Authentification with Active Directory (AD) with Asp.Net MVC

With Visual Studio 2013, you cannot simply choose “Intranet WebSite” to create a default website that use Active Directory. Nevertheless, a wizard allow you to create it. First, select create a new project and select a web application.

CreateNewWebApplication1

Second, you need to select MVC and to click change authentication.

CreateNewWebApplication2

This will result to a page where you will be able to select Organisation Authentification. Select On-Promise. This will let you specify the active directory URI.

CreateNewWebApplication3

And that’s it.

You can also do it more manually. It’s good to know because if you have to configure IIS, you will have to do some configuration. First, you need to disable anonymous authentication and allow windows authentication.

The web.config also need to tell that we use windows authentication.

<system.web>
  <authentication mode="Windows" />

  <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">
   <providers>
      <clear />
      <add 
          name="AspNetWindowsTokenRoleProvider"
          type="System.Web.Security.WindowsTokenRoleProvider" 
          applicationName="/" />
   </providers>
  </roleManager>
</system.web>

This allow the use of the Authorize attribute over controllers and methods.

[Authorize(Roles = "YOURDOMAIN\\Group1, YOURDOMAIN\\Group2")]
public ActionResult YourMethod()
{
     //...
}

If you want to allow the user to log with the form instead of being automatically logged in, you need to specify a connection string in the web.config.

<connectionStrings>
  <add name="ADConn" connectionString="LDAP://YourConnection" />
</connectionStrings>

Then, you need to setup the membership provider.

<membership defaultProvider="ADMembership">
  <providers>
    <add name="ADMembership"
         type="System.Web.Security.ActiveDirectoryMembershipProvider,
               System.Web,
               Version=2.0.0.0, 
               Culture=neutral,
               PublicToken=b03f5f7f11d50a3a"
         connectionStringName="ADConn"
         connectionUsername="domain/user"
         connectionPassword="pwd" />
  </providers>
</membership>

If you like my article, think to buy my annual book, professionally edited by a proofreader. directly from me or on Amazon. I also wrote a TypeScript book called Holistic TypeScript

9 thoughts on “Authentification with Active Directory (AD) with Asp.Net MVC

  1. You can use Active Directory alone or a web form with membership (backed with a database) alone but not both in the same time. You can see further explication in this StackOverFlow link : http://stackoverflow.com/questions/2610377/how-can-i-provide-an-asp-net-forms-authentication-ux-while-using-active-director/2634718#2634718

    But, you can use Active Directory and have a way to switch user to let them add they AD name and AD password into a form.

    • I am unable to create login using active directory please help with exact documentation or link.

  2. This method requires your organisation to set up ADFS, in essence publishing your active directory online. What is the workaround where you can manually specify a LDAP connection?

  3. Pingback: Professional Development 10/27 through 11/1/2015 | Code Ukemi

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.