Windows authentication in MVC 5

Question

I've been charged with the task of implementing Windows Authentication for a project I'm working on. I've looked all over for examples but none seems to suit my situation.

All users that have a valid Windows account should be able to access the application, but only some users who have been configured as Admin should be able to access some parts of the site.

I thought it would be a case of using:

User.Identity.IsAuthenticated

but this always returns false. My very limited understanding of this means that I think this should be true. How to I go about authenticating a user automatically using the account they're logged into so they don't have to enter a username/password combination?

I'm am using MVC 5.

Answer 1

You are looking to implement LDAP, and have it interface with your Active Directory

check out this link to get your started:

http://www.schiffhauer.com/mvc-5-and-active-directory-authentication/

Here is the source code from the link:

Account Controllers:

using System.Web.Mvc;
using System.Web.Security;

using MvcApplication.Models;

public class AccountController : Controller
{
    public ActionResult Login()
    {
        return this.View();
    }

    [HttpPost]
    public ActionResult Login(LoginModel model, string returnUrl)
    {
        if (!this.ModelState.IsValid)
        {
            return this.View(model);
        }

        if (Membership.ValidateUser(model.UserName, model.Password))
        {
            FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
            if (this.Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
                && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
            {
                return this.Redirect(returnUrl);
            }

            return this.RedirectToAction("Index", "Home");
        }

        this.ModelState.AddModelError(string.Empty, "The user name or password provided is incorrect.");

        return this.View(model);
    }

    public ActionResult LogOff()
    {
        FormsAuthentication.SignOut();

        return this.RedirectToAction("Index", "Home");
    }
}

Account View Models:

using System.ComponentModel.DataAnnotations;

public class LoginModel
{
    [Required]
    [Display(Name = "User name")]
    public string UserName { get; set; }

    [Required]
    [DataType(DataType.Password)]
    [Display(Name = "Password")]
    public string Password { get; set; }

    [Display(Name = "Remember me?")]
    public bool RememberMe { get; set; }
}

Finally web.config updates:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.web>
      <authentication mode="Forms">
          <forms name=".ADAuthCookie" loginUrl="~/Account/Login" timeout="45" slidingExpiration="false" protection="All" />
      </authentication>
      <membership defaultProvider="ADMembershipProvider">
          <providers>
              <clear />
              <add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" />
          </providers>
      </membership>
  </system.web>
  <connectionStrings>
      <add name="ADConnectionString" connectionString="LDAP://primary.mydomain.local:389/DC=MyDomain,DC=Local" />
  </connectionStrings>
</configuration>

This should help get you started, definitely check out the link for more context thought. Let me know if you need more help with this