Re: Forms Auth with AD Native Mode

• Previous message: Michael Gaillez: "Re: Forms Auth with AD Native Mode"
• In reply to: Michael Gaillez: "Re: Forms Auth with AD Native Mode"
• Next in thread: Michael Gaillez: "Re: Forms Auth with AD Native Mode"
• Reply: Michael Gaillez: "Re: Forms Auth with AD Native Mode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 19 Sep 2003 23:02:54 -0700

Michael,
Here's some test code, it's gonna be very similar to the code in the article
I mentioned in my first post, with some tweaks.

Here's the bulk of my LDAPAuthentication class. I excluded the GetGroups
method, and also put in comments, the values of some stuff I'm pulling out
of web.config.

  #region Constructor

  #region LDAPAuthentication
  public LDAPAuthentication() {}
  #endregion

  #region LDAPAuthentication(string path)
  public LDAPAuthentication(string path) { _path = path; }
  #endregion

  #endregion

  private string _path;
  private string _filterattribute;

  #region bool IsAuthenticated
  public bool IsAuthenticated(
   string Domain,
   string UserName,
   string Password)
  {
   // Credentials should be in the form Domain\UserName
   string DomainUserName = Domain + @"\" + UserName;

   // Create an Active Directory object
   DirectoryEntry oDE = new DirectoryEntry(
    _path, // LDAP://ELRW.com/DC=ELRW,DC=com
    DomainUserName, // User
    Password, // Password
    AuthenticationTypes.Secure); // Authentication Type

   try
   {
    // Get the native ADSI object
    Object oNativeObject = oDE.NativeObject;
    // Perform query against Active Directory
    DirectorySearcher oDS = new DirectorySearcher(oDE);

    // Set LDAP filter string
    oDS.Filter = "(SAMAccountName=" + UserName + ")";
    // Set the Properties retrieved during the search
    oDS.PropertiesToLoad.Add("cn");

    // Execute the search and only return the first entry
    SearchResult oSR = oDS.FindOne();
    // Check if any search results came back
    if (null == oSR) return false;

    // Set _path to the path of the search results
    _path = oSR.Path;
    // Set _filterattribute to the properties retrieved during the search
    _filterattribute = (string)oSR.Properties["cn"][0];
   }
   catch (Exception)
   {
    return false;
   }

   return true;
  }
  #endregion

Here's the method in my Login page which called the IsAuthenticated method
of LDAPAuthentication

  #region LoginUser
  private void LoginUser()
  {
   // Retrieve LDAP Connect String and Domain Name
    // LDAP://ELRW.com/DC=ELRW,DC=com
   string sADPath =
ConfigurationSettings.AppSettings["LDAPConnectString"].ToString();
    // ELRW
   string sDomain =
ConfigurationSettings.AppSettings["DomainName"].ToString();

   // Instance of LdapAuthentication class
   LDAPAuthentication oLdapAuth = new LDAPAuthentication(sADPath);

   try
   {
    if (true == oLdapAuth.IsAuthenticated(sDomain, txtUserName.Value.Trim(),
txtPassword.Value.Trim()))
    {
     // Retrieve a list of AD Groups the User is a Member of
     string sGroups = oLdapAuth.GetGroups();

     // Create the User's FormsAuthenticationTicket
     FormsAuthenticationTicket oAuthTicket = new FormsAuthenticationTicket(
      1, // Version
      txtUserName.Value.Trim(), // Name
      DateTime.Now, // Date Issued
      DateTime.Now.AddHours(8), // Expiration Date --> 8 Hours
      true, // Persistence
      sGroups); // UserData --> Group Membership

     // Encrypt the FormsAuthenticationTicket
     string sTicket = FormsAuthentication.Encrypt(oAuthTicket);

     // Create the auth cookie for the User
     HttpCookie oCookie = new
HttpCookie(FormsAuthentication.FormsCookieName, sTicket);
     oCookie.Expires = DateTime.Now.AddHours(8);

     // Add the cookie to the collection
     Response.Cookies.Add(oCookie);

     // Create User Sessions
     CreateUserSessions(txtUserName.Value.Trim());

     // Redirect the User

Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Value.Trim(
), false));
    }
    else
    {
     divLoginError.Visible = true;
     lblLogin.Text = "* Sorry, you entered incorrect login credentials,
please try again. *";
    }
   }
   catch (Exception ex)
   {
    throw (ex);
   }
  }
  #endregion

When I was testing trying to authenticate with mixed mode, I removed the
code that was adding the domain + "\" to my username.
I stuck a regex validator on my login screen to make sure the username came
in the format username@domain.com,

so, the new DirectoryEntry line woulda looked like this:

   DirectoryEntry oDE = new DirectoryEntry(
    LDAP://ELRW.com/DC=ELRW,DC=com,
    gdurzi@ELRW.COM
    "mypassword",
    AuthenticationTypes.Secure);

Thanks for your help!!

"Michael Gaillez" <michael.gaillez@howest.be> wrote in message
news:eluH51wfDHA.1820@TK2MSFTNGP10.phx.gbl...
>
> "George Durzi" <gdurzi@nospam_hotmail.com> wrote in message
> news:eTEZPcvfDHA.560@tk2msftngp13.phx.gbl...
> > Michael,
> > I tried that but it doesn't work. We have our AD set to use Mixed Mode,
> > could that be why ?
>
> My test-server here is mixed-mode as well so I guess that isn't the
problem.
>
> could you show me some code to see what exactly you are doing? I would be
> glad to help you out by testing it over here...
>
> the only relevant article I could find on it so far was this (but if it is
> helpfull is yet another story):
>
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/entserver/POP3_concept_understand_authentAD.asp
>
> greets
>
> Michael
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.520 / Virus Database: 318 - Release Date: 19/09/2003
>
>

• Previous message: Michael Gaillez: "Re: Forms Auth with AD Native Mode"
• In reply to: Michael Gaillez: "Re: Forms Auth with AD Native Mode"
• Next in thread: Michael Gaillez: "Re: Forms Auth with AD Native Mode"
• Reply: Michael Gaillez: "Re: Forms Auth with AD Native Mode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]