Skip to content

Instantly share code, notes, and snippets.

Last active July 12, 2018 02:55
Show Gist options
  • Save tjrobinson/0ad6c790e90d7a385eb1 to your computer and use it in GitHub Desktop.
Save tjrobinson/0ad6c790e90d7a385eb1 to your computer and use it in GitHub Desktop.
using System;
using System.Collections.Generic;
using System.DirectoryServices.AccountManagement;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Thinktecture.IdentityServer.Core;
using Thinktecture.IdentityServer.Core.Models;
using Thinktecture.IdentityServer.Core.Services;
namespace SampleApp
public class ActiveDirectoryUserService : IUserService
private const string DOMAIN = "MYDOMAIN";
public Task<AuthenticateResult> AuthenticateExternalAsync(ExternalIdentity externalUser, SignInMessage message)
return Task.FromResult<AuthenticateResult>(null);
public Task<AuthenticateResult> AuthenticateLocalAsync(string username, string password, SignInMessage message)
using (var pc = new PrincipalContext(ContextType.Domain, DOMAIN))
if (pc.ValidateCredentials(username, password))
using (var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, username))
if (user != null)
return Task.FromResult(new AuthenticateResult(subject: Guid.NewGuid().ToString(), name: username));
// The user name or password is incorrect
return Task.FromResult<AuthenticateResult>(null);
// Server error
return Task.FromResult<AuthenticateResult>(null);
public Task<IEnumerable<Claim>> GetProfileDataAsync(ClaimsPrincipal subject, IEnumerable<string> requestedClaimTypes = null)
using (var pc = new PrincipalContext(ContextType.Domain, DOMAIN))
using (var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, subject.Identity.Name))
if (user != null)
var identity = new ClaimsIdentity();
new Claim(Constants.ClaimTypes.Name, user.DisplayName),
new Claim(Constants.ClaimTypes.Email, user.EmailAddress)
if (requestedClaimTypes != null)
return Task.FromResult(identity.Claims.Where(x => requestedClaimTypes.Contains(x.Type)));
return Task.FromResult(identity.Claims);
return Task.FromResult<IEnumerable<Claim>>(null);
public Task<bool> IsActiveAsync(ClaimsPrincipal subject)
using (var pc = new PrincipalContext(ContextType.Domain, DOMAIN))
using (var aduser = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, subject.Identity.Name))
return Task.FromResult(aduser != null);
public Task<AuthenticateResult> PreAuthenticateAsync(SignInMessage message)
return Task.FromResult<AuthenticateResult>(null);
public Task SignOutAsync(ClaimsPrincipal subject)
return Task.FromResult(0);
Copy link

is there a IdentityServer4 version of this service?

Copy link

hi, i'm a newbie but read most of the available docs for identity server. can you please guide me on how to integrate this file on in idsrv standalone. I want to be able to have an option to select win or windows button to authenticate the user. I've added this cs file and registered this IuserService on my startup.cs file.
factory.UserService = new Registration(typeof(ActiveDirectoryUserService));

also added an option:
app.UseWindowsAuthenticationService(new WindowsAuthenticationOptions {
IdpRealm = "urn:idp",
IdpReplyUrl = "https://localhost:44300/core/was",
SigningCertificate = Cert.Load() });

but when i ran my idsrv i get this error - The type 'Idsrv3.ActiveDirectoryUserService' is not assignable to service 'decorator.inner (IdentityServer3.Core.Services.IUserService)

thanks for your time and assistance.

Copy link

using this class i end up having this error - The type 'Idsrv3.ActiveDirectoryUserService' is not assignable to service 'decorator.inner (IdentityServer3.Core.Services.IUserService)'.
what did i miss?

Copy link

nm i used my custom user service instead..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment