authentication,asp.net-identity,claims-based-identity,asp.net-5,visual-studio-2015 , How to use Windows Active Directory Authentication and Identity Based Claims?
How to use Windows Active Directory Authentication and Identity Based Claims?
Question:
Tag: authentication,asp.net-identity,claims-based-identity,asp.net-5,visual-studio-2015
Problem
We want to use Windows Active Directory to authenticate a user into the application. However, we do not want to use Active Directory groups to manage authorization of controllers/views.
As far as I know, there is not an easy way to marry AD and identity based claims.
Goals
- Authenticate users with local Active Directory
- Use Identity framework to manage claims
Attempts (Fails)
- Windows.Owin.Security.ActiveDirectory - Doh. This is for Azure AD. No LDAP support. Could they have called it AzureActiveDirectory instead?
- Windows Authentication - This is okay with NTLM or Keberos authentication. The problems start with: i) tokens and claims are all managed by AD and I can't figure out how to use identity claims with it.
- LDAP - But these seems to be forcing me to manually do forms authentication in order to use identity claims? Surely there must be an easier way?
Any help would be more than appreciated. I have been stuck on this problem quite a long time and would appreciate outside input on the matter.
Answer:
Shoe your solution above pushed me toward a direction that worked for me on MVC6-Beta3 Identityframework7-Beta3 EntityFramework7-Beta3:
//
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
if (!ModelState.IsValid)
{
return View(model);
}
//
// Check for user existance in Identity Framework
//
ApplicationUser applicationUser = await _userManager.FindByNameAsync(model.eID);
if (applicationUser == null)
{
ModelState.AddModelError("", "Invalid username");
return View(model);
}
//
// Authenticate user credentials against Active Directory
//
bool isAuthenticated = await Authentication.ValidateCredentialsAsync(
_applicationSettings.Options.DomainController,
_applicationSettings.Options.DomainControllerSslPort,
model.eID, model.Password);
if (isAuthenticated == false)
{
ModelState.AddModelError("", "Invalid username or password.");
return View(model);
}
//
// Signing the user step 1.
//
IdentityResult identityResult
= await _userManager.CreateAsync(
applicationUser,
cancellationToken: Context.RequestAborted);
if(identityResult != IdentityResult.Success)
{
foreach (IdentityError error in identityResult.Errors)
{
ModelState.AddModelError("", error.Description);
}
return View(model);
}
//
// Signing the user step 2.
//
await _signInManager.SignInAsync(applicationUser,
isPersistent: false,
authenticationMethod:null,
cancellationToken: Context.RequestAborted);
return RedirectToLocal(returnUrl);
}
Related:
authentication,callback,instagram
So I know that instagram just did some API updates which I am trying to implement. But the very first step no longer seem to work: https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=code This very first step used to send you to a sign in page where you input your username and password, if you were...
angularjs,authentication,loopback
I'm using the Angular Loopback SDK and am trying to implement a 401 handler that automatically detects when the user needs to authenticate. Loopback responds to a data request with a 401 and I use that to invoke a login dialog. Basically using the strategy described here - http://docs.strongloop.com/display/public/LB/AngularJS+JavaScript+SDK#AngularJSJavaScriptSDK-Handling401Unauthorized However,...
authentication,ldap,riak,riak-cs
I read here that Riak CS supports LDAP for authentication: http://bit.ly/1Rb2yTF "Pluggable Authentication/Authorization for Integration with Existing Infrastructure – Riak CS provides an extensible authentication system, enabling integration with existing directory services (LDAP, ActiveDirectory, NIS, PAM)." However I cannot find anything relating to the LDAP authentication configuration in the docs....
authentication,asp.net-web-api,web-api
I am about to create my first restfull web service where i chose MVC WEB API to be the "provider". After reading about authentication i am a little confused. My requirements is that on call to any url of webservice i want client to be authenticated, except sign in url....
asp.net,authentication,windows-authentication
We have multiple web services that provide access to some large data extractions. They're implemented as http handlers, so we can stream the result directly into the response stream. We already have anonymous and HTTP basic authentication working on a single endpoint. We would now like to add Windows Authentication,...
php,rest,authentication,middleware,slim
I am creating middleware for auth into REST API. My API is created using Slim PHP Framework ,which in case provide great features to build APIs. One of this feature is Middleware. I need to check credentials in Middleware and respond with an error (HTTP code with JSON descriptions) to...
