11

I am using the ASP.NET Core 2.1 React SPA Microsoft template.

I want to use Active Directory for user authentication. Our server runs on a corporate network using Active Directory domain identities.

How can I do it?

Trevor Reid
  • 2,533
  • 3
  • 23
  • 33
  • First link on google after searching for the exact title you posted here: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-2.2 – Goodbye StackExchange Dec 10 '18 at 14:43
  • Also, possible duplicate: https://stackoverflow.com/questions/49682644/asp-net-core-2-0-ldap-active-directory-authentication – Goodbye StackExchange Dec 10 '18 at 14:43
  • @FrankerZ . thanks for answer. i used this solution before... –  Dec 10 '18 at 15:06
  • 1
    If you had a specific problem with that solution, then tell us what you did and what problem you had. Otherwise, this question is far too broad for anyone to give a reasonable answer. – Gabriel Luci Dec 10 '18 at 15:30
  • @GabrielLuci when i tested this example on local pc(not joined domain, only initiate test) and iis express , the login windows authentication form appear but after import user name and password, login failed(Secure Connection Failed page appear) –  Dec 10 '18 at 18:56

1 Answers1

16

The best way is to use Windows authentication. However, that will only work if the server you run this on is joined to the domain (or a trusted domain).

If not, then you will have to use Forms Authentication, where the user enters their username and password, and you authenticate against AD in your code via LDAP. There are two ways to do this in .NET Core:

  1. If you will only run this on a Windows server, then you can install and use the Microsoft.Windows.Compatibility NuGet package.
  2. Use the third-party Novell.Directory.Ldap.NETStandard.

There are two answers on this question that describe how to implement both solutions.

Trevor Reid
  • 2,533
  • 3
  • 23
  • 33
Gabriel Luci
  • 28,970
  • 3
  • 37
  • 58
  • 1
    I'd argue that Windows Authentication is not the "best" way—my app runs on Windows, but I develop on Linux, and Windows Authentication does work even when I'm running a local development version, but it's **ugly**! When you're not authenticated, you have to provide your credentials in a pop-up, instead of having a nice login screen. So, I'm forced to implement the Novell LDAP. – Auspex Sep 02 '19 at 16:23
  • 1
    On Windows at least, the browser can be setup to automatically send the credentials of the currently logged on user to a website that uses Windows Authentication, so they don't have to put in their username/password anywhere. For IE and Chrome, the site has to be in the Trusted Sites in the Internet Options. Firefox has its own settings. – Gabriel Luci Sep 02 '19 at 18:11