDomainName { get; set; }
}
5- In our appsettings.json, we add an Ldap section, which contains the path and userDomainName values:
{
"Ldap": {
"Path": "<<LDAP Path>>",
"UserDomainName": "<<Domain Name>>"
}
}
6- Add the following inside the program.cs:- We will use the Options pattern to retrieve our Ldap configuration. In order for us to bind to our LdapConfig, call the Configure method in the ConfigureServices method of our Startup.cs file:
public void ConfigureServices(IServiceCollection services)
{
// read LDAP Configuration
builder.Services.Configure<LdapConfig>(builder.configuration.GetSection("Ldap"));
}
7- define an interface for our authentication service. This interface is needed for us to use dependency injection later on when we need our authentication service:
public interface IAuthenticationService
{
User Login(string userName, string password);
}
8- reference a User data model, which may be defined as follows (depending on what data is available for your User model):
public class User
{
public string UserName { get; set; }
public string DisplayName { get; set; }
// other properties
}
9- implement our LdapAuthenticationService:
public class LdapAuthenticationService : IAuthenticationService
{
private const string DisplayNameAttribute = "DisplayName";
private const string SAMAccountNameAttribute = "SAMAccountName";
private readonly LdapConfig config;
public LdapAuthenticationService(IOptions<LdapConfig> config)
{
this.config = config.Value;
}
public User Login(string userName, string password)
{
try
{
using (DirectoryEntry entry = new DirectoryEntry(config.Path, config.UserDomainName + "\\" + userName, password))
{
using (DirectorySearcher searcher = new DirectorySearcher(entry))
{
searcher.Filter = String.Format("({0}={1})", SAMAccountNameAttribute, userName);
searcher.PropertiesToLoad.Add(DisplayNameAttribute);
searcher.PropertiesToLoad.Add(SAMAccountNameAttribute);
var result = searcher.FindOne();
if (result != null)
{
var displayName = result.Properties[DisplayNameAttribute];
var samAccountName = result.Properties[SAMAccountNameAttribute];
return new User
{
DisplayName = displayName == null || displayName.Count <= 0 ? null : displayName[0].ToString(),
UserName = samAccountName == null || samAccountName.Count <= 0 ? null : samAccountName[0].ToString()
};
}
}
}
}
catch (Exception ex)
{
// if we get an error, it means we have a login failure.
// Log specific exception
}
return null;
}
}
10- register our LdapAuthentication service for dependency injection. Add the following in the ConfigureServices method of our program.cs:
builder.Services.AddScoped<IAuthenticationService, LdapAuthenticationService>();
now i am not sure how i can force the login action method to use the above logic? where currently the build-in login method is not exposed to be modified? and should i use "Individual Accounts"? or another template?
Thanks
{count} votes
-
AgaveJoe 26,201 Reputation points2022-10-07T13:46:49.127+00:00 LDAP and Identity are data stores that persist user accounts. Is there are a valid reason for two different user account data stores in the same project?
Secondly, Identity is also an API for managing user accounts. To use the Identity with LDAP requires implementing the Identity interfaces for the features the application requires which is unknown at this point.
Perhaps the authentication cookie is all that's needed?
-
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Bruce (SqlWork.com) 56,021 Reputation points2022-10-07T16:23:26.223+00:00 it depends on how much of the identity you want supported. individual identity has support for:
1) registration of user
2) creation, locking and deleting of user by admin
3) assignment of claims/roles by admin
4) multi-factor authentication
5) password resetto fully support identity you supply custom user provider code and claim / role provider code.
the individual identity provider is based on EF core and requires a database. You would not use ldap with indvidual identity.
all this is probably more than you want. just simple cookie authentication with out identity (valid user and create cookie) does what you want:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-6.0
i
-
AgaveJoe 26,201 Reputation points
2022-10-09T12:12:48.687+00:00 I think cookie authentication is all that's needed as suggested three times now. Did you at least read the link?
Sign in to comment