This project implements middleware for ASP.NET Core that enables authenticating users against LDAP directories like Active Directory via an LDAP bind.
There are two flavours, the first being Visus.LdapAuthentication, which uses Novell's C#-only LDAP library rather than the Windows-only DirectoryServices and is therefore running on Windows and Linux.
The second, Visus.DirectoryAuthentication, is a drop-in replacement using System.DirectorySerices.Protocols, which is a platform-independent implementation of LDAP services since .NET 5, but requires native LDAP libraries for P/Invoke being installed.
Built-in user objects are automatically mapped to Active Directory attributes based on code annotations and include commonly used claims like user name, actual names, e-mail addresses and group memberships. If necessary, you can also provide your own user object that uses a completely different mapping of LDAP attributes to claims.
See README for Visus.LdapAuthentication.
See README for Visus.DirectoryAuthentication
Version 2.0 is a major rewrite of both libraries, which removes previously deprecated functionality and unifies large parts of the implementation between LdapAuthentication and DirectoryAuthentication in the Visus.Ldap.Core
library. The most important changes to the 1.x branch are:
ILdapUser
interface has been removed.LdapMapper
class, which can be replaced by users of the library. The default implementation of the mapper uses reflection and the attribute annotations from previous versions of the library to support arbitrary user/group classes.Claim
s is now performed by a ClaimsBuilder
class, which can be replaced by users of the library. The default implementation of the builder uses reflection and the attribute annotations form previous versions of the library to support arbitrary user/group classes.Claim
s from user/group object, the library now supports direct creation of Claim
s from LDAP entries via the ClaimsMapper
, which can be replaced by users of the library. The default implementation of the mapper uses reflection and the attribute annotations from previous versions of the library to support arbitrary user/group classes.ILdapOptions
interface has been removed. All configuration is performed via the common options pattern and the LdapOptions
class.LdapOptions
, which is exectued on startup, thus preventing the application from starting if obvious configuration errors have been made.AddLdapAuthentication
. Extension methods for adding subsets of the services have been removed.System.TimeSpan
for configuring timeouts. When configuring from JSON, use a string in the format "hh:mm:ss".async
/await
.ClaimsPrincipal
s instead of custom user objects to facilitate the implementation of login controllers.AddLdapAuthentication
. The template parameters allow you to change the type of user and group that the LDAP entries are mapped to.using
statements. Some shared classes like LdapUser
have been moved from the Visus.DirectoryAuthentication
and Visus.LdapAuthentication
namespaces to the shared Visus.Ldap
namespace. Furthermore, the namespaces are now structured to isolate LDAP mapping, claims mapping, etc.ILdapAuthenticationService.Login
with ILdapAuthenticationService.LoginUser
or ILdapAuthenticationService.LoginPrincipal
depending on your needs.LdapAttributeAttribute.GetLdapAttribute
to reflect on LDAP attribute mappings in your code, inject ILdapAttributeMap<LdapUserOrGroup>
to obtain similar information. ILdapAttributeMap
s provide direct access to attribute names and PropertyInfo
s and are more efficient than the previous on-demand reflection.Visus.DirectoryAuthentication and Visus.LdapAuthentication can mostly be used interchangeably with a few exceptions:
System.DirectorySerices.Protocols
requires native LDAP libraries for P/Invoke being installed. This should be the case for all Windows platforms by default, but on Linux, libldap
must be installed.System.DirectorySerices.Protocols
lacking a bunch of features on top of libldap
.LdapOptions.RootCaThumbprint
is not supported. You can, however, check the immediate issuer of the server's certificate using LdapOptions.ServerCertificateIssuer
.LdapOptions.AuthenticationType
.LdapOptions.ServerSelectionPolicy
.