Created
November 27, 2019 01:38
-
-
Save dinhducit/c738077089853f34d08d64f491ba5d89 to your computer and use it in GitHub Desktop.
Implement Active Directory Authentication in ASP.NET MVC 5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //pulled from site: http://www.schiffhauer.com/mvc-5-and-active-directory-authentication/ | |
| using System.Web.Mvc; | |
| using System.Web.Security; | |
| using MvcApplication.Models; | |
| public class AccountController : Controller | |
| { | |
| public ActionResult Login() | |
| { | |
| return this.View(); | |
| } | |
| [HttpPost] | |
| public ActionResult Login(LoginModel model, string returnUrl) | |
| { | |
| if (!this.ModelState.IsValid) | |
| { | |
| return this.View(model); | |
| } | |
| if (Membership.ValidateUser(model.UserName, model.Password)) | |
| { | |
| FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe); | |
| if (this.Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") | |
| && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\")) | |
| { | |
| return this.Redirect(returnUrl); | |
| } | |
| return this.RedirectToAction("Index", "Home"); | |
| } | |
| this.ModelState.AddModelError(string.Empty, "The user name or password provided is incorrect."); | |
| return this.View(model); | |
| } | |
| public ActionResult LogOff() | |
| { | |
| FormsAuthentication.SignOut(); | |
| return this.RedirectToAction("Index", "Home"); | |
| } | |
| } | |
| using System.ComponentModel.DataAnnotations; | |
| public class LoginModel | |
| { | |
| [Required] | |
| [Display(Name = "User name")] | |
| public string UserName { get; set; } | |
| [Required] | |
| [DataType(DataType.Password)] | |
| [Display(Name = "Password")] | |
| public string Password { get; set; } | |
| [Display(Name = "Remember me?")] | |
| public bool RememberMe { get; set; } | |
| } | |
| //WEB Config | |
| <?xml version="1.0" encoding="utf-8"?> | |
| <configuration> | |
| <system.web> | |
| <authentication mode="Forms"> | |
| <forms name=".ADAuthCookie" loginUrl="~/Account/Login" timeout="45" slidingExpiration="false" protection="All" /> | |
| </authentication> | |
| <membership defaultProvider="ADMembershipProvider"> | |
| <providers> | |
| <clear /> | |
| <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" /> | |
| </providers> | |
| </membership> | |
| </system.web> | |
| <connectionStrings> | |
| <add name="ADConnectionString" connectionString="LDAP://primary.mydomain.local:389/DC=MyDomain,DC=Local" /> | |
| </connectionStrings> | |
| </configuration> | |
| It may take a few steps to get your LDAP connection string: | |
| 1.Install Remote Server Administration Tools for Windows 7. Be sure the follow the post-installation instructions to add the feature to Windows via the control panel. | |
| 2.Open a command prompt and enter >dsquery server | |
| Let’s say the command returns the following: | |
| “CN=PRIMARY,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MyDomain,DC=Local” | |
| The server name is composed of the first CN value, and the two last DC values, separated by dots. So it’s primary.mydomain.local. | |
| The port is 389. | |
| The portion of the connection string after the port and forward slash is the portion of the result beginning with the first “DC”. So it’s DC=MyDomain,DC=Local. | |
| So the full connection string is LDAP://primary.mydomain.local:389/DC=MyDomain,DC=Local. | |
| Users will log in using just their username without the domain. So the correct username is Chris, not MYDOMAIN\Chris. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment