0

I am using a default ASP.NET 4.5 framework's ASP.NET MVC 5 project template. It has identity authentication framework configured with it.

I want to use Window's Active Directory with my project, so I followed this article - http://www.schiffhauer.com/mvc-5-and-active-directory-authentication/

And in my AccountController's login method I have

if (Membership.ValidateUser(model.Email, model.Password))
{
    CustomFormsAuthentication.SetAuthenticationCookie(model.Email, model,  model.RememberMe);
    return RedirectToAction("Index", "Home");
}

Where CustomFormsAuthentication class has

public static class CustomFormsAuthentication
{
    public static void SetAuthenticationCookie(string username, object obj, bool isPersistent)
    {
        const int version = 1;
        var json = new JavaScriptSerializer().Serialize(obj);
        var cookieStoreTime = isPersistent ? DateTime.Now.AddDays(7): DateTime.Now.AddDays(1);
        var ticket = new FormsAuthenticationTicket(version, username, DateTime.Now, cookieStoreTime, isPersistent, json);

        HttpContext.Current.Response.Cookies.Set(new HttpCookie(FormsAuthentication.FormsCookieName,
            FormsAuthentication.Encrypt(ticket)) {Expires = cookieStoreTime});
    }
}

But the user is never authenticated. The User.Identity.IsAuthenticated still shows false.

How do I go about this ?

Yasser Shaikh
  • 46,934
  • 46
  • 204
  • 281

1 Answers1

0

Identity is incompatible with forms authentication (utilized by ASP.NET Membership here in your code). Even then, forms authentication is incompatible with Windows auth, which also is incompatible with Identity. If you want to authenticate using Windows credentials, then you need to change your Web.config to have:

...
 <system.web>
  ...
  <authentication mode="Windows"/>
  ...
 </system.web>
 ...

And then you can pretty much just remove all the Identity stuff as it won't work any more.

EDIT

The most important point here after the discussion in the comments is that multiple forms of authentication simultaneously is not a supported scenario in ASP.NET. You can technically do workarounds such that you basically proxy authentication to an LDAP server to verify AD credentials and then create/get an Identity/Membership user based on that to actually be the authenticated user.

However, here, I don't see any real attempt to do that, and even then, you're using ASP.NET Membership and forms auth to handle it, which precludes the use of Identity. Identity and forms auth are completely incompatible with each other.

Chris Pratt
  • 232,153
  • 36
  • 385
  • 444
  • Not [entirely true](http://stackoverflow.com/questions/2250921/mixing-forms-authentication-with-windows-authentication). You can run Windows and AD login concurrently, just takes some finesse. You also would need to implement your own login mechanism by observing `LOGON_USER`. Alternatively, you can create your own Owin middleware that attempts the handshake. – Brad Christie Feb 04 '15 at 16:37
  • I have two types of login. One is the windows login and other is sql login – Yasser Shaikh Feb 04 '15 at 16:37
  • @BradChristie - While yes, you can do this.. it's no longer a supported scenario in IIS or ASP.NET. It can be hacked around, but its ugly and likely prone to more breakage in the future... – Erik Funkenbusch Feb 04 '15 at 16:59
  • @Yasser - If I were you, I would give up on this requirement, as it's no longer a supported scenario in IIS or ASP.NET. As I mentioned above, it can be hacked, but this will always be an ongoing problem and you should probably just bite the bullet and figure out a different solution to your problems. – Erik Funkenbusch Feb 04 '15 at 17:02
  • @BradChristie: Do you mean *Forms Auth* and AD concurrently? Technically there's no such thing as AD auth, explicitly. Windows auth uses AD. You can technically do Forms Auth/Identity + AD, but that is where you would need to write custom handlers to actually connect to LDAP manually and authenticate manually. – Chris Pratt Feb 04 '15 at 17:03
  • @chrispratt yes, mean running windows and forms authentication concurrently. Easiest thing to do is run two Web sites and pair. One uses forms (primary) with sso, and other uses windows and authenticates and hands off to other site. – Brad Christie Feb 04 '15 at 17:59