How to authenticate user via AD or via SQL Server Database

Question

How to authenticate user via AD or via SQL Server Database

Asked 7 years, 1 month ago

Viewed 796 times

3

The user has to access via Active Director authenticationy when you are in the premises of the Company and when you are outside the Company the access will be via login and password query in an SQL Server database.

In the case of access via AD the configuration of web.config should be as follows:

<authentication mode="Windows" />
    <authorization>
      <deny users="?" />
    </authorization>

In the code of the page Index I would do something like this to identify the user (I don’t know if it’s enough) ?

var usuario = User.Identity.Name;
    if(usuario != ""){
        //Acesso liberado
    }else{
         return RedirectToAction("Tela_de_Login");
    }

And for authentication via consultation SQL Server I would do so:

<authentication mode="Forms">
      <forms loginUrl="/Usuario/Login" timeout="2800"></forms>
    </authentication>

Doubt:

There will be some conflict if I implement these two Web.config settings ?

How to make the system know if the user is accessing inside the Company’s domain or accessing via the Web, that is, from outside the Company’s domain ?

Note: I know that some settings should be made in IIS as well.

1

@Adriansuv: Would the same user have two different forms of authentication, stored in different environments? Does this make sense? // Why not always authenticate against AD, even if the user is out of? // External access could not be via VPN?

– José Diz

2017/05/12 at 10:30
No, external access must be through any computer via browser.

– hard123

2017/05/12 at 15:56
1

The system in the company where I work works like this. You have to use Forms Authentication, but on Global.asax you place an event at the end of the request, to verify that the Response is a 302 (i.e., unauthorized/authenticated user, would normally redirect to the login page), but then you change the http response code to 401 if you detect that the client is inside the network (thus forcing the browser to negotiate windows credentials for authentication). However, I would never use the AD user to log into the BD, but there it is from each company.

– Alisson

2017/05/17 at 00:38
Got it @Alisson, so far your suggestion was the closest I’m looking for and I believe yes it will work thanks for the answer, but in your comment there is no user of AD what exists is the user who is logged in to the machine and can be any user, example Joao.silva of Commercial or ana maria. of marketing That’s what we’re talking about ?

– hard123

2017/05/17 at 11:26
1

Usually on an enterprise network the user who is logged in to the machine has to have a user in AD, that is, there is a AD user. In this application, only AD users will be able to authenticate, or an external user (e.g., a client/supplier) will be able to authenticate with user and password, without having user in AD?

– Alisson

2017/05/17 at 16:41
Correct @Alisson ! , it was just a misinterpretation on my part about the AD user, so I implement will give a feedback.

– hard123

2017/05/17 at 19:09

Show 1 more comment

1 answer

Browser other questions tagged asp.net-mvc sql-server iis active-directory

You are not signed in. Login or sign up in order to post.

by Julio Cesar S. Cunha • 11 points · Answer 1 · 2018-05-16T13:23:55+00:00

You could implement using the 2 types of AD and Database logins.

In the login screen the system "search" the user in the AD:

If it exists, it makes the procedure to validate the user (check if user and password are valid).
If it doesn’t exist, go straight to the BD and validate.

See if this link can help you: https://tech.trailmax.info/2016/03/using-owin-and-active-directory-to-authenticate-users-in-asp-net-mvc-5-application/