Last post Nov 09, 2016 05:55 PM by SpaceCS
Nov 08, 2016 04:02 PM|SpaceCS|LINK
asp.net 4.6 MVC web application
I need a page where I enter my login and password (associated to AD). Does informations need to be validated by AD to properly do my authentication. I don't want to send the password to AD using a method. Is there a way to setup my application to do the authentication
using AD and IIS?
I want to use the windows authentication but with a web page design by me instead of having a window popup my credential.
That solution would work even if the application pool of the application is using the account "Network service".
Nov 08, 2016 04:42 PM|bbcompent1|LINK
If you are using windows authentication, the only time I think that box pops up is if the visitor's browser does not log on automatically as you. It is a browser setting that can be changed:
Tools > Internet Options > Advanced > Security > Enable Integrated Windows Authentication
This can be pushed down to client browsers via Group Policy from the Domain.
Nov 08, 2016 04:49 PM|SpaceCS|LINK
I know, but that's to easy. We have a Domain that external client will connect to.
So instead of having the authentication popup windows for user and password, I want them to login in a webpage (with a welcome message and other things). I need that webpage to do the authentication the same way IIS would do.
Nov 08, 2016 04:55 PM|bbcompent1|LINK
Oh, that is something totally different. You are trying to do almost like an extranet configuration, AD in the public domain. I recall doing something like that in my career at some point. For an Off The Shelf solution, you may want to look at a product
called SSL VPN, it handles the heavy lifting of authenticating the user against your domain. Just putting that out there. :) I'll go dig and see what I can find from my past.
Nov 08, 2016 04:57 PM|bbcompent1|LINK
Well that didn't take long to find at all. this is the example I used when I had to do that:
Nov 08, 2016 05:01 PM|SpaceCS|LINK
We have SSL already but for other applications that are more secure. We need something between SSL and no login at all. We will have (later) a registration page for clients to ask for an account.
Nov 08, 2016 05:04 PM|bbcompent1|LINK
Can you explain what you mean "We need something between SSL and no login at all'? I'm not trying to sound dense, its just that is not very clear on what you are really trying to accomplish. Now, as I understand it, you want users to authenticate against
your active directory domain. Are you trying to do something more like web forms where it maintains its own DB? To help you, I really need to understand your specific requirements.
Nov 08, 2016 05:49 PM|SpaceCS|LINK
We have SSL, it's very old using Adito. What we are doing right now will not be using that portal. the login page is exposed to the public. When they will click on the login button, we want the user and password to be sent to AD. We don't want to send them
directly to AD. We want IIS to do the authentication but only after we click the login button, that's the tricky part.
Nov 08, 2016 08:27 PM|bbcompent1|LINK
Ok, so what you would do is wire up an Click_event that attaches to the login button control. Inside that you will have the check against the AD using LDAP query. If the username and password (hashed) match the domain, the user is permitted to log in. Let
me see if I can find a pre-built example for you to demonstrate this. I'll be back. :)
Nov 08, 2016 08:34 PM|SpaceCS|LINK
I found this information.
It seems to be working like expected. Is there something to be concern using that method?
Nov 08, 2016 08:46 PM|bbcompent1|LINK
Space, give this Microsoft How-To a try, this helped me when I had to authenticate Internet users against the client AD using LDAP and ASP.NET Login Forms.
Nov 09, 2016 05:55 PM|SpaceCS|LINK
we used the mvc5 template from visual studio with the generated code for a login page and applied the instruction on the link I shared earlier and it's working good. I think we have our solution! Thanks for your help.