does active directory on a .net core kentico site register as the same ad user in the CMS for authen

If you set the security check to all pages then Kentico expects all pages do have some ACLs set. If a permission is not set, it is the same as deny permission. "Better safe than sorry"

our AD users all have a common role, so I used that role and set permissions to allow access to read but it still shows up as no permissions. It does this with the my AD user that has both the role I gave the permission to, as well as being a global admin.

Does the .net core site know that the user logged in is the same user that permissions are set up for in the admin. It doesn't appear to be connected by default. If an AD users visits the .net core site they are not automatically added to the users the way they are added when they visit the admin of the site.

I thought you are using the same authentication for both front end as well as backend - I mean that the user also exists in Kentico admin app/database.
From your description is not clear w2hat is the actual setup, what are the ACLs set and how are you checking them in the front end app code. Please, provide a full and detailed description.

I am using the same authentication for the front end and the back end. They both use windows authentication (just AD, no mixed mode or anything). The back end works as it did in older versions of Kentico, when a new users hits the back end they are added to the user list.

I am not doing anything to check in the front end, I assume this is where I have gone wrong. I do have the site settings to Check permissions for all pages. In doing this the front end doesn't show for anyone, even global admins.

the best way to describe it is, I am authenticating the AD user on the front end, but it is not connecting to the same AD users that sign into the back end. I don't even seem to be hitting any of the page controllers I have create the site just jumps to the no access page.

Also, if this helps at all, when viewing page content in the admin it all shows.

in the documentation for k12 there is this,

"For sites built using the MVC development model, the Windows authentication approach described on this page is not compatible with the Kentico membership functionality based on ASP.NET Identity (as described in Integrating Kentico membership). In MVC-based projects, Windows authentication can only be configured for the Kentico administration application."

What purpose does having a different authentication in the admin then the live site? If I am assigning AD users and roles to the page level security, but it doesn't do anything on the live site, what is the point?

The quote from documentation means that you cannot use the same configuration on the MVC app. In this case for the MVC app it is considered as a custom authentication. Now, it is more clear to me what is going on. You have two apps - both are using the same "identity provider". But the thing is, that the applications act separately and independently on each other. The MVC app is checking the user in the AD and not in Kentico. And you have the ACLs and permissions set in Kentico's DB. So, the MVC app has no idea about the permissions, since they are obviously not in the AD.
So, you will need to configure your MVC app e.g. to authenticate against Kentico and get the users from Kentico to apply the ACLs set in Kentico. Or, use some fully custom code where it will be hardcoded who has access where.