RE: how to login a Windows domaine/user programaticaly in a Web Service ?

From: Bassel Tabbara [MSFT] (
Date: 03/27/03

From: (Bassel Tabbara [MSFT])
Date: Thu, 27 Mar 2003 00:54:13 GMT

Hello Philippe,
You need to authenticate the users against the Active Directory. To
accomplish this you need to use
LdapAuthentication.IsAuthenticated method and passes in the credentials
that are collected from the user.
Then, a DirectoryEntry object is created with the path to the directory
tree, the user name, and the password.
The user name must be in the "domain\username" format. The DirectoryEntry
object then tries to force the AdsObject
binding by obtaining the NativeObject property. If this succeeds, the CN
attribute for the user is obtained by creating a
DirectorySearcher object and by filtering on the SAMAccountName. After the
user is authenticated, the IsAuthenticated
method returns true.

Moreover you need to use impersonation by setting <identity
impersonate="true" /> configuration element.
This causes ASP.NET to impersonate the account that is configured as the
anonymous account from Microsoft Internet
Information Services (IIS). As a result of this configuration, all
requests to this application run under the security context
of the configured account. The user provides credentials to authenticate
against the Active Directory, but the account that
accesses the Active Directory is the configured account.

For a complete explanation of this with the sample code, please refer to
the following Kb article:
326340 HOW TO: Authenticate against the Active Directory by Using Forms

If you have any questions regarding this, please feel free to post them.

Bassel Tabbara
Microsoft, ASP.NET

This posting is provided "AS IS", with no warranties, and confers no rights.

| Reply-To: "Philippe" <>
| From: "Philippe" <>
| Subject: how to login a Windows domaine/user programaticaly in a Web
Service ?
| Date: Wed, 26 Mar 2003 16:35:51 +0100
| Lines: 11
| Organization: NSI
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
| Message-ID: <eH3ro268CHA.2272@TK2MSFTNGP12.phx.gbl>
| Newsgroups:
| NNTP-Posting-Host:
| Path: cpmsftngxa06!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
| Xref: cpmsftngxa06
| X-Tomcat-NG:
| Hi,
| I have a WebService written in c#.
| In this Web Service, i have a WebMethod that receive 3 params (user,
| password and domain).
| I want to check the validity of these datas by trying a logon
| (programaticaly) on a NT Domain.
| Which method can i use ? How can i do ?
| Any help will be appreciated.

Relevant Pages

  • Problem with Creating Content Sites (Active Directory) - RTF(ine)M!!
    ... I am deploying Windows Sharepoint Services to an Active Directory ... Configuration with Remote SQL and found that I was experiencing some issues. ... Make sure that each account you use (i.e. sharepoint_admin and ... Administrators, Process Administrators, and Database Creators. ...
  • Re: How to setup authentication across domains within a forest?
    ... forest, regardless of their location. ... DCs for the domain ... Windows 2003 Server Deployment Guide (Active Directory ... >> authentication db and users authenticate to the ...
  • Re: Searching child OUs for authentication
    ... On Mon, 26 Feb 2007, Bliss, Aaron wrote: ... authenticate against Active Directory; the following configuration works ...
  • Re: Forms Authentication non-persistent cookie not expiring after closing the browser
    ... If you authenticate against the Active Directory, why not host your solution under intergrated security? ... I use non-persistent cookie so ... that the user is NOT remembered across browser sessions. ...
  • Re: Problems with Digest Authentication
    ... Active Directory will store a copy of their password ... > told to store the passwords using reversible encryption, ... > Digest/Advanced digest auth. ... > installing the webserver, I can't authenticate. ...