I have an ASP.NET Core application using Identity. It is an intranet application and I am requiring all users be authenticated using Windows Authentication, which uses Kerberos.
I want to have the system be seamless for the user, so that when they access the page and they are not signed in but are authenticated, they are automatically signed in using their
User.Identity.Name which corresponds to their Identiy Username which I first check to see if exists with
If it does exist, I sign them in using the
SignInManager. If it doesn't exist, I create a new user in the Identity store and then sign that user in.
Is this assuming too much? is this potentially going to come back and bite me, or is this perfectly acceptable? Most examples I see exist with user credentials being transmitted to sign the user in to Active Directory.