21

I am using the ASP.NET Core 2.1 React SPA Microsoft template.

I want to use Active Directory for user authentication. Our server runs on a corporate network using Active Directory domain identities.

How can I do it?

Improve this question
4
  • Also, possible duplicate: stackoverflow.com/questions/49682644/… Commented Dec 10, 2018 at 14:43
  • @FrankerZ . thanks for answer. i used this solution before... Commented Dec 10, 2018 at 15:06
  • 1
    If you had a specific problem with that solution, then tell us what you did and what problem you had. Otherwise, this question is far too broad for anyone to give a reasonable answer. Commented Dec 10, 2018 at 15:30
  • @GabrielLuci when i tested this example on local pc(not joined domain, only initiate test) and iis express , the login windows authentication form appear but after import user name and password, login failed(Secure Connection Failed page appear) Commented Dec 10, 2018 at 18:56

1 Answer 1

Reset to default
31

The best way is to use Windows authentication. However, that will only work if the server you run this on is joined to the domain (or a trusted domain).

If not, then you will have to use Forms Authentication, where the user enters their username and password, and you authenticate against AD in your code via LDAP. There are two ways to do this in .NET Core:

  1. If you will only run this on a Windows server, then you can install and use the Microsoft.Windows.Compatibility NuGet package.
  2. Use the third-party Novell.Directory.Ldap.NETStandard.

There are two answers on this question that describe how to implement both solutions.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I'd argue that Windows Authentication is not the "best" way—my app runs on Windows, but I develop on Linux, and Windows Authentication does work even when I'm running a local development version, but it's ugly! When you're not authenticated, you have to provide your credentials in a pop-up, instead of having a nice login screen. So, I'm forced to implement the Novell LDAP.
On Windows at least, the browser can be setup to automatically send the credentials of the currently logged on user to a website that uses Windows Authentication, so they don't have to put in their username/password anywhere. For IE and Chrome, the site has to be in the Trusted Sites in the Internet Options. Firefox has its own settings.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.