Authenticate against Active Directory

TheMSsForum.com: The Microsoft Software Forum

I am modifying an app for a customer in ASP.Net 1.1. The app is running on a
server outside their network, yet they want to authenticate users against
their internal active directory set up (they will open the necessary ports).

So, I have a simple login page with username and password, and then I will
authenticate that credentials entered against their AD server. I am having a
real hard time figuring this out. We can't use Windows Forms Auth, so I need
to do it all manually in code.

On the System.DirectoryServices namespace I can't find what methods I need
to connect to their AD using SSL and then to authenticate the user. I've
found a lot online using Forms Auth and ADAM, but nothing has really fit
what I'm doing.

Could anyone point me to a tutorial or outline what methods, etc I need to
use to accomplish this?

Thank you so much!
Jon
Top

Re: Authenticate against Active Directory by ABHIJIT

ABHIJIT
Wed May 07 14:31:18 CDT 2008

Hi Jon,

I did AD authentication in one of my page in ASP.NET 2.0 , you can
find same in 1.1

/// <summary>
/// This will get user list.
/// </summary>
protected bool GetSearchUserData()
{
try
{
//Bind Search UserList grid as per user entered

string loginName =3D txtSULoginName.Text;
string firstName =3D txtSUFirstName.Text;
string lastName =3D txtSULastName.Text;

string ActiveDirectoryServer =3D
Convert.ToString(ConfigurationManager.AppSettings["ActiveDirectoryServer"]);=


// User that can access domain user details
string ADUserName =3D
Convert.ToString(ConfigurationManager.AppSettings["ADUserName"]);
string ADUserPassword =3D
Convert.ToString(ConfigurationManager.AppSettings["ADUserPassword"]);

DirectoryEntry entry =3D new
DirectoryEntry(ActiveDirectoryServer, ADUserName, ADUserPassword);
DirectorySearcher ds =3D new DirectorySearcher(entry);

ds.Filter =3D "(&(objectClass=3Duser)(objectClass=3Dperson))";
if (loginName !=3D "")
{
ds.Filter =3D ds.Filter.Remove(ds.Filter.Length - 1, 1);
ds.Filter +=3D "(sAMAccountName=3D" + loginName.Trim() +
"*))";
}
if (firstName !=3D "")
{
ds.Filter =3D ds.Filter.Remove(ds.Filter.Length - 1, 1);
ds.Filter +=3D "(givenName=3D" + firstName.Trim() + "*))";
}
if (lastName !=3D "")
{
ds.Filter =3D ds.Filter.Remove(ds.Filter.Length - 1, 1);
ds.Filter +=3D "(sn=3D" + lastName.Trim() + "*))";
}

dtSearchUserList.Columns.Clear();
dtSearchUserList.Columns.Add(new DataColumn("LoginName",
typeof(string)));
dtSearchUserList.Columns.Add(new DataColumn("FirstName",
typeof(string)));
dtSearchUserList.Columns.Add(new DataColumn("LastName",
typeof(string)));

foreach (SearchResult sr in ds.FindAll())
{
DataRow row =3D dtSearchUserList.NewRow();
string name =3D sr.Properties["Name"][0].ToString();
string firstname =3D "";
string lastname =3D "";

if (name.Length =3D=3D 0)
{
firstname =3D "";
lastname =3D "";
}
else if (name.IndexOf(",") !=3D -1)
{
iActualLength =3D name.Length;
iLength =3D name.IndexOf(",") + 2;

if (iActualLength < iLength)
{
firstname =3D "";
lastname =3D name;
}
else
{
firstname =3D name.Substring(name.IndexOf(",") +
2);
lastname =3D name.Substring(0,
name.IndexOf(","));
}
}
else if (name.IndexOf(" ") !=3D -1)
{
iActualLength =3D name.Length;
iLength =3D name.IndexOf(" ") + 1;

if (iActualLength < iLength)
{
firstname =3D "";
lastname =3D name;
}
else
{
lastname =3D name.Substring(name.IndexOf(" ") +
1);
firstname =3D name.Substring(0, name.IndexOf("
"));
}
}
else
{
firstname =3D "";
lastname =3D name;
}
row["FirstName"] =3D firstname.Replace("'", "");
row["LastName"] =3D lastname.Replace("'", "");
row["LoginName"] =3D sr.Properties["SamAccountName"]
[0].ToString();
dtSearchUserList.Rows.Add(row);
}