java,spring,authentication,servlets
I've created a servlet (Tomcat) application which has these functions: It performs HTTP Basic Authentication. It connects to a user and role database. It works as "security facade" for some geodata servers behind It forwards requests after doing some authorization tests In case the response contains XML data, it performs...
java,security,authentication,x509
I'm using X509Certificate class in java, and when I want to get the subject name I try: x509certificate.getIssuerDN().getName(); and x509certificate.getSubjectDN().getName(); both methods have the same result. So what is the difference between them ??...
javascript,rest,authentication,backbone.js,login
I am working on a backbone application that hooks into RESTful API. One problem I having at the moment, is that a user can be logged, they can then close there browser, reopen it go to my application and be logged out. Is is possible to make a login persistent...
javascript,node.js,events,authentication,tcp
I have following sample code used in the tcp server var server = net.createServer(); server.on('connection', function (socket) { if(restrictedIP == sock.remoteAddress){ //How to close the particular connection safely without //affecting other connections } socket.on('data', function(data) { console.log(data); }); socket.on('close', function(data) { console.log('client disconnected'); }); }); server.listen(3000, '127.0.0.1'); Note : I...
django,authentication,django-rest-framework,json-web-token
I am using the Django Rest Framework in my Python app, and am using JSON Web Token Authentication (DRF JWT) for the api authentication. My problem comes when I am building a custom controller. I pointed a specific URL to a function in my calculations.py file that I created. Following...
django,authentication
What's the difference to use django.contrib.auth.login or django.contrib.auth.views.login? First in __init__.py and second in views.py I saw that code and it differs from each other. Same is with some other views, for example 'logout'. As I understand, django.contrib.auth.views.login is used when I want to redefine some parametrs of that view?
ruby-on-rails,ruby,authentication
I am building a small API that uses basic authentication. What I have done, is that a user can generate a username and password, that could be used to authenticate to the API. However I have discovered that it is not working 100% as intended. It appears that a request...
sql-server,vb.net,authentication,connection-string
I would like to use window authentication in my program to connect to my sql server. users already have certain permissions on the SQL server and I would like to leverage that in my program. The way I currently connect to the server is using this connection string. Dim ConnectionString...
asp.net-mvc-5,asp.net-identity
I'm trying to implement own DAL for asp.net Identity 2.0 with functionality that I need. I don't need Account Lockout functionality. But When I try to call var result = await SignInManager.PasswordSignInAsync(model.Login, model.Password, model.RememberMe, shouldLockout: false); I get System.NotSupportedException:Store does not implement IUserLockoutStore<TUser>. So why should I need to implement...
authentication,ldap,authorization,sonarqube
Presently, connecting to Apache Directory Server 2.0 from SonarQube 5.0.1. Have given the following entries in sonar.properties file: # LDAP configuration # General Configuration sonar.security.realm=LDAP sonar.security.savePassword=false ldap.url=ldap://10.53.67.11:30389 # User Configuration ldap.user.baseDn=o=TechMahindra ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login})) ldap.user.realNameAttribute=cn ldap.user.emailAttribute=mail # Group Configuration...
php,mysql,authentication,laravel,laravel-5
I use Laravel 5.0. I have user table in my DB. I changed table variables in User and Config/Auth to user but when I try to register Laravel gives me an error: Table 'xxxx.crmx_users' doesn't exist (SQL: select count(*) as aggregate from `xxxx` where `email` = xxx What I do...
php,codeigniter,authentication
I want to deny user access when user is not logged in. So, what I did is put this code in every function of my controller: if((!$this->session->userdata('logged_in'))){ redirect(site_url()."/Login/logged_in",'refresh'); } And I also have this one: public function logged_in(){ $logged_in = $this->session->userdata('logged_in'); if(!isset($logged_in) || $logged_in !== true){ $this->load->view('ErrorAccess'); } } Then...
c#,authentication,asp.net-web-api,asp.net-mvc-5
So I have a C# MVC app using Identity for its authentication. I now have a need to expose a few things via Web API to some of my clients. Instead of building a separate app, project, deployment... I've simply added an API Controller to my existing project. To keep...
python,authentication,redirect,curl,python-requests
Trying to authenticate on http://72.ru site, noticed that there were a redirect to https://loginka.ru/auth/. Found that there were 302 POST with plain credentials in data form. Copying headers from Chrome can reproduce that in cURL, but still can't reach in requests module. Warning: page is full of russian letters, registration...
