Skip to content
This repository has been archived by the owner on Apr 27, 2021. It is now read-only.

Integration with Active Directory

Jump to bottom
Michael Vidal edited this page Apr 21, 2017 · 3 revisions

Overview

One of the scenarios that we want to support is providing an Authentication service that can use Active Directory as a third party Identity Provider. IdentityServer4 provides this capability out of the box, provided you adhere to the following:

  • Ensure the Quickstart/Account/AccountOptions.cs class has the WindowsAuthenticationEnabled property set to true
  • Ensure the app is setup to use IIS Integration in the Main method, e.g.: WebHostBuilder().UseIISIntegration()
  • Deploy the service to a Windows machine with IIS installed that is domain joined to the domain you want to authenticate against
  • Make sure that the virtual directory in IIS has both Windows and Anonymous authentication enabled

Current state of validation

We've setup an AD Forest with one domain in Azure. There are two machines in that resource group - the domain controller and an app server, the app server is a domain joined machine. The app server hosts two websites: the Identity Service (based on IdentityServer4) and the MVC app.

With this setup we have validated at a POC level that the following scenarios work:

  1. IdService, App, and User all on domain joined machines.
  2. IdService domain joined and the App Server and User on a machine outside the domain
  3. IdService and App Server domain joined, and User on a machine outside the domain

We have yet to validate the scenario where the IdService and the User are on domain joined machines, and the App service is on a machine outside the domain.

Notes about the AD Forest installation

We followed the high level instructions in this Azure document to create the domain:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-new-forest-virtual-machine

For detailed steps on setting up the Domain Controller, we followed this blog post:

https://www.psattack.com/articles/20160718/setting-up-an-active-directory-lab-part-1/

Lastly, for detailed steps on setting up the App Server we followed these articles for hosting .net core on iis and setting up web deploy:

https://docs.microsoft.com/en-us/aspnet/core/publishing/iis
https://ankitvijay.net/2016/05/18/publish-web-app-to-azure-virtual-machine-part-1/

Table of Contents

Overview

API Reference

Installation and Configuration

Clone this wiki locally