if (dtSearchUserList !=3D null &&
dtSearchUserList.Rows.Count > 0)
{
dtSearchUserList.DefaultView.Sort =3D "LoginName ASC,
FirstName ASC, LastName ASC";
dgADUserList.DataSource =3D dtSearchUserList;
dgADUserList.DataBind();
blSUSearchSucess =3D true;
lblSUErrorText.Text =3D "";
}
else
{
dtSearchUserList.Columns.Clear();
dtSearchUserList.Columns.Add(new DataColumn("Select",
typeof(string)));
dtSearchUserList.Columns.Add(new
DataColumn("LoginName", typeof(string)));
dtSearchUserList.Columns.Add(new
DataColumn("FirstName", typeof(string)));
dtSearchUserList.Columns.Add(new
DataColumn("LastName", typeof(string)));
dgADUserList.DataSource =3D dtSearchUserList;
dgADUserList.DataBind();
lblSUErrorText.Text =3D ErrorLog.GetText("NoUsers");
blSUSearchSucess =3D false;
}
}
catch (Exception ex)
{
blSUSearchSucess =3D false;
TraceSUError.Log("\nAn error occurred while fetching user
details.\nException occurred : " + ex.Message);
strURL =3D "ErrorPage.aspx?strErrPageName=3DSearchUsers.aspx";
Response.Redirect(strURL, false);
}

return blSUSearchSucess;
}

Also you can check login user details,

IIdentity WinId =3D HttpContext.Current.User.Identity;
WindowsIdentity wi =3D (WindowsIdentity)WinId;

strDCHLoginID =3D wi.Name.Split('\\')[1];
hidDHLoginID.Value =3D wi.Name.Split('\\')
[1];

if (ValidLoginUserData(strDCHLoginID)) //check user is
present in Database

Regards,
Abhijit B

On May 7, 12:59=A0pm, "Jon" <rosenb...@mainstreams.com> wrote:
> I am modifying an app for a customer in ASP.Net 1.1. The app is running on=
a
> server outside their network, yet they want to authenticate users against
> their internal active directory set up (they will open the necessary ports=
).
>
> So, I have a simple login page with username and password, and then I will=

> authenticate that credentials entered against their AD server. I am having=
a
> real hard time figuring this out. We can't use Windows Forms Auth, so I ne=
ed
> to do it all manually in code.
>
> On the System.DirectoryServices namespace I can't find what methods I need=

> to connect to their AD using SSL and then to authenticate the user. I've
> found a lot online using Forms Auth and ADAM, but nothing has really fit
> what I'm doing.
>
> Could anyone point me to a tutorial or outline what methods, etc I need to=

> use to accomplish this?
>
> Thank you so much!
> Jon

Top

Re: Authenticate against Active Directory by Jon

Jon
Thu May 08 06:49:13 CDT 2008

Thank you! I will try this and see if I can get it working. Two questions -
the AppSettings AD user and pass - do those need to be for the domain admin?
Second, the ActiveDirectoryServer variable - would that just be the windows
machine name of the AD server or a full domain name, etc?

Thanks, again
Jon



"ABHIJIT B" <abhijitbavdhankar@gmail.com> wrote in message
news:4f07c019-1272-40f4-8ff3-3ca95b6bd586@e53g2000hsa.googlegroups.com...
Hi Jon,

I did AD authentication in one of my page in ASP.NET 2.0 , you can
find same in 1.1

/// <summary>
/// This will get user list.
/// </summary>
protected bool GetSearchUserData()
{
try
{
//Bind Search UserList grid as per user entered

string loginName = txtSULoginName.Text;
string firstName = txtSUFirstName.Text;
string lastName = txtSULastName.Text;

string ActiveDirectoryServer =
Convert.ToString(ConfigurationManager.AppSettings["ActiveDirectoryServer"]);

// User that can access domain user details
string ADUserName =
Convert.ToString(ConfigurationManager.AppSettings["ADUserName"]);
string ADUserPassword =
Convert.ToString(ConfigurationManager.AppSettings["ADUserPassword"]);

DirectoryEntry entry = new
DirectoryEntry(ActiveDirectoryServer, ADUserName, ADUserPassword);
DirectorySearcher ds = new DirectorySearcher(entry);

ds.Filter = "(&(objectClass=user)(objectClass=person))";
if (loginName != "")
{
ds.Filter = ds.Filter.Remove(ds.Filter.Length - 1, 1);
ds.Filter += "(sAMAccountName=" + loginName.Trim() +
"*))";
}
if (firstName != "")
{
ds.Filter = ds.Filter.Remove(ds.Filter.Length - 1, 1);
ds.Filter += "(givenName=" + firstName.Trim() + "*))";
}
if (lastName != "")
{
ds.Filter = ds.Filter.Remove(ds.Filter.Length - 1, 1);
ds.Filter += "(sn=" + lastName.Trim() + "*))";
}

dtSearchUserList.Columns.Clear();
dtSearchUserList.Columns.Add(new DataColumn("LoginName",
typeof(string)));
dtSearchUserList.Columns.Add(new DataColumn("FirstName",
typeof(string)));
dtSearchUserList.Columns.Add(new DataColumn("LastName",
typeof(string)));

foreach (SearchResult sr in ds.FindAll())
{
DataRow row = dtSearchUserList.NewRow();
string name = sr.Properties["Name"][0].ToString();
string firstname = "";
string lastname = "";

if (name.Length == 0)
{
firstname = "";
lastname = "";
}
else if (name.IndexOf(",") != -1)
{
iActualLength = name.Length;
iLength = name.IndexOf(",") + 2;

if (iActualLength < iLength)
{
firstname = "";
lastname = name;
}
else
{
firstname = name.Substring(name.IndexOf(",") +
2);
lastname = name.Substring(0,
name.IndexOf(","));
}
}
else if (name.IndexOf(" ") != -1)
{
iActualLength = name.Length;
iLength = name.IndexOf(" ") + 1;

if (iActualLength < iLength)
{
firstname = "";
lastname = name;
}
else
{
lastname = name.Substring(name.IndexOf(" ") +
1);
firstname = name.Substring(0, name.IndexOf("
"));
}
}
else
{
firstname = "";
lastname = name;
}
row["FirstName"] = firstname.Replace("'", "");
row["LastName"] = lastname.Replace("'", "");
row["LoginName"] = sr.Properties["SamAccountName"]
[0].ToString();
dtSearchUserList.Rows.Add(row);
}

if (dtSearchUserList != null &&
dtSearchUserList.Rows.Count > 0)
{
dtSearchUserList.DefaultView.Sort = "LoginName ASC,
FirstName ASC, LastName ASC";
dgADUserList.DataSource = dtSearchUserList;
dgADUserList.DataBind();
blSUSearchSucess = true;
lblSUErrorText.Text = "";
}
else
{
dtSearchUserList.Columns.Clear();
dtSearchUserList.Columns.Add(new DataColumn("Select",
typeof(string)));
dtSearchUserList.Columns.Add(new
DataColumn("LoginName", typeof(string)));
dtSearchUserList.Columns.Add(new
DataColumn("FirstName", typeof(string)));
dtSearchUserList.Columns.Add(new
DataColumn("LastName", typeof(string)));
dgADUserList.DataSource = dtSearchUserList;
dgADUserList.DataBind();
lblSUErrorText.Text = ErrorLog.GetText("NoUsers");
blSUSearchSucess = false;
}
}
catch (Exception ex)
{
blSUSearchSucess = false;
TraceSUError.Log("\nAn error occurred while fetching user
details.\nException occurred : " + ex.Message);
strURL = "ErrorPage.aspx?strErrPageName=SearchUsers.aspx";
Response.Redirect(strURL, false);
}

return blSUSearchSucess;
}

Also you can check login user details,

IIdentity WinId = HttpContext.Current.User.Identity;
WindowsIdentity wi = (WindowsIdentity)WinId;

strDCHLoginID = wi.Name.Split('\\')[1];
hidDHLoginID.Value = wi.Name.Split('\\')
[1];

