Authentication using active directory in asp.net MVC

Question

I want to authenticate users in my asp.net mvc project using active directory, after hours and hours spent surfing on the internet i didn't find anything useful for me, I've already saw all the result but nothing.

I tryed to edit my web.config as many post suggests.

If anyone can help me with pieces of code or example i'll appreciate it a lot, because i have no idea where i can start from.

EDIT

My current web.config

<system.web>
<authentication mode="Forms">
  <forms name=".ADAuthCookie" loginUrl="~/MainMenu/Login" timeout="45" 
 slidingExpiration="false" protection="All" />
</authentication>
<authorization>
  <deny users="?" />
</authorization>
<membership defaultProvider="ADMembershipProvider">
  <providers>
    <clear />
     <add name="ADMembershipProvider" 
     type="System.Web.Security.ActiveDirectoryMembershipProvider"  
     connectionStringName="ADConnectionString" 
     attributeMapUsername="sAMAccountName" />
  </providers>
</membership>
</system.web>      
<connectionStrings>
 <add name="ADConnectionString" 
   connectioString="LDAP://myserver.mydomain.COM:389/DC=mydomain,DC=COM" />
</connectionStrings>

Leo

Answer 1

I solved my problem setting view model and controller like this:

Model

public class LogOnModel
{
    [Required]
    [Display(Name = "User name")]
    public string UserName { get; set; }

    [Required]
    [DataType(DataType.Password)]
    [Display(Name = "Password")]
    public string Password { get; set; }

    [Display(Name = "Remember me?")]
    public bool RememberMe { get; set; }
}

Controller

public class AccountController : Controller
{
    public ActionResult LogOn()
    {
        return View();
    }

    [HttpPost]
    public ActionResult LogOn(LogOnModel model, string returnUrl)
    {
        if (ModelState.IsValid)
        {
            if (Membership.ValidateUser(model.UserName, model.Password))
            {
                FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
                if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
                    && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/"))
                {
                    return Redirect(returnUrl);
                }
                else
                {
                    return RedirectToAction("Main", "MainMenu");
                }
            }
            else
            {
                ModelState.AddModelError("", "The user name or password provided is incorrect");
            }
        }

        // if we got this far, something failed, redisplay form
        return View(model);
    }

    public ActionResult LogOff()
    {
        FormsAuthentication.SignOut();

        return RedirectToAction("Login", "Account");
    }

View

<body id="bodyMain">
@using (Html.BeginForm("LogOn", null,FormMethod.Post))
{
<div class="container">
    @Html.ValidationSummary(true, "")
    <div style="padding-top:30%"></div>
    <table>
        <tr>
            <td>@Html.EditorFor(model => model.UserName)</td>
            <td>@Html.ValidationMessageFor(model => model.UserName, "",)</td>
        </tr>
        <tr></tr>
        <tr>
            <td>@Html.EditorFor(model => model.Password)</td>
            <td>@Html.ValidationMessageFor(model => model.Password, "")</td>
        </tr>
        <tr>
            <td>@Html.CheckBoxFor(model=>model.RememberMe)</td>               
        </tr>
    </table>
    <br />
    <button type="submit" class="btn btn-info">Login</button>
</div>
}

And the web.config remain the same as my question

Answer 2

As mentioned in the comments, it's as easy as changing your authentication method from Forms to Windows :

<authentication mode="Windows" />

That will work if the server you run this from is joined to the same domain as your users are logging in to, or a trusted domain. Users will not be prompted to login, as long as your site is setup as a trusted site (Intranet sites usually are).

To restrict parts of your application, you can use AuthorizeAttribute . For example, to restrict access to those in an AD group:

[Authorize(Roles="DOMAIN\GroupName")]

or, to restrict access to a specific AD user:

[Authorize(Users="DOMAIN\UserName")]

Multiple roles or users can be added by separating with a comma:

[Authorize(Roles="DOMAIN\Group1, DOMAIN\Group2")]

Those attributes can be applied to a whole controller, or to individual actions.

More information here .

Answer 3

If you need to Authenticate איק username and Password submitted by a user against AD, use the below code.

Add reference to System.DirectoryServices.AccountManagement

and in the code file

using System.DirectoryServices.AccountManagement;

Next, in your POST Method(flag is boolean type variable)

PrincipalContext pc = new PrincipalContext(ContextType.Domain, "DOMAINNAME");
            flag = pc.ValidateCredentials(UserName, Password);

If the flag is true, then credentials are valid otherwise they are not.

In this case, you need to manually set up the USER and roles (by using forms authentication), then you may restrict user/roles to display controller/views by using

[Authorize(Roles="RoleName")]