windows-authenticationidentityserver3
Identity Server3 : Windows Authentication : AuthenticationResult always fails
I am using Thinktecture Identity Server 3 (OWIN and Katana) and have been able to make it work for resource owner flow without issues.
However, when it comes to authenticating windows users it fails although i can see while debugging that my custom UserService does validate the user and return a positive AuthenticationResult.
Has anyone experienced this in their implementation?
I shall post the code for the custom UserService here
public class ActiveDirectoryUserService : IUserService
{
private const string Domain = "xxxxx";
public Task PreAuthenticateAsync(PreAuthenticationContext context)
{
return Task.FromResult<AuthenticateResult>(null);
}
public Task AuthenticateLocalAsync(LocalAuthenticationContext context)
{
try
{
using (var pc = new PrincipalContext(ContextType.Domain, Domain))
{
if (pc.ValidateCredentials(context.UserName, context.Password))
{
using (
var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, context.UserName))
{
if (user != null)
{
return
Task.FromResult(new AuthenticateResult(context.UserName, context.UserName, identityProvider: "windows"));
}
}
}
// The user name or password is incorrect
return Task.FromResult<AuthenticateResult>(null);
}
}
catch
{
// Server error
return Task.FromResult<AuthenticateResult>(null);
}
}
public Task AuthenticateExternalAsync(ExternalAuthenticationContext context)
{
return Task.FromResult<AuthenticateResult>(null);
}
public Task PostAuthenticateAsync(PostAuthenticationContext context)
{
return Task.FromResult<AuthenticateResult>(context.AuthenticateResult);
}
public Task SignOutAsync(SignOutContext context)
{
return Task.FromResult<AuthenticateResult>(null);
}
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
using (var pc = new PrincipalContext(ContextType.Domain, Domain))
{
using (var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, context.Subject.Identity.Name))
{
if (user != null)
{
var identity = new ClaimsIdentity();
identity.AddClaims(new[]
{
new Claim(Constants.ClaimTypes.Name, user.DisplayName),
new Claim(Constants.ClaimTypes.Email, user.EmailAddress)
});
if (context.RequestedClaimTypes != null)
return Task.FromResult(identity.Claims.Where(x => context.RequestedClaimTypes.Contains(x.Type)));
return Task.FromResult(identity.Claims);
}
}
return Task.FromResult<IEnumerable<Claim>>(null);
}
}
public Task IsActiveAsync(IsActiveContext context)
{
return Task.FromResult(context.IsActive);
}
}
Solution
return Task.FromResult(new AuthenticateResult(context.UserName, context.UserName, identityProvider: "windows"));
is wrong. it should be:
context.AuthenticateResult = new AuthenticateResult(
context.UserName, context.UserName);
return Task.FromResult(0);
- Handshake error in ASP.NET Core 6 application using Negotiate authentication
- Windows authentication does not work behind AWS Application Load Balancer
- Asp.Net Core HTTP.SYS Windows authentication falls back to NTLM instead of Kerberos
- Issue with Windows Authentication Type on IIS with Multiple Host Bindings
- HTTP Error 404.15 - Not Found ...because the query string is too long
- Windows authentication in DevTunnels
- Blazor server app with Windows Authentication getting 401 unauthorized
- .NET Core 8 - Flurl not using the current user credentials for the default proxy
- No OWIN authentication manager is associated with the request
- Unable to Connect to Local SQL Server with Windows Authentication using SSMS
- How can I prevent the browser caching credentials of the logged in user, when user enters my Blazor server side web app?
- IIS PHP connect to MSSQL using Windows Authentication
- How to do Windows Authentication. I can't get NotAuthorized to show
- Pass-Through Authentication - IIS Virtual Directory
- ASP.NET Windows Authentication logout
- Connect to MySQL database w/ C# as non-root user?
- ASP.NET (Blazor): Trigger windows authentication popup only on a single page
- Any browser (Safari, Chrome or Edge) on iPhone is not prompting for Windows Authentication
- GSSAPI Negotiate authentication fails different domain DNS and Windows Active Directory
- I need to connect my web application to sql server using windows authentication with a different user
- NetworkCredential Error: The user name or password is incorrect - Copy files from one network folder to another in vb.net
- Authentication in Azure DevOps Server using Windows Auth
- Connecting to Microsoft SQL Server in Python
- VBA connect with ADO to SQL Server (Windows authenticated)
- Can't connect to SQL Server with Windows authentication with my ASP.NET Core application (IIS server)
- IIS fails to pass windows credentials through to SQL Server for ASP.NET Core app
- Windows Service impersonate User with AccessToken
- Windows Authentication HttpContext.Current.User returns previous website user
- How to configure ng serve proxy with Windows authentication *and HTTPS*
- What's the difference between the different VS Remote Debugger authentication methods?