Search code examples
asp.net-mvc-4active-directoryiis-10

Automatically log user into existing ASP.NET MVC 4 web app based on whether user has an Active Directory account

I hope someone can help me with the following scenario, as I've been trolling the web for without success for a couple of days now.

The scenario I'm facing is how do I automatically bypass the login screen and go directly to the dashboard if the user exists in Active Directory (AD)? If the user does not exist i.e. user does not have an Active Directory (AD) account redirect the user to a login page.

Attached is a picture to explain the process better.

enter image description here

If I run the ASP.NET MVC 4 web app using "IIS Express" the username and domain are correct, and I automatically get logged in because my credentials are correct for e.g:

username   => "username"
domain     => "domain"

But If I run the solution on my "Local IIS" the credentials are incorrect because IIS logs in using the following credentials:

web.config setting (identity impersonate="false")
username   => "NT AUTHORITY\\IUSR"
domain     => "IIS APPPOOL"

web.config setting (identity impersonate="true")
username   => "NT AUTHORITY\\IUSR"
domain => "NT AUTHORITY"

[15/11/2017] Update

It seems like it's failing on UserPrincipal.FindByIdentity as I built in basic logging so I can get a better understanding of where it's failing on the server.

The error I'm getting is "An operations error occurred.".

The settings in IIS of interest are as follows:

"Application Pools" Advanced Settings...

Enable 32-Bit Applications  = True
Identity                    = NetworkService

And the Websites Authentication setting are as follows:

Anonymous Authentication    = Disabled
ASP.NET Impersonation       = Enabled
Basic Authentication        = Disabled
Forms Authentication        = Disabled
Windows Authentication      = Enabled

[16/11/2017] Update

Turned off Impersonation in IIS and set the Identity to ApplicationPoolIdentity

Here are my values from the log file I created:

[2017-11-16 07:17:52 AM]    Windows username    => username (e.g. jdoe)
[2017-11-16 07:17:52 AM]    Domain              => IIS APPPOOL
[2017-11-16 07:21:18 AM]    Windows username    => username (e.g. jdoe)
[2017-11-16 07:21:18 AM]    Domain              => IIS APPPOOL
[2017-11-16 07:23:38 AM]    Windows username    => username (e.g. jdoe)
[2017-11-16 07:23:38 AM]    Domain              => IIS APPPOOL

[16/11/2017] Solution

"Application Pools" Advanced Settings...

Enable 32-Bit Applications  = True
Identity                    = NetworkService

And the Websites Authentication setting are as follows:

Anonymous Authentication    = Disabled
ASP.NET Impersonation       = Disabled
Basic Authentication        = Disabled
Forms Authentication        = Disabled
Windows Authentication      = Enabled

Cheers,

Tim

Solution

  • Enable Windows Authentication in your Local ISS. ISS screenshot

    This should solve the issue you are having with your local ISS.