I have an asp.net application which I use to provide REST endpoints. For web and Mobile client apps, I manually collect the username and password and use this to authenticate/authorize and then return a token to be used for the rest of the requests.
I now have a windows service, where I would like it to be able to automatically be able to somehow send the active directory username/password for whichever account it is running, and I would then have my service validate this.
In other words, I want to use Windows authentication for application such as services running on the same domain as the asp.net REST service, but be able to just "manually" send them for other clients, that may not be on either the same domain or even running on Windows. Ie mixing both Windows and token based authentication.
As I can only configure for one of the other, I was hoping to setup for the token based security, and somehow be able to do the active directory authentication myself.
E.g. in my asp.net service security middleware, I might have something like...
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "mydomain"))
{
// validate the credentials
bool isValid = pc.ValidateCredentials(context.UserName, context.Password);I have been trying for a long time to come up with some mixed mode solution here, and nothing I have found as of yet works, so was hoping to somehow be able to do it something like the above. At the moment I need to run two instances of the asp.net service (one with Windows authentication enabled, and the other with Windows authentication disabled, and the token based security enabled), and I am getting negative feedback from both mycolleague and clients for having to have two instances to do this.
Is the above possible, or is there some other way of doing what I describe above?
Thanks in advance for any help!