if (ValidLoginUserData(strDCHLoginID)) //check user is
present in Database

Regards,
Abhijit B

On May 7, 12:59 pm, "Jon" <rosenb...@mainstreams.com> wrote:
> I am modifying an app for a customer in ASP.Net 1.1. The app is running on
> a
> server outside their network, yet they want to authenticate users against
> their internal active directory set up (they will open the necessary
> ports).
>
> So, I have a simple login page with username and password, and then I will
> authenticate that credentials entered against their AD server. I am having
> a
> real hard time figuring this out. We can't use Windows Forms Auth, so I
> need
> to do it all manually in code.
>
> On the System.DirectoryServices namespace I can't find what methods I need
> to connect to their AD using SSL and then to authenticate the user. I've
> found a lot online using Forms Auth and ADAM, but nothing has really fit
> what I'm doing.
>
> Could anyone point me to a tutorial or outline what methods, etc I need to
> use to accomplish this?
>
> Thank you so much!
> Jon

Top

Re: Authenticate against Active Directory by ABHIJIT

ABHIJIT
Thu May 08 11:50:40 CDT 2008

Hi Jon,

Two questions -
the AppSettings AD user and pass - do those need to be for the domain
admin?

It can be any user who can access all user details present in your
domain(e.g. firstname, lastname, email, loginid etc.).
If your site is hosted in QA/Production environment I suggest to have
Admin user credentials.

Second, the ActiveDirectoryServer variable - would that just be the
windows
machine name of the AD server or a full domain name, etc?

ActiveDirectoryServer is domainname

In Web.Config you can mention for example :-

<add key=3D"ActiveDirectoryServer" value=3D"LDAP://xyznet.org" />
domainname
<add key=3D"ADUserName" value=3D"xyz\jon" /> domainname\username or
simply username
<add key=3D"ADUserPassword" value=3D"password" />

Regards,
Abhijit B

On May 8, 7:49=A0am, "Jon" <rosenb...@mainstreams.com> wrote:
> Thank you! I will try this and see if I can get it working. Two questions =
-
> the AppSettings AD user and pass - do those need to be for the domain admi=
n?
> Second, the ActiveDirectoryServer variable - would that just be the window=
s
> machine name of the AD server or a full domain name, etc?
>
> Thanks, again
> Jon
>
> "ABHIJIT B" <abhijitbavdhan...@gmail.com> wrote in message
>
> news:4f07c019-1272-40f4-8ff3-3ca95b6bd586@e53g2000hsa.googlegroups.com...
> Hi Jon,
>
> I did AD authentication in one of my page in ASP.NET 2.0 , you can
> find same in 1.1
>
> /// <summary>
> =A0 =A0 /// This will get user list.
> =A0 =A0 /// </summary>
> =A0 =A0 protected bool GetSearchUserData()
> =A0 =A0 {
> =A0 =A0 =A0 =A0 try
> =A0 =A0 =A0 =A0 {
> =A0 =A0 =A0 =A0 =A0 =A0 //Bind Search UserList grid =A0as per user entered=