angularjs,node.js,authentication,express
I'm using two Node.js + Express applications: Backend Authentication And my front-end is built in AngularJS Basically I'm trying to send a json web token with every request to the Backend, and then use a route middleware to call the Authentication API. It validates that token and add user data...
c#,asp.net-web-api,async-await,asp.net-identity
This is more of an async/await question than ASP.NET Identity. I am using Asp.Net Identity, and have a custom UserStore, with a customized GetRolesAsync method. The UserManager is called from a WebApi controller. public class MyWebApiController { private MyUserManager manager = new MyUserManager(new MyUserStore()); [HttpGet] public async Task<bool> MyWebApiMethod(int x)...
spring,authentication,jersey-client
I have a web application which is protected by Spring Security Login Form authentication. Now I want to use Jersey Client to authenticate to my web pages and I think I should pass through login form as I do on a normal browser. My client authentication code is as below...
python,django,authentication,active-directory,django-auth-ldap
I'm using the django-auth-ldap for the authentication. I'm having the following error: Caught LDAPError while authenticating xxx: SERVER_DOWN({'info': '(unknown error code)', 'desc': "Can't contact LDAP server"},) Using: AUTH_LDAP_CONNECTION_OPTIONS = { ldap.OPT_X_TLS_REQUIRE_CERT : ldap.OPT_X_TLS_NEVER } in setting.py should solve the problem, but it doesn't. I played around and it looks like...
asp.net-mvc,asp.net-identity
I have an older database schema that I cannot change. It has a single user table with an integer field to designate user level where 1 is standard user and 5 is administrator. I'm writing an MVC front end and I want to use ASP.NET Identity. I've figured out everything...
authentication,ssl,https,ssl-certificate,x509
I am new to SSL and Certificates . I have been doing my research about client certificate authentication. I have read this and wiki. So If I have to implement a client certificate auth solution for my B2B REST service should I do following Ask clients to generate their own...
ruby-on-rails,ruby,authentication,gem,sorcery
I used Sorcery to set up authentication in Rails and I'm trying to create a model where the user id for the user is linked as reference to the model for data entered, but I get an error: Couldn't find User without an ID it refers to the following code:...
python,authentication,python-3.x,hash,salt
Someone can help me to fix this problem: TypeError: can't concat bytes to str I am trying to safely store hash+salt passwords, I think the problem is that my salt is a byte object how can I transform it into a string? Or is there a way to hash it...
c#,asp.net-web-api,asp.net-identity
So, I have this site where users can only be created by administrators. I set up my Web API method like this: /// <summary> /// Creates a user (with password) /// </summary> /// <param name="model">The bound user model</param> /// <returns></returns> [HttpPost] [Route("")] public async Task<IHttpActionResult> CreateUser(UserBindingModel model) { // If...
session,authentication,oauth,authorization,openid-connect
I’m wondering if I really need OpenID Connect to provide authentication on top of OAuth2. It seems to me if I generate JWTs (JWE) as my access token and I store user claims, roles/permissions, etc. in the access token, then the OpenID Connect's id token isn't needed. Resource servers can...
c#,asp.net-identity,asp.net-identity-2
ExternalLoginInfo loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync(); Why must this line always return null? It happens when the user tries to login using ANY provider. I know the FLOW is correct because actually it works locally, but when I deploy the website it always returns null. From what I understand it's using...
ios,swift,authentication,chat,quickblox
I'm working on swift and quickblox and I'm trying to have chatting occur between users. The user authentication and sign in is working its just that the chat isn't Logging in for some reason Code in question: QBRequest.createSessionWithExtendedParameters(parameters, successBlock: { (response : QBResponse! ,session : QBASession!) -> Void in var...
asp.net,linq,entity-framework,asp.net-identity
I need to find all users that DONT'T contain a certain role, using Asp.Net Identity. So far I have something like this but it is not working. (From role In context.Roles From userRoles In role.Users Join us In context.Users On us.Id Equals userRoles.UserId Where role.Name <> "SomeRole" Select us.UserName) This...
asp.net-mvc,authentication,login,asp.net-mvc-5,owin
What if you have your own database and a BAL (Business Access Layer) and don't want to use DefaultConnection and the template ASPNET database tables but my own user tables? How can you use a custom database? ConnectionString: public class AppDbContext : IdentityDbContext<AppUser> { public AppDbContext() : base("DefaultConnection") { }...
