Skip to content

Instantly share code, notes, and snippets.

@tjrobinson

tjrobinson/gist:0ad6c790e90d7a385eb1

Last active July 12, 2018 02:55
Show Gist options
  • Star 8 You must be signed in to star a gist
  • Fork 17 You must be signed in to fork a gist
  • Save tjrobinson/0ad6c790e90d7a385eb1 to your computer and use it in GitHub Desktop.
Save tjrobinson/0ad6c790e90d7a385eb1 to your computer and use it in GitHub Desktop.
Download ZIP
ActiveDirectoryUserService.cs
Raw
gistfile1.cs
using System;
using System.Collections.Generic;
using System.DirectoryServices.AccountManagement;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Thinktecture.IdentityServer.Core;
using Thinktecture.IdentityServer.Core.Models;
using Thinktecture.IdentityServer.Core.Services;
namespace SampleApp
{
public class ActiveDirectoryUserService : IUserService
{
private const string DOMAIN = "MYDOMAIN";
public Task<AuthenticateResult> AuthenticateExternalAsync(ExternalIdentity externalUser, SignInMessage message)
{
return Task.FromResult<AuthenticateResult>(null);
}
public Task<AuthenticateResult> AuthenticateLocalAsync(string username, string password, SignInMessage message)
{
try
{
using (var pc = new PrincipalContext(ContextType.Domain, DOMAIN))
{
if (pc.ValidateCredentials(username, password))
{
using (var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, username))
{
if (user != null)
{
return Task.FromResult(new AuthenticateResult(subject: Guid.NewGuid().ToString(), name: username));
}
}
}
// The user name or password is incorrect
return Task.FromResult<AuthenticateResult>(null);
}
}
catch
{
// Server error
return Task.FromResult<AuthenticateResult>(null);
}
}
public Task<IEnumerable<Claim>> GetProfileDataAsync(ClaimsPrincipal subject, IEnumerable<string> requestedClaimTypes = null)
{
using (var pc = new PrincipalContext(ContextType.Domain, DOMAIN))
{
using (var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, subject.Identity.Name))
{
if (user != null)
{
var identity = new ClaimsIdentity();
identity.AddClaims(new[]
{
new Claim(Constants.ClaimTypes.Name, user.DisplayName),
new Claim(Constants.ClaimTypes.Email, user.EmailAddress)
});
if (requestedClaimTypes != null)
return Task.FromResult(identity.Claims.Where(x => requestedClaimTypes.Contains(x.Type)));
return Task.FromResult(identity.Claims);
}
}
return Task.FromResult<IEnumerable<Claim>>(null);
}
}
public Task<bool> IsActiveAsync(ClaimsPrincipal subject)
{
using (var pc = new PrincipalContext(ContextType.Domain, DOMAIN))
{
using (var aduser = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, subject.Identity.Name))
{
return Task.FromResult(aduser != null);
}
}
}
public Task<AuthenticateResult> PreAuthenticateAsync(SignInMessage message)
{
return Task.FromResult<AuthenticateResult>(null);
}
public Task SignOutAsync(ClaimsPrincipal subject)
{
return Task.FromResult(0);
}
}
}
@devscott
Copy link

@tjrobinson, IdentityServer 3 version 2 has a number of breaking changes. Please see my fork for changes.

@venkatrv
Copy link

is there a IdentityServer4 version of this service?

@vllorente
Copy link

hi, i'm a newbie but read most of the available docs for identity server. can you please guide me on how to integrate this file on in idsrv standalone. I want to be able to have an option to select win or windows button to authenticate the user. I've added this cs file and registered this IuserService on my startup.cs file.
factory.UserService = new Registration(typeof(ActiveDirectoryUserService));

also added an option:
app.UseWindowsAuthenticationService(new WindowsAuthenticationOptions {
IdpRealm = "urn:idp",
IdpReplyUrl = "https://localhost:44300/core/was",
SigningCertificate = Cert.Load() });

but when i ran my idsrv i get this error - The type 'Idsrv3.ActiveDirectoryUserService' is not assignable to service 'decorator.inner (IdentityServer3.Core.Services.IUserService)

thanks for your time and assistance.

@vllorente
Copy link

using this class i end up having this error - The type 'Idsrv3.ActiveDirectoryUserService' is not assignable to service 'decorator.inner (IdentityServer3.Core.Services.IUserService)'.
what did i miss?

@vllorente
Copy link

nm i used my custom user service instead..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment