AD Auth

Aug 2, 2013 at 1:27 PM
Is it easily possible to swap out the aspnet user auth to AD Authentication? If So, where should I look and what gotcha's do you think would hamper this switch?
Coordinator
Aug 2, 2013 at 3:17 PM
Edited Aug 2, 2013 at 3:17 PM
MixNP currently uses FormsAuthentication provider. The table dbo.Users stores user credentials and the primary key is dbo.Users.EmailAddress. It is certainly possible to use Active Directory authentication, but you would have to take few considerations into account.

In Short:
If you use Active Directory authentication you would have to customize the functionality of "Sign Up", "Alert Me", and "Password Reset Requests",

Querying Email Address
In MixNP, the method to uniquely identify a user is by the email address, not the user name. Click here for "Querying Active Directory for User Emails". However, please also take into consideration that AD does not guarantee unique email addresses and the fact that a domain user could possibly have multiple email addresses. You would have to carefully evaluate the approach on detecting user's email.

Using Active Directory User Names Instead of Email Addresses
Contrary to the above, you could use the fully qualified user name such as UserName@LOCALHOST.LOCALDOMAIN and store it in "EmailAddress" column in the database. But then, you would have to change the logic of the signup process since MixNP tends to send an email to verify a user. Please refer to MixNP.Web.Classifieds.Account.SignUp.

Moreover, you could just ignore the term "EmailAddress" on "dbo.Users" table and consider the column as "UserName" and use any of the following Active Directory User Name Notations: LOCALHOST.LOCALDOMAIN\UserName or LOCALDOMAIN\UserName or UserName@LOCALDOMAIN or simply UserName.

Additionally, you could also safely rename all the database columns from "EmailAddress" to "UserName" except on the following database objects:
  • Stored Procedure dbo.CreateEmail
  • Table dbo.OutgoingEmails on database "Messaging".
Read the following article on How to Authenticate Against Active Directory:
http://support.microsoft.com/kb/316748

Lastly
For each case, you would have to ignore\drop the following fields in dbo.Users table:
  • Salt
  • Password
  • IsLockedOut
  • LastLockOutDate
  • LockOutDates
  • TotalLockOuts
Hope I was able to help. Cheers!