8

I have a .NET Web API with a bunch of end points/methods that an Angular App calls. I want to now implement the login system against our active directory, and wondering what my options are.

Back in the days, it was simple: windows or forms authentication, and then just some simple configuration in the web.config, and may be a custom provider. But now it seems like there are a lot more options with OWIN, OAuth, token based authentication, etc.

Where do I start? I have a form with username, password, and a login button on the Angular app, and I have the active directory in the backend. What should happen after the user hits the login button? Any direction would help.

Thanks.

Improve this question
6
  • From where do users come? Is it intranet? Commented Dec 19, 2014 at 21:30
  • Yes, it's intranet for now Commented Dec 19, 2014 at 23:15
  • If it is intranet only nothing stop you from using windows authentication as is. You even don't need authentication form. But as I mentioned in my answer it depends on your further plans. Commented Dec 19, 2014 at 23:33
  • How can I do windows authentication with Angular as my front end? I'll still need an Angular View with the username/password fields and a submit button right? Commented Dec 20, 2014 at 16:31
  • 1
    See this article for a fuller walkthrough of using AngularJS/ASP.NET/AD. Note that this is only viable in a situation where the NT logged-in user will always be correct--forget this if users share workstations/logins/etc. Commented Oct 9, 2015 at 12:47

1 Answer 1

Reset to default
1

Well, it depends on what you actually need.

If you want to authenticate only AD users then you can try authenticate in AD on their behalf and in case of success you return either token or authentication cookie.

But I don't think it is a good idea to make users use their domain password unless you have two factor authentication.

It's better to extend AD schema with additional data for authentication through your service or even to have standalone auth server with associated domain user info. Look how it is done in SQL server (but in reverse direction): you need to define internal user corresponding to domain login. This approach allows you to have users that do not belong to AD, sometimes this can be important for outsourcing some tasks.

Look at IdentityServer

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.