65.9K
CodeProject is changing. Read more.
Home

IdentityServer v3 and Windows Authentication

GhalebBadran
starIconstarIconstarIconstarIconstarIcon

5.00/5 (3 votes)

Apr 29, 2015

CPOL

1 min read

viewsIcon

30984

IdentityServer v3 and Windows Authentication

Overview

As I was searching for how to use Windows authentication with IdentityServer v3, it was very hard to find a result, or a clue how to apply it, there were no OWIN plugins that provide Windows authentication easily. Also, using Active Directory Federation Services (ADFS) is hard to implement and sometimes, it cannot be done because the network team may refuse to apply it for any reason.

So the need for using the NTLM Windows authentication is required. In this blog, I will show how to attach a windows authentication OWIN middleware with the IdentityServer v3 as an additional identity provider and create a custom external user registration service to provide the full claims with the authentication.

Let's Code

  • At first, you have to download the WebHost(minimal) example from IdentityServer github examples.
  • Then, make sure to enable Windows authentication from project properties as the following screenshot:

    Capture

    Windows authentication and Anonymous authentication are enabled.
  • Install the Windows authentication Nuget package using “Install-Package GbSamples.OwinWinAuth”.
  • Register the installed identity provider to identity server initialization in the startup.cs. 
    public class Startup
{
    public void Configuration(IAppBuilder appBuilder)
    {
        var factory = InMemoryFactory.Create(
            users: Users.Get(),
            clients: Clients.Get(),
            scopes: Scopes.Get());

        var options = new IdentityServerOptions
        {
            IssuerUri = “https://localhost:44333?,
            SiteName = “Ghaleb Samples Single Sign On”,
            SigningCertificate = Certificate.Load(),
            Factory = factory,
            AuthenticationOptions = new AuthenticationOptions
            {
                IdentityProviders = ConfigureAdditionalIdentityProviders,
                EnableLocalLogin = true,
                EnableLoginHint = true,
            },
        };

        appBuilder.UseIdentityServer(options);
    }

    public static void ConfigureAdditionalIdentityProviders(IAppBuilder app, string signInAsType)
    {
        app.UseWinAuthentication(new WinAuthenticationOptions()
        {
            SignInAsAuthenticationType = signInAsType
        });
  • Right now, when you request authentication from IdentityServer, you will get the following login page:

    Login page of identity server with the windows authentication provider.

    Login page of identity server with Windows authentication provider.
  • Finally, to be able to get the full use of the user claims, you will have to add Custom External Users Registration, and update the startup file as: 
    var factory = InMemoryFactory.Create(
	    clients: Clients.Get(),
	    scopes: Scopes.Get());
	
	// For custom users registration and reading
	var userService = new ExternalRegistrationUserService();
factory.UserService = new Registration<IUserService>(resolver => userService);

The post IdentityServer v3 and Windows Authentication appeared first on Ghaleb's Blog.