[Mono-dev] Windows Integrated Authentication

Marek Habersack grendel at twistedcode.net
Wed Nov 24 11:46:46 EST 2010 

On Wed, 24 Nov 2010 07:11:11 -0800 (PST)
agez <helmut_ziegler at gmx.de> wrote:

> 
> Hi,
Hey,
 
> we're developing an ASP.Net MVC2 web application for the Intranet and wanted
> to use Windows Integrated Authentication.
> 
> Everything works fine with the Visual Studio Development Server or IIS. But
> we wanted to switch to a Mono Server. And there the user's identity isn't
> available.  So authorization doesn't work.
> 
> As Mono aims to be platform independent this is understandable, but does
> anyone know how to get around this?
The best option, imho, is to use the forms authentication framework (unless you have a very
specific application which absolutely needs to use the Unix/Windows user database). You can take
advantage of the Membership and Role providers in your MVC application - implementations of them
exist for basically every RDBMS and also for LDAP, plain XML, plain text files (alas, Mono's
implementation of the ActiveDirectoryMembershipProvider is just a stub - patches welcome, of
course :D). If you can't find a provider that suits your needs, it's easy to create a custom one,
tailored to your environment.
If this is not desirable, you can easily roll out your own authentication provider using any
database (from LDAP/ActiveDirectory to any RDBMS) as the backend and just the forms authentication
ticket/cookie services to keep the user logged in.
If you wanted to authenticate users on Linux using their physical account credentials then things
will get a bit complicated. In order to be absolutely compatible with the multitude of ways to
authenticate users on Linux you'd have to use PAM and that would require either to grant your
application special rights or use a daemon to which the application would talk in order to
authenticate the users. If you want to keep your server/application users in one place and use the
same credentials on Linux, Windows and your MVC app, then I'd recommend looking at OpenLDAP to
implement your own directory server.

Hope that helps a bit,

marek

More information about the Mono-devel-list mailing list