要在Linux上使用Active Directory进行身份验证，你可以按照以下步骤进行操作：

1. 创建一个新的ASP.NET Core 3.1项目：

   dotnet new webapp -n ADAuthExample
   cd ADAuthExample
   

2. 添加所需的NuGet包：

   dotnet add package Microsoft.AspNetCore.Authentication.ActiveDirectory
   

3. 在appsettings.json文件中添加必要的配置信息，包括Active Directory的域名、LDAP连接字符串以及要进行身份验证的用户组：

   {
     "ActiveDirectory": {
       "Domain": "your-domain.com",
       "LdapConnection": "ldap://your-domain.com",
       "UserGroup": "CN=YourGroupName,OU=YourOrganizationUnit,DC=your-domain,DC=com"
     },
     "Logging": {
       "LogLevel": {
         "Default": "Information",
         "Microsoft": "Warning",
         "Microsoft.Hosting.Lifetime": "Information"
       }
     }
   }
   

4. 在Startup.cs文件中配置身份验证服务：

   using Microsoft.AspNetCore.Authentication.ActiveDirectory;
   
   public void ConfigureServices(IServiceCollection services)
   {
       services.AddAuthentication(IISDefaults.AuthenticationScheme);
   }
   
   public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
   {
       app.UseAuthentication();
       app.UseAuthorization();
   }
   

5. 创建一个自定义的身份验证处理程序，用于验证用户的身份和授权：

   using Microsoft.AspNetCore.Authentication;
   using Microsoft.AspNetCore.Authentication.ActiveDirectory;
   using Microsoft.Extensions.Configuration;
   using Microsoft.Extensions.Options;
   using System.Security.Claims;
   using System.Text.Encodings.Web;
   using System.Threading.Tasks;
   
   public class ActiveDirectoryAuthenticationHandler : AuthenticationHandler
   {
       private readonly IConfiguration _configuration;
   
       public ActiveDirectoryAuthenticationHandler(
           IOptionsMonitor options,
           ILoggerFactory logger,
           UrlEncoder encoder,
           ISystemClock clock,
           IConfiguration configuration)
           : base(options, logger, encoder, clock)
       {
           _configuration = configuration;
       }
   
       protected override async Task HandleAuthenticateAsync()
       {
           var domain = _configuration["ActiveDirectory:Domain"];
           var ldapConnection = _configuration["ActiveDirectory:LdapConnection"];
           var userGroup = _configuration["ActiveDirectory:UserGroup"];
   
           // 在此处编写身份验证逻辑，例如使用LDAP绑定验证
   
           var claims = new[]
           {
               new Claim(ClaimTypes.Name, "username"),
               new Claim(ClaimTypes.Email, "email@example.com"),
               // 添加其他所需的声明
           };
   
           var identity = new ClaimsIdentity(claims, Scheme.Name);
           var principal = new ClaimsPrincipal(identity);
           var ticket = new AuthenticationTicket(principal, Scheme.Name);
   
           return await Task.FromResult(AuthenticateResult.Success(ticket));
       }
   }
   

6. 在Startup.cs文件中使用自定义的身份验证处理程序：

   using Microsoft.AspNetCore.Authentication.ActiveDirectory;
   
   public void ConfigureServices(IServiceCollection services)
   {
       services.AddAuthentication(options =>
       {
           options.DefaultAuthenticateScheme = ActiveDirectoryAuthenticationDefaults.AuthenticationScheme;
           options.DefaultChallengeScheme = ActiveDirectoryAuthenticationDefaults.AuthenticationScheme;
       })
       .AddScheme(ActiveDirectoryAuthenticationDefaults.AuthenticationScheme, options =>
       {
           options.Domain = Configuration["ActiveDirectory:Domain"];
           options.LdapConnectionPath = Configuration["ActiveDirectory:LdapConnection"];
           options.UserGroup = Configuration["ActiveDirectory:UserGroup"];
       });
   }
   

7. 在需要进行身份验证的控制器或操作方法中添加[Authorize]特性：

   [Authorize]
   public class HomeController : Controller
   {
       // ...
   }
   

现在你已经完成了在Linux上使用Active Directory进行身份验证的配置。在进行身份验证时，将使用自定义的身份验证处理程序来验证用户的身份和授权。你可以在HandleAuthenticateAsync方法中编写适合你的身份验证逻辑，例如使用LDAP绑定验证。根据验证结果，你可以创建一个包含所需声明的ClaimsIdentity对象，并使用它来创建AuthenticationTicket对象，然后返回AuthenticateResult.Success(ticket)。