ASP.NET Core + Auth0 : Windows Authentication, AD Authorization

Help
, , , ,
1

I am looking for a framework / demo of how to integrate ASP.NET and Angular into a SPA. The current hurdle I’m trying to jump is how to implement Windows Authentication and AD Authorization.

I currently have Windows Authentication and AD Authorization working in my ASP.NET Web App (not core). It seems there are a lot of examples of how ASP.NET Core and Angular 2 work together beautifully to create SPAs, but when I was previously considering using ASP.NET Core, I could not find a good solution to Windows Authentication and Windows AD Authorization. This is an intranet webapp.

In my current working solution I’m using DirectoryEntry and DirectorySearcher to grab the user’s domain, and then searching the appropriate AD server to see if the user is in the permission group (param).

I would love an alternative that is more sleak and allows for the standard ASP.NET authorization:

Authorize(Role="Admin")
public ActionResult Do() { }

Is Auth0 the solution I’ve been looking for? Any examples or demos in particular would be fantastic.

2

The decision needs to be ultimately taken by you, but based on the information you provided about your requirements I can point you to the relevant information:

  • integration with Active Directory is supported which means that we can abstract the details of anything AD specific and provide you with a consistent form of user authentication for your client application. For example, your application would always talk OAuth2/OpenID Connect (OIDC) with Auth0 while users can authenticate using AD or any other of the supported connection types.
  • you can follow the Angular quickstart to get an idea on how to integrate an Angular application.
  • you can follow the ASP.NET Core Web API for an example on how to have an API which can then be used by the SPA.

Long story short, you would use an OAuth2/OIDC implicit grant from your SPA in order to receive an ID token containing information about the authenticate users and also an access token that could be used to call into the back-end API.