Fork of Justin.AspNetCore.LdapAuthentication.
Provides LDAP password authentication for an existing ASP.NET Core Identity user store via an LDAP bind. I created this for a project I'm working on with a very basic need, so it is not an exchaustive provider by any means.
MIT
- LDAP password authentication via a custom UserManager against any existing UserManager/UserStore combination.
- Does not (yet) provide an LDAP based UserStore implementation
- Does not support password changes or resets.
- Full implementation of IUserStore and applicable interfaces around LDAP.
- NETStandard 2.0.0
- Novell.Directory.Ldap.NETStandard 2.3.8
- Microsoft.AspNetCore.Identity 2.0.2
Setup ASP.NET Identity Core
Install the NuGet Package
Install-Package AspNetCore.LdapAuthentication
Create LdapAuth settings in appsettings.json:
"LdapAuth": {
"url": "ldap.local",
"bindDn": "CN=user,OU=branch,DC=contoso,DC=local",
"bindCredentials": "secret_password",
"searchBase": "DC=contoso,DC=local",
"searchFilter": "(&(objectClass=user)(objectClass=person)(sAMAccountName={0}))",
"adminCn": "CN=Admins,OU=branch,DC=contoso,DC=local"
},
Configure options and the custom User Manager in Startup before Identity:
// You can use services.AddLdapAuthentication(setupAction => {...}) to configure the
// options manually instead of loading the configuration from Configuration.
services.Configure<AspNetCore.LdapAuthentication.LdapAuthenticationOptions>(this.Configuration.GetSection("LdapAuth"));
// Add the custom user manager.
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddUserManager<AspNetCore.LdapAuthentication.LdapUserManager<ApplicationUser>>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
Use the normal sign-in method, and it will valid the user's passwod via an LDAP bind.
...
result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: true);
...
By default, the result of the user store GetNormalizedUserNameAsync() method on the UserStore as the value for the distguished name when performing an LDAP bind. You can customize this by implementing a custom user store and the interface AspNetCore.LdapAuthentication.IUserLdapStore, which provides a GetDistinguishedNameAsync method that will be used instead of the normalized username.