Re: Authentication against active directory

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 07/25/04 

Date: Sat, 24 Jul 2004 18:33:45 -0500

Have you considered using the classes in System.DirectoryServices for
accessing AD in .NET? It is much more straightforward.

Generally, when people authenticate users to AD using LDAP, they will do a
bind to AD using the DirectoryEntry class. The code might look like this:

        'Imports System.DirectoryServices
 'Imports System.Runtime.InteropServices
 'Imports System.Globalization

 Public Function AuthenticateUser(ByVal userName As String, ByVal password
As String, ByVal domain As String, ByVal server As String) As Boolean

            If userName Is Nothing OrElse userName.Length = 0 Then Throw New
ArgumentNullException("userName")
            If password Is Nothing OrElse password.Length = 0 Then Throw New
ArgumentNullException("password")
            If domain Is Nothing OrElse domain.Length = 0 Then Throw New
ArgumentNullException("domain")
     If server Is Nothing OrElse server.Length = 0 Then Throw New
ArgumentNullException("server")

            Dim ntLogonName As String
            Dim entry As DirectoryEntry

            ntLogonName = String.Format(CultureInfo.InvariantCulture,
"{0}\{1}", domain, userName)

           entry = New DirectoryEntry( _
               String.Format( _
                  CultureInfo.InvariantCulture, _
                  "LDAP://{0}/rootDSE", server), _
                  ntLogonName, _
                  password, _
                  AuthenticationTypes.Secure _
                  )

           Try
               Dim bindTest As Object
        bindTest entry.NativeObject 'this forces the bind to AD
               Return True

           Catch ex As COMException
               If ex.ErrorCode = &H8007052E Then 'COM error code for "Bad
username or password"
     Return False
        Else
     Throw 'if the problem wasn't bad credentials, then we there is
something else wrong here
        End If
           Finally
               entry.Dispose()
           End Try

        End Function

You need to add a reference to System.DirectoryServices as well.

The DirectorySearcher class is also much more straightforward to use for
searching AD.

HTH,

Joe K.
"Jon Delano" <jd31068@hotmail.com> wrote in message
news:KLVLc.145291$JR4.109063@attbi_s54...
> Hello
>
> I am developing a ASP.NET site (using VB).
> I found some code that allows me to authenticate the user trying to access
> the site against the active directory server for the company.
>
> What is happening is some users authenticate and others do not ... but
they
> are all a part of the domain.
> The web server the site is running on is part of the domain (else no user
> would authenticate)
>
> Here is the code I use to authenticate the users :
>
> ' use the OLEDB provider to access the ADS Object, this allows for
> simple SQL Query for the user.
> Dim cn As New OleDb.OleDbConnection("provider=ADsDSOObject;User
ID="
> & txtUserName.Text & ";Password=" & txtPassword.Text)
> Dim cmd As New OleDb.OleDbCommand("Select GivenName, sn from
> 'LDAP://[domain is here]' where samAccountName='" & txtUserName.Text &
"'",
> cn)
> Dim dtrdr As OleDb.OleDbDataReader
>
> Try
> cn.Open()
>
> dtrdr = cmd.ExecuteReader
> If dtrdr.Read = True Then
> ' user authenticated against active directory
> Session.Add("UserFirstName", dtrdr("GivenName"))
> Session.Add("UserLastName", dtrdr("sn"))
> UserIsPhysician()
>
> If Session("PhysicianID") = -1 Then Exit Sub
>
> Server.Transfer("patientlist.aspx")
> Else
> Label1.Text = "Unable to access user data."
> End If
> dtrdr.Close()
>
> Catch ex As Exception
> Dim exMsg As String
> If InStr(ex.Message, "PERMISSION") > 0 Then
> exMsg = ""
> Else
> exMsg = ex.Message
> End If
> Label1.Text = "Invalid Username or Password. " & exMsg
> End Try
>
> cmd = Nothing
> dtrdr = Nothing
> cn.Close()
> cn = Nothing
>
> I can't understand why some users will work fine and others just won't.
>
> If anyone can offer any ideas ... it would be greatly appreicated.
>
> Thank you
> Jon
>
>

Relevant Pages

  • Re: Smartcard authentication in a multi-tier application
    ... side where the user enters the username and password and on the server ... implementation as we need the domain username and password of the PIN- ... since SC authentication on the Windows client results in a Kerberos ... ticket which can then be used to authenticate to the server. ...
    (microsoft.public.platformsdk.security)
  • Re: Please Help me- Creating Custom tokens
    ... authorized each time he accesses a web method. ... the CustomTokenManager will authenticate the user ... whenever he sees the Username Token. ... So in that case the server ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Web service, forms authentication and DefaultCredentials
    ... collected by the client application and passed to the webservice. ... authenticate the users and possibly implement a single sign on. ... I can easily extend the existing model where I collect the username / ... password pass it to the server construct a NetworkCredentials object on the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Authentication with IE
    ... When I am prompted to log into the site, I enter my username and password. ... It then returns back with the local server as the prefix as opposed to the ... permissions prompts for authenticaton). ... I want the users to authenticate against foo.com, ...
    (microsoft.public.inetserver.iis.security)
  • Re: AD forms authentication
    ... > I am trying to authenticate to ad using this how-to ... > I know that the server is being contacted and that the username is being ... > suspect the permissions in W2k3 are not letting the program access the ...
    (microsoft.public.dotnet.framework.aspnet.security)