Windows Integrated Authentication with Mono

You are right, this will not work the way you expect it since that particular configuration of the Web.config is handled by IIS on windows.

I will describe two alternatives.

1- apache mod_auth_kerb

You can put your application behind an apache proxy that uses mod_auth_kerb. The setup is very complicated the first time. You have to generate a keytab file with a service account from a windows machine joined to the domain and then copy it to the linux machine.

This is an example configuration:

ProxyPass        / http://localhost:9005/ #your backendProxyPassReverse / http://localhost:9005/ #your backendProxyPreserveHost On## Rewrite rulesRewriteEngine OnRewriteCond %{LA-U:REMOTE_USER} (.+)RewriteRule . - [E=RU:%1]## Request header rules## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheaderRequestHeader set X-Forwarded-User %{RU}e<Location />   AuthName "Kerberos Login"   AuthType Kerberos   Krb5Keytab /path/to your keytab/HTTP.keytab   KrbAuthRealm DOMAIN.LOC   KrbMethodNegotiate on   KrbSaveCredentials off   KrbVerifyKDC off   KrbServiceName HTTP/YOURAPP.AD2008R2.LOC   Require valid-user</Location> 

This will proxy to your application and it will just append an extra header X-Forwarded-User with the username.

Then, if you need the full profile you will have to query active directory using .Net classes.

2- using an authentication broker

There are few authentication brokers that support this scenario and abstract you from the configuration.

Disclaimer: I work for Auth0

The setup with Auth0 is; your application see Auth0 as an OAuth identity provider, and on Auth0 you configure the connection to AD. The setup of AD, requires to deploy an msi to a server joined to the domain.