Closed Saquibadil closed 9 years ago
Not sure why you are trying to simulate this, as your users will still be able to authenticate using the windows authentication end point over the web given they provide full domain\username.
Anyway, the missing piece in your code is the provider key, which is the _nameidentifier_ claim, The value OWIN-MixedAuth uses for this claim is the domain user SID.
Thanks.
If I pass domain user SID, it will only authenticate the user if the user is in network.
Can you give an example of how I can configure windows authentication end point and how I can make use of it in code.
Thank you!
Yes, the external login will be matched against linked logins stored in the database. The local user linked to that login will be authenticated.
The windows authentication endpoint is part of MixedAuthOptions
and the default path is /MixedAuth
.
I thought you were trying to simulate the windows login flow ? but now I'm not sure!
Unfortunately, our architecture does not allow to link local logins with external logins and the local logins are stored in a separate database which is only accessible via a service. Local users will never register as external user.
With that in mind we are implementing these requirements:
1 and 2 are straight forward for authentication.
For 3, I have found this solution a little while ago... https://stackoverflow.com/questions/22027753/mixed-mode-authentication-with-owin/25128474#25128474
It connects the domain using PrincipalContext, but it takes only the domain name to connect (Is it safe?)
This solution seems to be working for me so far, but I need to also integrate Roles and Claims, can you suggest me a good way of doing that?
Thank you!
Is it safe ?
If you are not using HTTPS, then your domain users will be sending their AD credentials in plain text over the network.
I need to also integrate Roles and Claims, can you suggest me a good way of doing that?
See issue #9
I just wanted to ask a question to you not "raise an issue", but looks like this is the only way I can reach out to you.
My question is:
I have implemented Owin-MixedAuth in my project. But the new requirement is that the intranet users should be able to Login over internet (from home). We have a service which accepts username and password and returns the user details and confirms the validity of the user. What is the correct way to implement it. Here is how I started to implement it...
I Appreciate your help!