Windows Authentication to log into Identity
I have an ASP.NET Core 2.1 App using Identity to manage users. Now the requirement is to also support Windows Authentication. If a Windows user has an account in Identity an automatic login should take place. I think I need to generate an Identity cookie in this situations but don't know how.
asp.net-core asp.net-identity
asked Nov 13 '18 at 11:22
MDummyMDummy
14019
add a comment |
I have an ASP.NET Core 2.1 App using Identity to manage users. Now the requirement is to also support Windows Authentication. If a Windows user has an account in Identity an automatic login should take place. I think I need to generate an Identity cookie in this situations but don't know how.
asp.net-core asp.net-identity
asked Nov 13 '18 at 11:22
MDummyMDummy
14019
add a comment |
I have an ASP.NET Core 2.1 App using Identity to manage users. Now the requirement is to also support Windows Authentication. If a Windows user has an account in Identity an automatic login should take place. I think I need to generate an Identity cookie in this situations but don't know how.
asp.net-core asp.net-identity
asked Nov 13 '18 at 11:22
MDummyMDummy
14019
I have an ASP.NET Core 2.1 App using Identity to manage users. Now the requirement is to also support Windows Authentication. If a Windows user has an account in Identity an automatic login should take place. I think I need to generate an Identity cookie in this situations but don't know how.
asp.net-core asp.net-identity
asp.net-core asp.net-identity
asked Nov 13 '18 at 11:22
MDummyMDummy
14019
asked Nov 13 '18 at 11:22
MDummyMDummy
14019
asked Nov 13 '18 at 11:22
MDummyMDummy
14019
asked Nov 13 '18 at 11:22
MDummyMDummy
14019
asked Nov 13 '18 at 11:22
MDummyMDummy
14019
14019
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
You cannot use both Identity and Windows Auth at the same time. The best you can do is attempt to auth the user via an LDAP connection to your AD server. In short, the user would still need to explicitly sign in, but they could use their domain credentials to do so.
The situation is a little better if you implement IdentityServer. This is a bit more effort, but it can pay dividends in the future from having a centralized auth service (allowing you service APIs, mobile apps, etc.). IdentityServer can handle Windows Auth, but it treats it as an external sign in provider, like Google, Facebook, etc. You'd have a button or whatever to login via Windows, and then it would seamlessly authorize the user. See the IdentityServer docs for more information on that setup.
answered Nov 13 '18 at 14:07
Chris PrattChris Pratt
154k20238303
I know that this would be no best practice but I think it can be realised. Also because @Tratcher wrote such proposal here: stackoverflow.com/questions/49749710/…
– MDummy
Nov 14 '18 at 12:49
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53279937%2fwindows-authentication-to-log-into-identity%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You cannot use both Identity and Windows Auth at the same time. The best you can do is attempt to auth the user via an LDAP connection to your AD server. In short, the user would still need to explicitly sign in, but they could use their domain credentials to do so.
The situation is a little better if you implement IdentityServer. This is a bit more effort, but it can pay dividends in the future from having a centralized auth service (allowing you service APIs, mobile apps, etc.). IdentityServer can handle Windows Auth, but it treats it as an external sign in provider, like Google, Facebook, etc. You'd have a button or whatever to login via Windows, and then it would seamlessly authorize the user. See the IdentityServer docs for more information on that setup.
answered Nov 13 '18 at 14:07
Chris PrattChris Pratt
154k20238303
I know that this would be no best practice but I think it can be realised. Also because @Tratcher wrote such proposal here: stackoverflow.com/questions/49749710/…
– MDummy
Nov 14 '18 at 12:49
add a comment |
You cannot use both Identity and Windows Auth at the same time. The best you can do is attempt to auth the user via an LDAP connection to your AD server. In short, the user would still need to explicitly sign in, but they could use their domain credentials to do so.
The situation is a little better if you implement IdentityServer. This is a bit more effort, but it can pay dividends in the future from having a centralized auth service (allowing you service APIs, mobile apps, etc.). IdentityServer can handle Windows Auth, but it treats it as an external sign in provider, like Google, Facebook, etc. You'd have a button or whatever to login via Windows, and then it would seamlessly authorize the user. See the IdentityServer docs for more information on that setup.
answered Nov 13 '18 at 14:07
Chris PrattChris Pratt
154k20238303
I know that this would be no best practice but I think it can be realised. Also because @Tratcher wrote such proposal here: stackoverflow.com/questions/49749710/…
– MDummy
Nov 14 '18 at 12:49
add a comment |
You cannot use both Identity and Windows Auth at the same time. The best you can do is attempt to auth the user via an LDAP connection to your AD server. In short, the user would still need to explicitly sign in, but they could use their domain credentials to do so.
The situation is a little better if you implement IdentityServer. This is a bit more effort, but it can pay dividends in the future from having a centralized auth service (allowing you service APIs, mobile apps, etc.). IdentityServer can handle Windows Auth, but it treats it as an external sign in provider, like Google, Facebook, etc. You'd have a button or whatever to login via Windows, and then it would seamlessly authorize the user. See the IdentityServer docs for more information on that setup.
answered Nov 13 '18 at 14:07
Chris PrattChris Pratt
154k20238303
You cannot use both Identity and Windows Auth at the same time. The best you can do is attempt to auth the user via an LDAP connection to your AD server. In short, the user would still need to explicitly sign in, but they could use their domain credentials to do so.
The situation is a little better if you implement IdentityServer. This is a bit more effort, but it can pay dividends in the future from having a centralized auth service (allowing you service APIs, mobile apps, etc.). IdentityServer can handle Windows Auth, but it treats it as an external sign in provider, like Google, Facebook, etc. You'd have a button or whatever to login via Windows, and then it would seamlessly authorize the user. See the IdentityServer docs for more information on that setup.
answered Nov 13 '18 at 14:07
Chris PrattChris Pratt
154k20238303
answered Nov 13 '18 at 14:07
Chris PrattChris Pratt
154k20238303
answered Nov 13 '18 at 14:07
Chris PrattChris Pratt
154k20238303
answered Nov 13 '18 at 14:07
Chris PrattChris Pratt
154k20238303
154k20238303
I know that this would be no best practice but I think it can be realised. Also because @Tratcher wrote such proposal here: stackoverflow.com/questions/49749710/…
– MDummy
Nov 14 '18 at 12:49
add a comment |
I know that this would be no best practice but I think it can be realised. Also because @Tratcher wrote such proposal here: stackoverflow.com/questions/49749710/…
– MDummy
Nov 14 '18 at 12:49
I know that this would be no best practice but I think it can be realised. Also because @Tratcher wrote such proposal here: stackoverflow.com/questions/49749710/…
– MDummy
Nov 14 '18 at 12:49
I know that this would be no best practice but I think it can be realised. Also because @Tratcher wrote such proposal here: stackoverflow.com/questions/49749710/…
– MDummy
Nov 14 '18 at 12:49
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53279937%2fwindows-authentication-to-log-into-identity%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