>
> =A0 =A0 =A0 =A0 =A0 =A0 string loginName =3D txtSULoginName.Text;
> =A0 =A0 =A0 =A0 =A0 =A0 string firstName =3D txtSUFirstName.Text;
> =A0 =A0 =A0 =A0 =A0 =A0 string lastName =3D txtSULastName.Text;
>
> =A0 =A0 =A0 =A0 =A0 =A0 string ActiveDirectoryServer =3D
> Convert.ToString(ConfigurationManager.AppSettings["ActiveDirectoryServer"]=
)=AD;
>
> =A0 =A0 =A0 =A0 =A0 =A0// User that can access domain user details
> =A0 =A0 =A0 =A0 =A0 =A0 string ADUserName =3D
> Convert.ToString(ConfigurationManager.AppSettings["ADUserName"]);
> =A0 =A0 =A0 =A0 =A0 =A0 string ADUserPassword =3D
> Convert.ToString(ConfigurationManager.AppSettings["ADUserPassword"]);
>
> =A0 =A0 =A0 =A0 =A0 =A0 DirectoryEntry entry =3D new
> DirectoryEntry(ActiveDirectoryServer, ADUserName, ADUserPassword);
> =A0 =A0 =A0 =A0 =A0 =A0 DirectorySearcher ds =3D new DirectorySearcher(ent=
ry);
>
> =A0 =A0 =A0 =A0 =A0 =A0 ds.Filter =3D "(&(objectClass=3Duser)(objectClass=
=3Dperson))";
> =A0 =A0 =A0 =A0 =A0 =A0 if (loginName !=3D "")
> =A0 =A0 =A0 =A0 =A0 =A0 {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 ds.Filter =3D ds.Filter.Remove(ds.Filter.L=
ength - 1, 1);
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 ds.Filter +=3D "(sAMAccountName=3D" + logi=
nName.Trim() +
> "*))";
> =A0 =A0 =A0 =A0 =A0 =A0 }
> =A0 =A0 =A0 =A0 =A0 =A0 if (firstName !=3D "")
> =A0 =A0 =A0 =A0 =A0 =A0 {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 ds.Filter =3D ds.Filter.Remove(ds.Filter.L=
ength - 1, 1);
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 ds.Filter +=3D "(givenName=3D" + firstName=
.Trim() + "*))";
> =A0 =A0 =A0 =A0 =A0 =A0 }
> =A0 =A0 =A0 =A0 =A0 =A0 if (lastName !=3D "")
> =A0 =A0 =A0 =A0 =A0 =A0 {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 ds.Filter =3D ds.Filter.Remove(ds.Filter.L=
ength - 1, 1);
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 ds.Filter +=3D "(sn=3D" + lastName.Trim() =
+ "*))";
> =A0 =A0 =A0 =A0 =A0 =A0 }
>
> =A0 =A0 =A0 =A0 =A0 =A0 dtSearchUserList.Columns.Clear();
> =A0 =A0 =A0 =A0 =A0 =A0 dtSearchUserList.Columns.Add(new DataColumn("Login=
Name",
> typeof(string)));
> =A0 =A0 =A0 =A0 =A0 =A0 dtSearchUserList.Columns.Add(new DataColumn("First=
Name",
> typeof(string)));
> =A0 =A0 =A0 =A0 =A0 =A0 dtSearchUserList.Columns.Add(new DataColumn("LastN=
ame",
> typeof(string)));
>
> =A0 =A0 =A0 =A0 =A0 =A0 foreach (SearchResult sr in ds.FindAll())
> =A0 =A0 =A0 =A0 =A0 =A0 {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 DataRow row =3D dtSearchUserList.NewRow();=

> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 string name =3D sr.Properties["Name"][0].T=
oString();
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 string firstname =3D "";
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 string lastname =3D "";
>
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 if (name.Length =3D=3D 0)
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 firstname =3D "";
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 lastname =3D "";
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 }
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 else if (name.IndexOf(",") !=3D -1)
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 iActualLength =3D name.Length;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 iLength =3D name.IndexOf(",") + 2;=

>
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 if (iActualLength < iLength)
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 firstname =3D "";
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 lastname =3D name;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 }
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 else
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 firstname =3D name.Substri=
ng(name.IndexOf(",") +
> 2);
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 lastname =3D name.Substrin=
g(0,
> name.IndexOf(","));
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 }
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 }
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 else if (name.IndexOf(" ") !=3D -1)
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 iActualLength =3D name.Length;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 iLength =3D name.IndexOf(" ") + 1;=

