asp.net-mvc – How to authenticate user via AD or via SQL Server Bank

Question:

The user has to access via Active Director authentication when on the Company's premises and when outside the Company, access will be via login and password query in a SQL Server database.

In the case of access via AD, the web.config configuration should be as follows:

<authentication mode="Windows" />
    <authorization>
      <deny users="?" />
    </authorization>

In the Index page code would I do something like this to identify the user (I don't know if it's enough) ?

var usuario = User.Identity.Name;
    if(usuario != ""){
        //Acesso liberado
    }else{
         return RedirectToAction("Tela_de_Login");
    }

And for an authentication via SQL Server query I would do it like this:

<authentication mode="Forms">
      <forms loginUrl="/Usuario/Login" timeout="2800"></forms>
    </authentication>

Doubt:

Will there be any conflict if I implement these two Web.config settings?

How can the system know if the user is accessing within the Company's domain or accessing via the Web, that is, from outside the Company's domain?

Obs.: I know that some configurations must be done in IIS too.

Answer:

You could implement using both AD and Database login types.

On the login screen the system "searches" the user in AD:

  • If it exists, it performs the procedure to validate the user (check if the username and password are valid).

  • If it doesn't exist, it goes straight to the DB and validates it.

See if this link can help you: https://tech.trailmax.info/2016/03/using-owin-and-active-directory-to-authenticate-users-in-asp-net-mvc-5-application/

Scroll to Top