asp.net-mvc,asp.net-identity,asp.net-5,asp.net-mvc-6
In the Asp.Net MVC 5 using Identity, was possible to do the following: manager.PasswordValidator = new PasswordValidator { RequiredLength = 6, RequireLowercase = true, RequireDigit = false, RequireUppercase = false }; How to change the same configuration in MVC 6? I see that can be in ConfigurationServices method in the...
active-directory,asp.net-identity
I've created a website within the company that utilizes our active directory server to authenticate. I am concerned about security surrounding setting up relying parties with "localhost" domains. I've pretty much followed this guide on setup. You'll notice about halfway down the page, there is a step to set up...
asp.net,authentication
I have created a standard ASP.Net web project in Visual Studio 2013 and enabled authentication. A class called 'StartupAuth.cs' is created auotmatically, with following lines. When the app runs on localhost dev server it throws an exception as pasted in screen shot below the code. I need to have it...
php,authentication,token
Does the following authentication system seem reasonable: Client calls the login end point with a user name and password to the main server. The main server sends this off to another authentication server (which will receive no further mention), which returns a yes/no if this is valid and a user...
c#,asp.net,oauth,asp.net-identity,asp.net-5
Question How do we use a bearer token with ASP.NET 5 using a username and password flow? For our scenario, we want to let a user register and login using AJAX calls without needing to use an external login. To do this, we need to have an authorization server endpoint....
c#,asp.net,asp.net-mvc,asp.net-identity,authorize-attribute
Question Summary: In ASP.NET MVC, is there a clean way to prevent a specific user or role from accessing an action? Obviously, the following would allow roles Admin and Editor to access the entire controller. [Authorize(Roles = "Admin, Editor")] public class HomeController : Controller { public ActionResult Index() { return...
.net,asp.net-mvc,asp.net-identity,asp.net-identity-2
All of the authentication and authorization process of my app is done using stored procedures. I've written a class with all of functionalities that I need, e.g. GetUsers, Login, AddRole, AddMember, etc. Also the admin page for managing users and roles and permissions is done by using this class. I...
postgresql,authentication,psql
I'm running Ubuntu 14.04 and installed PostgreSQL 9.3. Edited /etc/postgresql/9.3/main/pg_hba.conf as: # "local" is for Unix domain socket connections only local all all md5 # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5 I restarted the server and now I'd like...
c#,asp.net,.net,asp.net-mvc,asp.net-identity
I have an asp.net mvc application, in which I used the Asp.net identity. I implemented this method to validate a collaborator ( customisation of user) fields : [HttpPost] public bool ValidateCollaborateur(CollaborateurModel item) { if (item.Username == null || item.Email == null) return false; if (UserManager.FindByEmail(item.Email) != null) return false; return...
authentication,laravel,constructor
I can get the ID of the authenticated user like this: Auth::user()->id = $id; Great it works, ... but I have a load of methods which need it and I want a cleaner way of adding it to the class as a whole,so I can just reference the $id in...
c#,entity-framework,asp.net-identity
I have created a web form that is a registration form using Identity. The form calls code behind that looks like this: protected void CreateUser_Click(object sender, EventArgs e) { var userStore = new UserStore<IdentityUser>(); var manager = new UserManager<IdentityUser>(userStore); var user = new IdentityUser() { UserName = UserName.Text }; IdentityResult...
php,jquery,mysql,security,authentication
I am making a mobile game with JQuery Mobile, a multipage template (so all pages in 1 html file, which makes it usable with PhoneGap). Since it is HTML I am using JQuerys $.post function to send data to php scripts such as login.php, register.php, which add/update/delete data from the...
facebook,authentication,ios8,bluemix,google-authentication
I am trying to implement two types of authentication from an iOS8 device in the bluemix platform. I succeeded in adding one type of authentication: google. I am using a ADVANCED MOBILE ACCESS module, and I am at the User Authentication part. It looks from a dashboard like I can...
authentication,login,single-sign-on,saml
Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. (from wikipedia) now, I have more web service:...
c#,asp.net,asp.net-mvc,authentication
I have a MVC project with forms authentication. Basically it works fine: The user wants to access a controller with Authorize-Attribute and gets redirected to login-page if not authenticated. On redirect the parameter returnUrl gets forwarded as well. However, in case the first try of the login fails, the return...
asp.net-mvc,asp.net-identity,thinktecture-ident-server
I just started exploring Thinktecture becuase i have multiple websites and i want Single Sign On between them . So , i started working on this and i am following this tutorial Thinktecture tutorial Every thing works fine following this tutorial , when i added another application in my same...