0

I am currently trying to create a website that authenticates users against AD but I cannot seem to find a good resource for examples. To start with I would just like to give all AD users access to the site. I have a Windows 2008 r2 server running IIS and Active Directory roles for testing purposes.

I know that you must add a connection string as shown in ASP.NET MVC - Authenticate users against Active Directory, but require username and password to be inputted. But some sort of example showing models, views and controllers as well as the web.config file would help greatly.

Thanks in advance

Community
  • 1
  • 1
Lee Booker
  • 61
  • 2
  • 6
  • Follow this tutorial, it was the first that came up if you use google: http://www.asp.net/mvc/tutorials/older-versions/security/authenticating-users-with-windows-authentication-cs – jwillmer Jan 29 '13 at 19:16
  • see http://www.cmjackson.net/2009/10/23/asp-net-mvc-using-forms-authentication-with-ldap/ (it's Visual Basic but it gives a general idea of how to do it) – tazyDevel Jan 29 '13 at 19:21
  • jwillmer, thank you, I have seen that tutorial before but was put off by the fact that it states that windows authentication is for intRAnet applications. I think that the problem was my understanding of internet and intranet applications. I thought that an intranet application was one that could only be used on a specific domain. Derr! thanks again – Lee Booker Jan 29 '13 at 19:22
  • possible duplicate of [Validate a username and password against Active Directory?](http://stackoverflow.com/questions/290548/validate-a-username-and-password-against-active-directory) – John Koerner Jan 30 '13 at 03:53

3 Answers3

0

I'm going to go ahead and answer since I'm doing precisely this on our company's internal web app and if I'm doing it wrong, this is how I'm going to find out.

When the user comes to your web site, you'll have UserPrincipal.Current.SamAccountName. So all you need to do is something like this:

DirectoryEntry de = new DirectoryEntry("LDAP://" + adDomain);
DirectorySearcher ds = new DirectorySearcher(de);
ds.Filter = "(sAMAccountName=" + UserPrincipal.Current.SamAccountName + ")";
ds.PropertiesToLoad.Add("cn");
ds.PropertiesToLoad.Add("name");
ds.PropertiesToLoad.Add("mail");
SearchResult sr = ds.FindOne();
if (sr == null)
{
    // not found
}
...

So if you don't get a SearchResult returned, they wouldn't be authenticated against your AD domain... Hope I'm doing it right ;)

Pete
  • 6,585
  • 5
  • 43
  • 69
  • Feel free to downvote my answer, but at least explain what's wrong with it if you're going to do that. – Pete Jan 29 '13 at 19:35
  • Look at my comment above. The active directory authentication is already implemented you can easily add it by using the Intranet-Template. – jwillmer Jan 29 '13 at 20:14
  • @jwillmer I don't think that's a valid reason to down vote the answer. What Pete wrote and what you wrote are not the same. Answers ought to be downvoted if they're technically inaccurate or don't contribute to the question. I don't have enough knowledge to determine the former for this one, but this answer does attempt to contribute. I'm up voting this to equalize. – jason Feb 01 '13 at 15:58
0

To enable user2008963 to close/accept this question I post my comment as answer.

Use the Intranet-Template to get the preconfigurated active directory authentication in your project. A tutorial about this authentication methode can be found at this link. It's not the newest one and if you are not sattisfied with it just google for a better one.

If you need the current username and his roles in the active directory you can use User.Identity, described at this link. To add role authentication at controller/action level you can do it like this:

[Authorize(Roles = "ADMIN")]
public class AdministrationController : Controller
{
    [Authorize(Roles = "SUPERADMIN")]
    public ActionResult SuperAdmin()
    {
        return View();
    }
}

Hope with this I can get your started ;-)

jwillmer
  • 3,570
  • 5
  • 37
  • 73
0

The Wordpress plugin Simple Intranet provides a free Active Directory plugin add-on that works well. That is if you are able to support WordPress in a self-hosted environment. :)

Chris Charlwood
  • 141
  • 2
  • 7