-
-
Save tjrobinson/0ad6c790e90d7a385eb1 to your computer and use it in GitHub Desktop.
using System; | |
using System.Collections.Generic; | |
using System.DirectoryServices.AccountManagement; | |
using System.Linq; | |
using System.Security.Claims; | |
using System.Threading.Tasks; | |
using Thinktecture.IdentityServer.Core; | |
using Thinktecture.IdentityServer.Core.Models; | |
using Thinktecture.IdentityServer.Core.Services; | |
namespace SampleApp | |
{ | |
public class ActiveDirectoryUserService : IUserService | |
{ | |
private const string DOMAIN = "MYDOMAIN"; | |
public Task<AuthenticateResult> AuthenticateExternalAsync(ExternalIdentity externalUser, SignInMessage message) | |
{ | |
return Task.FromResult<AuthenticateResult>(null); | |
} | |
public Task<AuthenticateResult> AuthenticateLocalAsync(string username, string password, SignInMessage message) | |
{ | |
try | |
{ | |
using (var pc = new PrincipalContext(ContextType.Domain, DOMAIN)) | |
{ | |
if (pc.ValidateCredentials(username, password)) | |
{ | |
using (var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, username)) | |
{ | |
if (user != null) | |
{ | |
return Task.FromResult(new AuthenticateResult(subject: Guid.NewGuid().ToString(), name: username)); | |
} | |
} | |
} | |
// The user name or password is incorrect | |
return Task.FromResult<AuthenticateResult>(null); | |
} | |
} | |
catch | |
{ | |
// Server error | |
return Task.FromResult<AuthenticateResult>(null); | |
} | |
} | |
public Task<IEnumerable<Claim>> GetProfileDataAsync(ClaimsPrincipal subject, IEnumerable<string> requestedClaimTypes = null) | |
{ | |
using (var pc = new PrincipalContext(ContextType.Domain, DOMAIN)) | |
{ | |
using (var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, subject.Identity.Name)) | |
{ | |
if (user != null) | |
{ | |
var identity = new ClaimsIdentity(); | |
identity.AddClaims(new[] | |
{ | |
new Claim(Constants.ClaimTypes.Name, user.DisplayName), | |
new Claim(Constants.ClaimTypes.Email, user.EmailAddress) | |
}); | |
if (requestedClaimTypes != null) | |
return Task.FromResult(identity.Claims.Where(x => requestedClaimTypes.Contains(x.Type))); | |
return Task.FromResult(identity.Claims); | |
} | |
} | |
return Task.FromResult<IEnumerable<Claim>>(null); | |
} | |
} | |
public Task<bool> IsActiveAsync(ClaimsPrincipal subject) | |
{ | |
using (var pc = new PrincipalContext(ContextType.Domain, DOMAIN)) | |
{ | |
using (var aduser = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, subject.Identity.Name)) | |
{ | |
return Task.FromResult(aduser != null); | |
} | |
} | |
} | |
public Task<AuthenticateResult> PreAuthenticateAsync(SignInMessage message) | |
{ | |
return Task.FromResult<AuthenticateResult>(null); | |
} | |
public Task SignOutAsync(ClaimsPrincipal subject) | |
{ | |
return Task.FromResult(0); | |
} | |
} | |
} |
is there a IdentityServer4 version of this service?
hi, i'm a newbie but read most of the available docs for identity server. can you please guide me on how to integrate this file on in idsrv standalone. I want to be able to have an option to select win or windows button to authenticate the user. I've added this cs file and registered this IuserService on my startup.cs file.
factory.UserService = new Registration(typeof(ActiveDirectoryUserService));
also added an option:
app.UseWindowsAuthenticationService(new WindowsAuthenticationOptions {
IdpRealm = "urn:idp",
IdpReplyUrl = "https://localhost:44300/core/was",
SigningCertificate = Cert.Load() });
but when i ran my idsrv i get this error - The type 'Idsrv3.ActiveDirectoryUserService' is not assignable to service 'decorator.inner (IdentityServer3.Core.Services.IUserService)
thanks for your time and assistance.
using this class i end up having this error - The type 'Idsrv3.ActiveDirectoryUserService' is not assignable to service 'decorator.inner (IdentityServer3.Core.Services.IUserService)'.
what did i miss?
nm i used my custom user service instead..
@tjrobinson, IdentityServer 3 version 2 has a number of breaking changes. Please see my fork for changes.