This project implements middleware for ASP.NET Core that enables authenticating users against LDAP directories like Active Directory via an LDAP bind.
There are two flavours, the first being Visus.LdapAuthentication, which uses Novell's C#-only LDAP library rather than the Windows-only DirectoryServices and is therefore running on Windows and Linux.
The second, Visus.DirectoryAuthentication, is a drop-in replacement using System.DirectorySerices.Protocols, which is a platform-independent implementation of LDAP services since .NET 5, but requires native LDAP libraries for P/Invoke being installed.
Built-in user objects are automatically mapped to Active Directory attributes based on code annotations and include commonly used claims like user name, actual names, e-mail addresses and group memberships. If necessary, you can also provide your own user object that uses a completely different mapping of LDAP attributes to claims.
- Using Visus.LdapAuthentication
- Using Visus.DirectoryAuthentication
- Differences between LdapAuthentication and DirectoryAuthentication
See README for Visus.LdapAuthentication.
See README for Visus.DirectoryAuthentication
Warning We do not have Visus.DirectoryAuthentication in production yet, so it has only been tested using artificial test cases.
Visus.DirectoryAuthentication and Visus.LdapAuthentication can mostly be used interchangeably with a few exceptions:
System.DirectorySerices.Protocolsrequires native LDAP libraries for P/Invoke being installed. This should be the case for all Windows platforms by default, but on Linux,libldapmust be installed.- The
ILdapOptions.Timeoutproperty is aSystem.TimeSpanrather than a number representing milliseconds. When configuring from JSON, use a string in the format "hh:mm:ss". ILdapOptions.RootCaThumbprintis not supported. You can, however, check the immediate issuer of the server's certificate usingILdapOptions.ServerCertificateIssuer.ILdapOptionsdoes not provide the legacy string-basedSearchBaseoption, but must be configured with theIDictionary<string, System.DirectoryServices.Protocols.SearchScope>variant. This is a breaking change compared to version 0.4.0!.- TODO: Bind using Windows credentials.