[ACCEPTED]-Active Directory Authentication with .NET Core Web API and React-ldap

Accepted answer
Score: 10

For me, step one was to set up JWT authentication, such as described in this MSDN blog post.

Next, I had to 18 find a library to use to check a user against Active Directory. I chose System.DirectoryServices.AccountManagement (available for .NET Core).

Now, I had 17 to create a new controller with an [AllowAnonymous]attribute. I called it LoginController, and 16 created an action that looked like the following:

    // Notice: We get a custom request object from the body
    public async Task<IActionResult> Login([FromBody] AuthRequest request)
            // Create a context that will allow you to connect to your Domain Controller
            using (var adContext = new PrincipalContext(ContextType.Domain, "mydomain.com"))
                    var result = adContext.ValidateCredentials(request.username, request.password);
                    if (result)
                        // Create a list of claims that we will add to the token. 
                        // This is how you can control authorization.
                        var claims = new[]
                            // Get the user's Name (this can be whatever claims you wish)
                            new Claim(ClaimTypes.Name, request.username)

                        // Read our custom key string into a a usable key object 
                        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration.GetSection("SOME_TOKEN").Value));
                        // create some signing credentials using out key
                        var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

                        // create a JWT 
                        var token = new JwtSecurityToken(
                            issuer: "mydomain.com",
                            audience: "mydomain.com",
                            claims: claims, // the claims listed above
                            expires: DateTime.Now.AddMinutes(30), // how long you wish the token to be active for
                            signingCredentials: creds);

                        Since we return an IActionResult, wrap the token inside of a status code 200 (OK)
                        return Ok(new
                            token = new JwtSecurityTokenHandler().WriteToken(token)
        // if we haven't returned by now, something went wrong and the user is not authorized
        return Unauthorized();

The 15 AuthRequest object could look something like this:

    public class AuthRequest
        public string username { get; set; }
        public string password { get; set; }

Now, in 14 my React app, all I have to do is make a simple fetch request to the 13 LoginController with the user's username & password 12 that I can get from a login form. The result 11 will be a JWT I can save to state (But should 10 save to cookies: the react-cookie library makes that trivial).

        fetch(`login`, {
            method: "POST",
            headers: {
                'content-type': 'application/json',
                'accept': 'application/json',
            body: JSON.stringify({this.state.username, this.state.password})
        }).then((response) => {
            if (response.status === 401) {
                // handle the 401 gracefully if this user is not authorized
            else {
                // we got a 200 and a valid token
                response.json().then(({ token }) => {
                    // handle saving the token to state/a cookie

You 9 now have the ability to add the [Authorize] attribute 8 to any of your controllers in your .NET 7 Core application, and make a fetch request to it while passing your JWT from 6 your React client, like this:

await fetch(`someController/someAction`, 
      method: 'GET'
      headers: {
          'content-type': 'application/json',
          'authorization': `Bearer ${YOUR_JWT}`
  .then(response => doSomething());

If you wanted 5 to use this JWT with a SignalR Hub, add the [Authorize] attribute to your Hub in your 4 .NET Core project. Then, In your React client, when 3 you instantiate the connection to your hub:

import * as signalR from '@aspnet/signalr';

var connection = new signalR.HubConnectionBuilder().withUrl('myHub', { accessTokenFactory: () => YOUR_JWT })

And, viola! A 2 .NET Core React application capable of authorized 1 real-time communication!

More Related questions