Click here to Skip to main content
15,895,799 members
Search within:


Articles / All Topics
 
Technical Blog
View Original

IdentityServer v3 and Windows Authentication

Rate me:
Please Sign up or sign in to vote.
5.00/5 (3 votes)
29 Apr 2015CPOL1 min read 30.1K   3   13
IdentityServer v3 and Windows Authentication

Overview

As I was searching for how to use Windows authentication with IdentityServer v3, it was very hard to find a result, or a clue how to apply it, there were no OWIN plugins that provide Windows authentication easily. Also, using Active Directory Federation Services (ADFS) is hard to implement and sometimes, it cannot be done because the network team may refuse to apply it for any reason.

So the need for using the NTLM Windows authentication is required. In this blog, I will show how to attach a windows authentication OWIN middleware with the IdentityServer v3 as an additional identity provider and create a custom external user registration service to provide the full claims with the authentication.

Let's Code

  • At first, you have to download the WebHost(minimal) example from IdentityServer github examples.
  • Then, make sure to enable Windows authentication from project properties as the following screenshot:

    Capture

    Windows authentication and Anonymous authentication are enabled.
  • Install the Windows authentication Nuget package using “Install-Package GbSamples.OwinWinAuth”.
  • Register the installed identity provider to identity server initialization in the startup.cs.
    C#
    public class Startup
{
    public void Configuration(IAppBuilder appBuilder)
    {
        var factory = InMemoryFactory.Create(
            users: Users.Get(),
            clients: Clients.Get(),
            scopes: Scopes.Get());

        var options = new IdentityServerOptions
        {
            IssuerUri = "https://localhost:44333?,
            SiteName = "Ghaleb Samples Single Sign On",
            SigningCertificate = Certificate.Load(),
            Factory = factory,
            AuthenticationOptions = new AuthenticationOptions
            {
                IdentityProviders = ConfigureAdditionalIdentityProviders,
                EnableLocalLogin = true,
                EnableLoginHint = true,
            },
        };

        appBuilder.UseIdentityServer(options);
    }

    public static void ConfigureAdditionalIdentityProviders(IAppBuilder app, string signInAsType)
    {
        app.UseWinAuthentication(new WinAuthenticationOptions()
        {
            SignInAsAuthenticationType = signInAsType
        });
  • Right now, when you request authentication from IdentityServer, you will get the following login page:

    Login page of identity server with the windows authentication provider.

    Login page of identity server with Windows authentication provider.
  • Finally, to be able to get the full use of the user claims, you will have to add Custom External Users Registration, and update the startup file as:
    C#
    var factory = InMemoryFactory.Create(
	    clients: Clients.Get(),
	    scopes: Scopes.Get());
	
	// For custom users registration and reading
	var userService = new ExternalRegistrationUserService();
factory.UserService = new Registration<IUserService>(resolver => userService);

The post IdentityServer v3 and Windows Authentication appeared first on Ghaleb's Blog.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
GhalebBadran
Software Developer (Senior)
United Arab Emirates United Arab Emirates
www.ghalebbadran.com

Comments and Discussions

 
First Prev Next
QuestionNew Update for fixing the 404 issues Pin
GhalebBadran26-Dec-16 16:14
GhalebBadran26-Dec-16 16:14 
QuestionCan I also use it with desktop app? Pin
Jarosław Kończak21-Sep-15 20:27
Jarosław Kończak21-Sep-15 20:27 
QuestionHTTP 404 [Identity Server Address]/windowsAuth Pin
Jarosław Kończak16-Sep-15 0:27
Jarosław Kończak16-Sep-15 0:27 
AnswerRe: HTTP 404 [Identity Server Address]/windowsAuth Pin
JayRogers17-Sep-15 7:12
JayRogers17-Sep-15 7:12 
GeneralRe: HTTP 404 [Identity Server Address]/windowsAuth Pin
Jarosław Kończak18-Sep-15 1:50
Jarosław Kończak18-Sep-15 1:50 
GeneralRe: HTTP 404 [Identity Server Address]/windowsAuth Pin
Jarosław Kończak20-Sep-15 20:46
Jarosław Kończak20-Sep-15 20:46 
GeneralFurther improvements to Windows external Identity Provider Pin
JayRogers21-Sep-15 10:19
JayRogers21-Sep-15 10:19 
GeneralRe: Further improvements to Windows external Identity Provider Pin
Jarosław Kończak21-Sep-15 20:28
Jarosław Kończak21-Sep-15 20:28 
GeneralA note on Firefox Pin
JayRogers21-Sep-15 10:27
JayRogers21-Sep-15 10:27 
QuestionHow to make Windows auth default? Pin
KIM__1-Jul-15 8:33
KIM__1-Jul-15 8:33 
AnswerRe: How to make Windows auth default? Pin
GhalebBadran31-Aug-15 0:15
GhalebBadran31-Aug-15 0:15 
QuestionThat is interesting, my 5 Pin
Win32nipuh2-Jun-15 2:58
professionalWin32nipuh2-Jun-15 2:58 
Thanks!
BugCode snippets are impossible to read unless you select all the text... Pin
Joan M8-May-15 0:22
professionalJoan M8-May-15 0:22 
Last Visit: 31-Dec-99 18:00     Last Update: 10-May-24 15:29Refresh1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 29 Apr 2015

Article Copyright 2015 by GhalebBadran
Everything else Copyright © CodeProject, 1999-2024

Web02 2.8:2024-04-02:1