ASP.NET MVC - Authenticate users against Active Directory, but require username and password to be inputted

asp.net-mvc asp.net-mvc-3 asp.net-mvc-2 forms-authentication windows-authentication

Solution 1:

You can use the standard Internet application template with forms authentication and insert an ActiveDirectoryMembershipProvider into the web.config:

<connectionStrings>
    <add name="ADConnectionString" connectionString="LDAP://YOUR_AD_CONN_STRING" />
</connectionStrings>

<system.web>
    <authentication mode="Forms">
        <forms name=".ADAuthCookie" loginUrl="~/Account/LogOn"
               timeout="15" slidingExpiration="false" protection="All" />
    </authentication>
    <membership defaultProvider="MY_ADMembershipProvider">
        <providers>
            <clear />
            <add name="MY_ADMembershipProvider" 
                 type="System.Web.Security.ActiveDirectoryMembershipProvider" 
                 connectionStringName="ADConnectionString"
                 attributeMapUsername="sAMAccountName" />
        </providers>
    </membership>
</system.web>

In this way you get the Internet application template login form, and it validates against AD for you.

Then it's just a matter of some AccountController cleanup to remove reset password/change password/register functionality leaving just Login.

Solution 2:

As mentioned above, you can use the membership provider defined in the web.config file.

The code below is within the implementation of the 'AccountController' from the MVC 3 Template code and has been slightly modified to work with ActiveDirectory:

 [HttpPost]
    public ActionResult LogOn( LogOnModel model, string returnUrl )
    {
      if( ModelState.IsValid )
      {
        // Note: ValidateUser() performs the auth check against ActiveDirectory
        // but make sure to not include the Domain Name in the User Name
        // and make sure you don't have the option set to use Email Usernames.
        if( MembershipService.ValidateUser( model.UserName, model.Password ) )
        {
            // Replace next line with logic to create FormsAuthenticationTicket
            // to encrypt and return in an Http Auth Cookie or Session Cookie
            // depending on the 'Remember Me' option.
            //FormsService.SignIn( model.UserName, model.RememberMe );

            // Fix this to also check for other combinations/possibilities
            if (!String.IsNullOrEmpty(returnUrl))
            {
                return Redirect(returnUrl);
            }
            else
            {
                return RedirectToAction("Index", "Home");
            }
        }
        else
        {
            ModelState.AddModelError("", "The user name or password provided is incorrect.");
        }
    }

If using .NET 3.5 -- then read this article for the alternative:

Related

Property vs Instance Variable [duplicate]
How to detect if NSString is null?
Vim auto-generate ctags
How do I get Realtek HD Audio 5.1 working on Windows 7?
How can I optimize the speed and lifetime of SSDs used in a RAID-0?
How to remove tracking cookies
Change Font Family, Rename Font
Will FreeNAS/ZFS let me manage my storage this way
How to change network adapter name via command line in windows 7?
How to replace colors (shape color and background color)?
How do I find out which EFI system partition is in use by Windows 10?
Sound output connector on CD-ROM drive?