How to Use Active Directory (via LDAP) in .NetStandard 2.x ASP.Net Core 3.x (using the C# Novell LDAP library)
I tried to rewrite (re-implementing) this source code, thanks to brechtb86. I add new features, upgrade that to .net standard 2.x and aspnetcore 3.x and also working on integration with identity-core
first things first, you can correct and fill data in appsettings.ldap.json and add them to your appsettings.json instead of hard coding ldap settings
{
"LdapSettings": {
"ServerName": "servername.domain.com",
"ServerPort": 389,
"UseSSL": false,
"Credentials": {
"DomainUserName": "domain.com\\username",
"Password": "xxxxxx"
},
"UpnSuffixes": "domain1.com,domain2.com",
"SearchBase": "DC=domain,DC=com",
"ContainerName": "DC=domain,DC=com",
"DomainName": "domain.com",
"DomainDistinguishedName": "DC=domain,DC=com"
}
}
you can bind above settings to the MicroLib.LdapHelper.Core.Settings.LdapSettings.cs class at startup.cs
- Install the nuget package
Install-Package MicroLib.LdapHelper.Core
- Config DI Container
services.AddLdapHelperServices(new LdapSettings
{
ServerName = "server.domain.com",
ServerPort = 389,
UseSSL = false,
UpnSuffixes = new string[] { "domain1.com", "domain2.com" },
Credentials = new LdapCredentials
{
DomainUserName = "[email protected]",
Password = "password"
},
SearchBase = "DC=domain,DC=com",
ContainerName = "DC=domain,DC=com",
DomainName = "domain.com",
DomainDistinguishedName = "DC=domain,DC=com"
});
// in console apps
services.AddOptions();
Inject ILdapBaseService in the class(login controller) and work with ldap directly
- Install the nuget package
Install-Package MicroLib.LdapHelper.Core.Identity
// also you need to install following nuget packages for use Identity
Install-Package Microsoft.AspNetCore.Identity.EntityFrameworkCore Version="3.1.0"
Install-Package Microsoft.AspNetCore.Identity.UI Version="3.1.0"
Install-Package Microsoft.EntityFrameworkCore.SqlServer Version="3.1.0"
Install-Package Microsoft.EntityFrameworkCore.Tools Version="3.1.0"
- Config DI Container
services.AddLdapIdentityHelperServices(new LdapSettings
{
ServerName = "server.domain.com",
ServerPort = 389,
UseSSL = false,
UpnSuffixes =new string[] { "domain1.com","domain2.com"},
Credentials = new LdapCredentials
{
DomainUserName = "[email protected]",
Password = "password"
},
SearchBase = "DC=domain,DC=com",
ContainerName = "DC=domain,DC=com",
DomainName = "domain.com",
DomainDistinguishedName = "DC=domain,DC=com"
});
Inject ILdapBaseService in the class(login controller) and work with ldap directly instead of UserManager and Identity
- the first way that I named it "LdapBase", and it means all users managment functionality will be by ActiveDirectory. in this way we use IdentityCore just for Signing-in (security) and working with UserManager (but with the active directory repository)
services.AddIdentity<LdapIdentityUser, IdentityRole>(options =>
{
///
})
.AddEntityFrameworkStores<LdapIdentityDbContext>()
.AddUserManager<LdapBaseUserManager>()
.AddSignInManager<LdapBaseSignInManager>()
.AddDefaultTokenProviders();
- the second way that I named it "IdentityBase", and you will able to work with IdentityCore as before, but the usernames in AspNetUsers table should be same with Username in ActiveDirectory and also password in IdentityDb will not matter yet (the users passwords checks from ldap)
services.AddIdentity<IdentityUser, IdentityRole>(options =>
{
///
})
.AddEntityFrameworkStores<LdapIdentityDbContext>()
.AddUserManager<IdentityBaseUserManager>()
.AddSignInManager<IdentityBaseSignInManager>()
.AddDefaultTokenProviders();