Home > OS >  .net core 5 Windows Authentication and Active Directory resources
.net core 5 Windows Authentication and Active Directory resources

Time:01-20

Hey guys just a straight up question with no code. I am struggling mightily to even find basic answers to simple questions.

How on earth can and should I use windows authentication (not integrated windows authentication) with active directory for authentication and then authorization? You would think there would be a million sample projects but 80% of my search results for .net core come up with older asp.net articles that are outdated and don't work on newer versions.

I have a bunch of working examples here at work but they are all older using System.Web classes/libraries that are all now deprecated and no longer of use to me.

The code and methods I have from older asp.net projects all look pretty straight forward otherwise and am baffled why I cannot find anything similar for .net core? Everything is some niche third party package in most articles I read while I just want to do it the vanilla Microsoft way, I find it hard to believe there is not a simple solution for a login screen and authentication against AD. The Microsoft docs feel like they are targeted at experts who get a small hint and know exactly what to do.

I am a newly postgrad working for only 4 months and am new to .net core.

I have gone down LDAP, claims, principal, cookies and more rabbit holes but just get more confused than anything with all the varying versions of .net and their classes/libraries etc.

CodePudding user response:

There's a nuget that handles this; System.DirectoryServices.AccountManagement

It's Windows only, there's a Novel ldap version that I think is cross platform.

To authenticate:

using (var ctx = new PrincipalContext(ContextType.Domain))
{
    if (!ctx.ValidateCredentials(user_name, password))
        throw new Exception("unknown username or password");

    using (var userPrinciple = new UserPrincipal(ctx)) {
        userPrinciple.SamAccountName = user_name;

        using (var search = new PrincipalSearcher(userPrinciple))
        {
            UserPrincipal user = (UserPrincipal) search.FindOne();
            if (user == null) {
                throw new Exception("user authenticated but not found in directory");
            }
            return user; // auth'ed user
        }
    }
}

To authorize (by group membership):

using (var ctx = new PrincipalContext(ContextType.Domain))
{
    using (var groupPrinciple = new GroupPrincipal(ctx))
    {
        groupPrinciple.SamAccountName = groupName;
        using (var search = new PrincipalSearcher(groupPrinciple))
        {
            member_list = GetMembersOfPrincipalGroup((GroupPrincipal)search.FindOne());
        }
        // member_list contains all the users of a group. 
        // I cache these in a Dictionary for faster group membership checks
    }
}

Note that the ContextType enum handles local machine users as well as domain. Search on the nuget package for more examples.

Page link:https//www.codepudding.com/os/269453.html

Prev:I don't understand why this result come why path add Environment.CurrentDirectory?
Next:What should I do to make The search result return either the input was Upper or lower case?
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding