ASP.NET Core 2.0 LDAP Active Directory Authentication

c# authentication asp.net-core active-directory ldap
Window picture Window · Apr 6, 2018 · Viewed 68.9k times · Source

I have found a lot of information from the past saying that LDAP authentication isn't enabled yet but you can get around that using third party packages. However, it seems that LDAP authentication WAS implemented back in January. I can't seem to find any information on HOW to implement it.

I already have custom authentication set up in my project, I just need the logic to fill in the HandleAuthenticateAsync method.

I have tried using other examples, but they don't seem to work with .NET Core 2.0.

Here is the only relevant code that I have that I can think of posting

protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{
    // Get Authorization header value
    if (!Request.Headers.TryGetValue(HeaderNames.Authorization, out var authorization)) {
        return Task.FromResult(AuthenticateResult.Fail("Cannot read authorization header."));
    }

    // TODO: Authenticate user

    // Create authenticated user ticket
    var identities = new List<ClaimsIdentity> { new ClaimsIdentity("custom auth type") };
    var ticket = new AuthenticationTicket(new ClaimsPrincipal(identities), Options.Scheme);

    return Task.FromResult(AuthenticateResult.Success(ticket));

    // else User not authenticated
    return Task.FromResult(AuthenticateResult.Fail("Invalid auth key."));
}

So, my question is, how do I implement LDAP Authentication in .NET Core 2.0?

Answer

Window picture Window · Apr 10, 2018

Thanks to Win's Answer for pointing out that I needed to use Windows Compatibility Pack, I was able to figure this out.

The first thing I had to do was install the Nuget package

Install-Package Microsoft.Windows.Compatibility

At the time, I needed a preview version, so I appended -Version 2.0.0-preview1-26216-02 on the end of this command

Then, add using statements for System.DirectoryServices and System.DirectoryServices.AccountManagement

Then, just plug this logic into my HandleAuthenticateAsync method:

const string LDAP_PATH = "EX://exldap.example.com:5555";
const string LDAP_DOMAIN = "exldap.example.com:5555";

using (var context = new PrincipalContext(ContextType.Domain, LDAP_DOMAIN, "service_acct_user", "service_acct_pswd")) {
    if (context.ValidateCredentials(username, password)) {
        using (var de = new DirectoryEntry(LDAP_PATH))
        using (var ds = new DirectorySearcher(de)) {
            // other logic to verify user has correct permissions

            // User authenticated and authorized
            var identities = new List<ClaimsIdentity> { new ClaimsIdentity("custom auth type") };
            var ticket = new AuthenticationTicket(new ClaimsPrincipal(identities), Options.Scheme);
            return Task.FromResult(AuthenticateResult.Success(ticket));
        }
    }
}

// User not authenticated
return Task.FromResult(AuthenticateResult.Fail("Invalid auth key."));

Related questions

Custom Authentication in ASP.Net-Core

I am working on a web app that needs to integrate with an existing user database. I would still like to use the [Authorize] attributes, but I don't want to use the Identity framework. If I did want to use …

Read More
ASP.NET Core Web API Authentication

I'm struggling with how to set up authentication in my web service. The service is build with the ASP.NET Core web api. All my clients (WPF applications) should use the same credentials to call the web service operations. After …

Read More
Token Based Authentication in ASP.NET Core

I'm working with ASP.NET Core application. I'm trying to implement Token Based Authentication but can not figure out how to use new Security System for my case. I went through examples but they didn't help me much, they are …

Read More