473,320 Members | 1,821 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

FYI: Easy way to validate AD credentials on win2k using c#

I tried to find a way to validate user credentials using C#, searching google and lots of other news and kb sites left me without a solution.

You can use a SSPI but it's that easy to implement so I found a simple way and here it is:

using System.DirectoryServices;

public bool Win2kCredentialsIsValid(string domain, string username, string password)
{
bool validLogin = false;
string adPath = "LDAP://" + domain + "/rootDSE";
DirectoryEntry adRoot = new DirecotryEntry(adPath, domain + "\\" + username, password, AuthenticationTypes.ReadonlyServer);
try
{
object o = adRoot.Properties["defaultNamingContext"]
}
catch
{
return false;
}
return true;
}

Calling the function will return true if the credentials are valid otherwise false.

Example: bool isValid = Win2kCredentialsIsValid("mydomain", "myuser", "mypassword");

I found if you do not use "domain\username" in the username parameter of the DirectoryEntry constructor you will only be able to validate local user accounts. This means if machine you are testing on is a Directory Server you will only be able to validate the administrator username and password.

So the function can only validate domain credentials with is what i need :)

I hope some of you can use this :)

Regards

Steffen Balslev
Nov 16 '05 #1
2 7549
May I kindly ask for your opinion about the similar topic as for
"Subject: Programmatically reading of Password Policy info 7/15/2004 1:22 AM PST"
Thanks.
Pietro Moras

"Steffen Balslev" wrote:
I tried to find a way to validate user credentials using C#, searching google and lots of other news and kb sites left me without a solution.

You can use a SSPI but it's that easy to implement so I found a simple way and here it is:

using System.DirectoryServices;

public bool Win2kCredentialsIsValid(string domain, string username, string password)
{
bool validLogin = false;
string adPath = "LDAP://" + domain + "/rootDSE";
DirectoryEntry adRoot = new DirecotryEntry(adPath, domain + "\\" + username, password, AuthenticationTypes.ReadonlyServer);
try
{
object o = adRoot.Properties["defaultNamingContext"]
}
catch
{
return false;
}
return true;
}

Calling the function will return true if the credentials are valid otherwise false.

Example: bool isValid = Win2kCredentialsIsValid("mydomain", "myuser", "mypassword");

I found if you do not use "domain\username" in the username parameter of the DirectoryEntry constructor you will only be able to validate local user accounts. This means if machine you are testing on is a Directory Server you will only be able to validate the administrator username and password.

So the function can only validate domain credentials with is what i need :)

I hope some of you can use this :)

Regards

Steffen Balslev

Nov 16 '05 #2
Using this to validate account credentials has some serious drawbacks, why? Here are the most obvious...

1. This way, You are not only authenticating a domain account, but you are also doing an implicit authorization check, that is, you are reading properties from the AD using an impersonation token. What if the otherwise valid account has no rights to read from the AD?
I know, per default all users have read access, but domain policies can be set to disable access permissions for restricted accounts (and or groups).
2. Binding against the AD has a serious overhead, the AD schema cache has to be loaded at the client (ADSI cache in the ADSI provider used by DirectoryServices), this is both, network and AD server resource consuming, and is IMO too expensive for a simple operation like authenticating a user account.

Willy.
"Steffen Balslev" <st*****@spamfighter.com> wrote in message news:e8*************@TK2MSFTNGP12.phx.gbl...
I tried to find a way to validate user credentials using C#, searching google and lots of other news and kb sites left me without a solution.

You can use a SSPI but it's that easy to implement so I found a simple way and here it is:

using System.DirectoryServices;

public bool Win2kCredentialsIsValid(string domain, string username, string password)
{
bool validLogin = false;
string adPath = "LDAP://" + domain + "/rootDSE";
DirectoryEntry adRoot = new DirecotryEntry(adPath, domain + "\\" + username, password, AuthenticationTypes.ReadonlyServer);
try
{
object o = adRoot.Properties["defaultNamingContext"]
}
catch
{
return false;
}
return true;
}

Calling the function will return true if the credentials are valid otherwise false.

Example: bool isValid = Win2kCredentialsIsValid("mydomain", "myuser", "mypassword");

I found if you do not use "domain\username" in the username parameter of the DirectoryEntry constructor you will only be able to validate local user accounts. This means if machine you are testing on is a Directory Server you will only be able to validate the administrator username and password.

So the function can only validate domain credentials with is what i need :)

I hope some of you can use this :)

Regards

Steffen Balslev
Nov 16 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: Paul Steele | last post by:
I'm writing a C# program that needs to validate an Active Directory username/password? The program will be running on a workstation that is not part of the domain. It doesn't have to do anything...
0
by: Markus7 | last post by:
How can I validate resx files? They are part of Visual Studio projects and contain an inline Schema (see below). I am trying to find out why projects created on XP computers won't compile on Win2K...
2
by: bbxrider | last post by:
win2k adv server/ iis5.0/vb6.0/ado and/or odbc connections on client machine i have an mdb on win2k adv server machine and want internet read/write to it from both a non-windows, red hat, webserver...
2
by: Michael Hogan | last post by:
We are an architectural firm, and we would like to integrate a secure area with a username and password on our web site that would allow our clients to view progress information pertinent to their...
1
by: Gavin Jacobs | last post by:
I have built an ASP.NET application which has <impersonate = true> in the WEB.CONFIG file. I have verified that the impersonation appears to be working because the user.identity changes when I...
0
by: theintrepidfox | last post by:
Dear Group I came accross a very annoying behaviour of Visual Studio, giving me six hours of headache till I found the solution. This post is mainly for fellow developers for reference as it...
3
by: Wild Wind | last post by:
Hello, I have an application which calls a web service across the Internet from a client machine. The site that I have deployed the application to is such that to browse the Internet using a...
2
by: daniel.boorn | last post by:
Form validation using JavaScript has never been as easy and simple! We have developed a free generic form validation script that can validate any form with very little JavaScript required in form!...
3
by: Jay-nospam | last post by:
Hi there, I am having trouble getting an ASP.NET web application to connect to another computer and passing the proper credentials and I hope someone can help me. I have a stand-alone Windows...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.