Adding FormsAuthentication to validate against AD to a MVC website with no auth

You could use the new identity stuff. lol.



Update web.config to say it's formsauth, stick a path to an action that will deal with the login

  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn"/>
    </authentication>
    <authorization>
      <deny users="?" />
    </authorization>

Create a controller for the above path

    public class AccountController : Controller
    {
        public ActionResult LogOn()
        {
            return View();
        }

Create a corresponding view and a model to hold logon details

viewmodel:

    public class LogOnModel
    {
        [Required]
        [Display(Name = "User name")]
        public string UserName { get; set; }

        [Required]
        [DataType(DataType.Password)]
        [Display(Name = "Password")]
        public string Password { get; set; }

    }

view:

@model Mixr.Web.Models.LogOnModel
@{
    ViewBag.Title = "Log On";
}


<div class="logonPage">
    <div class="logonContainer">
        <h2>Log On</h2>
        <p>

        </p>

        <div class="logonForm">
            @Html.ValidationSummary(true, "Login was unsuccessful. Please correct the errors and try again.")

            <form action="~/Account/LogOn" method="post">
                <fieldset>
                    <legend>Please enter your user name and password:</legend>

                    <div class="labelAndField">
                        <div class="editor-label">
                            @Html.LabelFor(m => m.UserName)
                        </div>
                        <div class="editor-field">
                            @Html.TextBoxFor(m => m.UserName)
                            @Html.ValidationMessageFor(m => m.UserName)
                        </div>
                    </div>
                    <div class="labelAndField">
                        <div class="editor-label">
                            @Html.LabelFor(m => m.Password)
                        </div>
                        <div class="editor-field">
                            @Html.PasswordFor(m => m.Password)
                            @Html.ValidationMessageFor(m => m.Password)
                        </div>
                    </div>

                    <input class="logonButton" type="submit" value="Log On" />
                </fieldset>
            </form>

        </div>
    </div>
</div>


go back to your controller and create a method to recieve the post:

        [HttpPost]
        public ActionResult LogOn(LogOnModel model)
        {
            if (ModelState.IsValid)
            {
                if (Membership.ValidateUser(model.UserName, model.Password))
                {
                    FormsAuthentication.SetAuthCookie(model.UserName, false);
                    return RedirectToAction("Index", "Home");
                }
                ModelState.AddModelError("", "The user name or password provided is incorrect.");
            }

            return View(model);
        }

wow. great. How does this know where your AD is?
Go to the web.config and in system.web add a AD membership provider:

    <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
      <providers>
        <clear />
        <add name="AspNetActiveDirectoryMembershipProvider" connectionStringName="ADService" type="System.Web.Security.ActiveDirectoryMembershipProvider,System.Web, Version=4.0.0.0, Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" attributeMapUsername="sAMAccountName" />
      </providers>
    </membership>


The above expects an entry in your connectionStrings section:

  <connectionStrings>
        <add name="ADService" connectionString="LDAP://wowgreat.co.nz:389" />
  </connectionStrings>


if you're feeling fancy give the user some way to logout

        public ActionResult LogOff()
        {
            FormsAuthentication.SignOut();

            return RedirectToAction("Index", "Home");
        }

Great. now they're authenticated. now you have to do some authorization.