>
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 if (iActualLength < iLength)
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 firstname =3D "";
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 lastname =3D name;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 }
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 else
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 lastname =3D name.Substrin=
g(name.IndexOf(" ") +
> 1);
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 firstname =3D name.Substri=
ng(0, name.IndexOf("
> "));
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 }
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 }
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 else
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 firstname =3D "";
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 lastname =3D name;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 }
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 row["FirstName"] =3D firstname.Replace("'"=
, "");
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 row["LastName"] =3D lastname.Replace("'", =
"");
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 row["LoginName"] =3D sr.Properties["SamAcc=
ountName"]
> [0].ToString();
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 dtSearchUserList.Rows.Add(row);
> =A0 =A0 =A0 =A0 =A0 =A0 }
>
> =A0 =A0 =A0 =A0 =A0 =A0 if (dtSearchUserList !=3D null &&
> dtSearchUserList.Rows.Count > 0)
> =A0 =A0 =A0 =A0 =A0 =A0 {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 dtSearchUserList.DefaultView.Sort =3D "Log=
inName ASC,
> FirstName ASC, LastName ASC";
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 dgADUserList.DataSource =3D dtSearchUserLi=
st;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 dgADUserList.DataBind();
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 blSUSearchSucess =3D true;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 lblSUErrorText.Text =3D "";
> =A0 =A0 =A0 =A0 =A0 =A0 }
> =A0 =A0 =A0 =A0 =A0 =A0 else
> =A0 =A0 =A0 =A0 =A0 =A0 {
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 dtSearchUserList.Columns.Clear();
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 dtSearchUserList.Columns.Add(new DataColum=
n("Select",
> typeof(string)));
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 dtSearchUserList.Columns.Add(new
> DataColumn("LoginName", typeof(string)));
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 dtSearchUserList.Columns.Add(new
> DataColumn("FirstName", typeof(string)));
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 dtSearchUserList.Columns.Add(new
> DataColumn("LastName", typeof(string)));
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 dgADUserList.DataSource =3D dtSearchUserLi=
st;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 dgADUserList.DataBind();
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 lblSUErrorText.Text =3D ErrorLog.GetText("=
NoUsers");
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 blSUSearchSucess =3D false;
> =A0 =A0 =A0 =A0 =A0 =A0 }
> =A0 =A0 =A0 =A0 }
> =A0 =A0 =A0 =A0 catch (Exception ex)
> =A0 =A0 =A0 =A0 {
> =A0 =A0 =A0 =A0 =A0 =A0 blSUSearchSucess =3D false;
> =A0 =A0 =A0 =A0 =A0 =A0 TraceSUError.Log("\nAn error occurred while fetchi=
ng user
> details.\nException occurred : " + ex.Message);
> =A0 =A0 =A0 =A0 =A0 =A0 strURL =3D "ErrorPage.aspx?strErrPageName=3DSearch=
Users.aspx";
> =A0 =A0 =A0 =A0 =A0 =A0 Response.Redirect(strURL, false);
> =A0 =A0 =A0 =A0 }
>
> =A0 =A0 =A0 =A0 return blSUSearchSucess;
> =A0 =A0 }
>
> Also you can check login user details,
>
> IIdentity WinId =3D HttpContext.Current.User.Identity;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 WindowsIdentity wi =3D (WindowsIdentity)Wi=
nId;
>
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 strDCHLoginID =3D wi.Name.Split('\\')[1];
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 hidDHLoginID.Value =3D wi.Name.Split('\\')=

> [1];
>
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 if (ValidLoginUserData(strDCHLoginID)) //c=
heck user is
> present in Database
>
> Regards,
> Abhijit B
>
> On May 7, 12:59 pm, "Jon" <rosenb...@mainstreams.com> wrote:
>
>
>
> > I am modifying an app for a customer in ASP.Net 1.1. The app is running =
on
> > a
> > server outside their network, yet they want to authenticate users agains=
t
> > their internal active directory set up (they will open the necessary
> > ports).
>
> > So, I have a simple login page with username and password, and then I wi=
ll
> > authenticate that credentials entered against their AD server. I am havi=
ng
> > a
> > real hard time figuring this out. We can't use Windows Forms Auth, so I
> > need
> > to do it all manually in code.
>
> > On the System.DirectoryServices namespace I can't find what methods I ne=
ed
> > to connect to their AD using SSL and then to authenticate the user. I've=

> > found a lot online using Forms Auth and ADAM, but nothing has really fit=

> > what I'm doing.
>
> > Could anyone point me to a tutorial or outline what methods, etc I need =
to
> > use to accomplish this?
>
> > Thank you so much!
> > Jon- Hide quoted text -
>
> - Show quoted text -

Top

Re: Authenticate against Active Directory by Andy

Andy
Tue May 13 11:54:33 CDT 2008

If all you want to do is authenticate the userid/password against AD,
here is a very simple solution:

String ldapPath=
Convert.ToString( ConfigurationManager.AppSettings["ActiveDirectoryServer"] );
String domainAndUsername = String.Format( "{0}\\{1}", domainName,
userName); // values from login page
try
{
// Authenticate the userName/password against an LDAP server
System.DirectoryServices.DirectoryEntry dirEntry = new
System.DirectoryServices.DirectoryEntry( ldapPath, domainAndUsername,
password );
Object obj = dirEntry.NativeObject; // bind to the native object to
force authentication
}
catch(Exception ex)
{
return false;
}
return true;


As Abhijit B mentions, the format of the ldapPath is: "LDAP://
<hostname>".
This technique does not require an admin account.

- Andy


Top