An AspnetCore middleware for NTLM auth on Posix
- Samba and Winbind installed
- Samba joined to AD
- Winbindd service running
- ntlm_auth accessible on PATH
- Samba Winbind Client libraries (include PrimarySid claim and GroupSid claims)
Configuration of Samba/Winbind is out of scope of this readme (and its quite beyond me).
This library will return a ClaimsPrinciple with a ClaimsIdentity.
The ClaimsIdentity will have the following claims:
- ClaimTypes.Name
- ClaimTypes.PrimarySid (Optional requires libwbclient)
- ClaimTypes.GroupSid (Optional requires libwbclient)
**Note, we only return GroupSid for user's direct membership. We do not recursively search for user's group membership yet.
You can instead use an IClaimsTransformation to search LDAP for group memberships recursively.
using ArtsTech.AspnetCore.Authentication.Ntlm;
var builder = WebApplication.CreateBuilder(args);
builder.Services
.AddRazorPages()
.AddAuthentication(NtlmDefaults.AuthenticationScheme)
.AddNtlm();
builder.Services.AddAuthorization();
var app = builder.Build();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.MapRazorPages();
app.Run();