User and Role management with local Active Directory users

May 13, 2015 at 2:15 PM

I've managed to extend my ASP.NET based authentication mechanism on my MVC application by following the steps outlined in this article:

Instead of working with users that are just local and stored in a database, I'd now like to work with users in active directory (the application is an intranet application.. so no azure AD authentication using). So, creating a user would be more akin to making an ldap search on the machine's domain and picking one - and then there's the bit I'm unsure about... just adding that user to the db would mean local authentication again which I don't want. Basically the ASPNetUsers table should just contain whatever information is necessary to identify the user in AD. And my account controller would still do the usual role assignment stuff I already have in place, plus additional permissions that is specific to my application.

Is there a sample anywhere that shows how to go about doing this? I want to use identity just to assign roles to AD users - the users should be authenticated via the local domain, but their roles should be managed locally (there's some additional permission management that I can't really integrated into active directory.. the fine grained permission system I'm thinking about would quickly escalate to managing hundreds if not thousands of security groups in AD, and thus become unmanageable).