Asp.Net Identity Individual User Accounts using LDAP
Question
I am using VS 2013 Asp.net 4.5.1 and created an internal webforms app using the Individual User Accounts option for Authentication. I want to use LDAP to authenticate the users and use the SQL DB that was created for Individual User Accounts option to hold the users info and roles. We don't have Active Directory Federation Services (AD FS) so I can't use the On-Premise Authentication method.
The AD username will be stored in the SQL DB
How can I authenticate the users using LDAP and then use the AspNet.Identity.EntityFramework to get to the users info and roles from the SQL DB?
3 answers
solution1
1 2015-05-18 23:37:28
You can use this implementation like an example, it is a customer UserStore for RavenDB:
Customizing ASPNET Authentication for RavenDB
There's this series of videos explaining how to work with security in .NET (the second video explains how to do it).
solution2
0 2014-05-14 05:11:05
Brock Allen discusses how to implement an "external login" in his comprehensive article on the new identity patterns using External Logins .
Active Directory Federation Services (ADFS) supports a lot of identity protocols including SSO. However, If it's just POWA (plain ol' windows authentication), IIS will support that out of the box. You would simply specify your Active Directory(AD) user/AD Group in your web.config Authentication node and leverage the Identity.Name field to look-up users' info in a lazy-load and / or request-cached fashion.
If 's claim's based authentication using ADFS, you can emulate how that works using the Identity and Access Tool and choosing the "Use Local STS" option.
solution3
0 2016-06-03 12:26:32
Why not keep the profiles and roles in LDAP (ADLDS) as well? ADLDS does an excellent job of tracking multi-valued attributes which I find useful. The role (group membership) in ADLDS is reflexive (you can query the role for members or query a user for their membership in roles). ADLDS also insures the referential integrity - you cannot have a member in a role if the member doesn't exist. I think you are facing some severe referential integrity problems by having accounts and profiles in two separate stores or learn to love the distributed transaction coordinator.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.