Looking for some help with AD authentication

Hi there!

Im testing AD features and tried to use free online LDAP servers for testing purposes (for example, www.zflexldap.com). I could not make any one of them work in my application. Does AD authentication requires true Microsoft AD server?

If not, what is the USER string that I am supposed to enter?
I can connect via ldp.exe with complex user string like 'uid=guest1,ou=users,ou=guests,dc=zflexsoftware,dc=com'. But Radzen IDE does not let me use it asking for @domain.

Thanks for support

Art

Hi @art,

Radzen has only been tested with Microsoft Active Directory. It will probably not work with that free online service. More info about the configuration is available in the Active Directory help article.

Thanks,

Do you think I should better install AD for testing purposes locally or it can be on Azure as well?
And one more question, maybe you could post an example of correct appsettings.json with AD connection part. I have a concern that ""ConnectionStrings" is empty in my case. Though this may be OK.

Thanks

Art

As far as I know Azure AD and Active Directory are different technologies. The first is based on OAuth and the latter is LDAP. Radzen supports Active Directory and you will need an installation of it if you want to test it.

Thanks,

finally everything works OK.

Though I came across minor bug. When you do an app with AD authentication with no datasources, initial login page sends request to localhost instead of server name or IP.
After you plug a datasource to the project everything works OK and login is sent to correct URL.

This is hardly possible in reallife project though it took a while to figure out what was wrong in my case

Art

Hi again,

I noticed some server errors during AD authentication. In particular, if user is not member of any group in AD the GetRolesAsync in ApplicationUserManager raises exception at memberOf = result.GetAttribute("memberOf") if result has no memberOf key. I had to wrap it in try catch block.

It is also strange that nameid property of user profile is set randomly every login. I would expect it is linked to user GUID or SID in AD (like in the case of Security implementation based on MySQL database).

Maybe it will help others when playing with AD authentication.

Cheers

A