I have a Blazor server-side app where the user is authenticated using Windows Authentication from AD without a login page. Since the app is used by multiple users who work on the same workstation, a new requirement came up that the users can enter their windows login when opening the web app. Because otherwise, they would have to login to windows with their credentials to be authenticated with their user name.
I would love to have just the native chrome browser pop up where the user can enter username and password to access the page. Can you give me some hints on where to start? I couldn't find anything. Do I have to implement the call to the AD myself or is there a built in middleware who does this for me?
What I have learned so far is that I cannot use Windows Authentication in this case but have to revert to use other middleware.
Edit: I deactivated Windows Authentication and managed to set up a login page and check user/password against the AD server:
@layout LoginLayout
@page "/Login"
@using Merbag.DataAccessLayer.UserRecertification
@using System.DirectoryServices
@using System.ComponentModel.DataAnnotations
@inject NavigationManager NavigationManager
@inject AuthenticationStateProvider AuthenticationStateProvider
@inject UserRecertificationContext userRecertContext
@inject NavigationManager navManager
@attribute [AllowAnonymous]
<div class="wrapper fadeInDown">
<div id="formContent">
<!-- Login Form -->
<EditForm Model="@userCredentials" OnValidSubmit="@HandleValidSubmit">
<DataAnnotationsValidator />
<ValidationSummary />
<div class="row">
<div class="col-md-12">
<label>User Name :</label>
<input type="text" @bind-value="userCredentials.UserName" id="login" class="fadeIn second" placeholder="login" />
<ValidationMessage For="@(()=> userCredentials.UserName)" />
</div>
<div class="col-md-12">
<label>Password</label>
<input type="password" @bind-value="userCredentials.Password" id="password" class="fadeIn third" placeholder="password" />
<ValidationMessage For="@(()=> userCredentials.Password)" />
</div>
<input type="submit" class="fadeIn fourth" value="Log In">
</div>
</EditForm>
</div>
</div>
@if (showAuthenticationError)
{
<div class="alert alert-danger" role="alert">
<p>@authenticationErrorText</p>
</div>
}
@code {
private bool showAuthenticationError { get; set; } = false;
private string authenticationErrorText = "";
private AuthenticationUserModel userCredentials { get; set; } = new AuthenticationUserModel();
private void HandleValidSubmit()
{
DirectoryEntry entry = new DirectoryEntry();
entry = new DirectoryEntry("LDAP://myldap");
entry.Username = userCredentials.UserName;
entry.Password = userCredentials.Password;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + userCredentials.UserName + ")";
SearchResult result = search.FindOne();
if (result == null)
{
//return false;
}
else
{
navManager.NavigateTo("/Index", true);
}
}
public class AuthenticationUserModel
{
[Required(ErrorMessage = "Username is required.")]
public string UserName { get; set; }
[Required(ErrorMessage = "Password is required.")]
public string Password { get; set; }
}
}
The call against the AD server obviously works, I receive the user name and other stuff. Now I'm struggling to tell the app that this user is an actual user and he should be treated as such, i.e. the <AuthorizeView> should work.
