Using Active Directory to login using a local user
I am using the standard Simple Membership model for login via forms in my
application. I would like to provide the possibility to login via AD as an
alternative.
When logging in via AD, the process should be as follows:
Check that AD authenticates the user, but do not use the information for
the principal.
Check if any local user exists with the provided Active Directory username
(I have a property on my UserProfile model named ActiveDirectoryID).
If it exists, perform a local login using the local username for this
UserProfile.
The problem: I cannot retrieve the local password, so in order to login
locally after AD authentication, I need to be able to force the login
without the password.
I've considered the following strategies:
Create an extension method for Websecurity to allow
Websecurity.Login(string username)
Somehow set the logged in user manually, without implicating Websecurity.
Is this doable / feasible? Is it possible for the framework to create the
necessary auth cookie without the plaintext password? And how would I do
this?
No comments:
Post a Comment