By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
428,742 Members | 1,570 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 428,742 IT Pros & Developers. It's quick & easy.

Authenticate against Active Directory

P: n/a
Jon
I am modifying an app for a customer in ASP.Net 1.1. The app is running on a
server outside their network, yet they want to authenticate users against
their internal active directory set up (they will open the necessary ports).

So, I have a simple login page with username and password, and then I will
authenticate that credentials entered against their AD server. I am having a
real hard time figuring this out. We can't use Windows Forms Auth, so I need
to do it all manually in code.

On the System.DirectoryServices namespace I can't find what methods I need
to connect to their AD using SSL and then to authenticate the user. I've
found a lot online using Forms Auth and ADAM, but nothing has really fit
what I'm doing.

Could anyone point me to a tutorial or outline what methods, etc I need to
use to accomplish this?

Thank you so much!
Jon

Jun 27 '08 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Hi Jon,

I did AD authentication in one of my page in ASP.NET 2.0 , you can
find same in 1.1

/// <summary>
/// This will get user list.
/// </summary>
protected bool GetSearchUserData()
{
try
{
//Bind Search UserList grid as per user entered

string loginName = txtSULoginName.Text;
string firstName = txtSUFirstName.Text;
string lastName = txtSULastName.Text;

string ActiveDirectoryServer =
Convert.ToString(ConfigurationManager.AppSettings["ActiveDirectoryServer"]);

// User that can access domain user details
string ADUserName =
Convert.ToString(ConfigurationManager.AppSettings["ADUserName"]);
string ADUserPassword =
Convert.ToString(ConfigurationManager.AppSettings["ADUserPassword"]);

DirectoryEntry entry = new
DirectoryEntry(ActiveDirectoryServer, ADUserName, ADUserPassword);
DirectorySearcher ds = new DirectorySearcher(entry);

ds.Filter = "(&(objectClass=user)(objectClass=person))";
if (loginName != "")
{
ds.Filter = ds.Filter.Remove(ds.Filter.Length - 1, 1);
ds.Filter += "(sAMAccountName=" + loginName.Trim() +
"*))";
}
if (firstName != "")
{
ds.Filter = ds.Filter.Remove(ds.Filter.Length - 1, 1);
ds.Filter += "(givenName=" + firstName.Trim() + "*))";
}
if (lastName != "")
{
ds.Filter = ds.Filter.Remove(ds.Filter.Length - 1, 1);
ds.Filter += "(sn=" + lastName.Trim() + "*))";
}

dtSearchUserList.Columns.Clear();
dtSearchUserList.Columns.Add(new DataColumn("LoginName",
typeof(string)));
dtSearchUserList.Columns.Add(new DataColumn("FirstName",
typeof(string)));
dtSearchUserList.Columns.Add(new DataColumn("LastName",
typeof(string)));

foreach (SearchResult sr in ds.FindAll())
{
DataRow row = dtSearchUserList.NewRow();
string name = sr.Properties["Name"][0].ToString();
string firstname = "";
string lastname = "";

if (name.Length == 0)
{
firstname = "";
lastname = "";
}
else if (name.IndexOf(",") != -1)
{
iActualLength = name.Length;
iLength = name.IndexOf(",") + 2;

if (iActualLength < iLength)
{
firstname = "";
lastname = name;
}
else
{
firstname = name.Substring(name.IndexOf(",") +
2);
lastname = name.Substring(0,
name.IndexOf(","));
}
}
else if (name.IndexOf(" ") != -1)
{
iActualLength = name.Length;
iLength = name.IndexOf(" ") + 1;

if (iActualLength < iLength)
{
firstname = "";
lastname = name;
}
else
{
lastname = name.Substring(name.IndexOf(" ") +
1);
firstname = name.Substring(0, name.IndexOf("
"));
}
}
else
{
firstname = "";
lastname = name;
}
row["FirstName"] = firstname.Replace("'", "");
row["LastName"] = lastname.Replace("'", "");
row["LoginName"] = sr.Properties["SamAccountName"]
[0].ToString();
dtSearchUserList.Rows.Add(row);
}

if (dtSearchUserList != null &&
dtSearchUserList.Rows.Count 0)
{
dtSearchUserList.DefaultView.Sort = "LoginName ASC,
FirstName ASC, LastName ASC";
dgADUserList.DataSource = dtSearchUserList;
dgADUserList.DataBind();
blSUSearchSucess = true;
lblSUErrorText.Text = "";
}
else
{
dtSearchUserList.Columns.Clear();
dtSearchUserList.Columns.Add(new DataColumn("Select",
typeof(string)));
dtSearchUserList.Columns.Add(new
DataColumn("LoginName", typeof(string)));
dtSearchUserList.Columns.Add(new
DataColumn("FirstName", typeof(string)));
dtSearchUserList.Columns.Add(new
DataColumn("LastName", typeof(string)));
dgADUserList.DataSource = dtSearchUserList;
dgADUserList.DataBind();
lblSUErrorText.Text = ErrorLog.GetText("NoUsers");
blSUSearchSucess = false;
}
}
catch (Exception ex)
{
blSUSearchSucess = false;
TraceSUError.Log("\nAn error occurred while fetching user
details.\nException occurred : " + ex.Message);
strURL = "ErrorPage.aspx?strErrPageName=SearchUsers.asp x";
Response.Redirect(strURL, false);
}

return blSUSearchSucess;
}

Also you can check login user details,

IIdentity WinId = HttpContext.Current.User.Identity;
WindowsIdentity wi = (WindowsIdentity)WinId;

strDCHLoginID = wi.Name.Split('\\')[1];
hidDHLoginID.Value = wi.Name.Split('\\')
[1];

if (ValidLoginUserData(strDCHLoginID)) //check user is
present in Database

Regards,
Abhijit B

On May 7, 12:59*pm, "Jon" <rosenb...@mainstreams.comwrote:
I am modifying an app for a customer in ASP.Net 1.1. The app is running ona
server outside their network, yet they want to authenticate users against
their internal active directory set up (they will open the necessary ports).

So, I have a simple login page with username and password, and then I will
authenticate that credentials entered against their AD server. I am havinga
real hard time figuring this out. We can't use Windows Forms Auth, so I need
to do it all manually in code.

On the System.DirectoryServices namespace I can't find what methods I need
to connect to their AD using SSL and then to authenticate the user. I've
found a lot online using Forms Auth and ADAM, but nothing has really fit
what I'm doing.

Could anyone point me to a tutorial or outline what methods, etc I need to
use to accomplish this?

Thank you so much!
Jon
Jun 27 '08 #2

P: n/a
Jon
Thank you! I will try this and see if I can get it working. Two questions -
the AppSettings AD user and pass - do those need to be for the domain admin?
Second, the ActiveDirectoryServer variable - would that just be the windows
machine name of the AD server or a full domain name, etc?

Thanks, again
Jon

"ABHIJIT B" <ab***************@gmail.comwrote in message
news:4f**********************************@e53g2000 hsa.googlegroups.com...
Hi Jon,

I did AD authentication in one of my page in ASP.NET 2.0 , you can
find same in 1.1

/// <summary>
/// This will get user list.
/// </summary>
protected bool GetSearchUserData()
{
try
{
//Bind Search UserList grid as per user entered

string loginName = txtSULoginName.Text;
string firstName = txtSUFirstName.Text;
string lastName = txtSULastName.Text;

string ActiveDirectoryServer =
Convert.ToString(ConfigurationManager.AppSettings["ActiveDirectoryServer"]);

// User that can access domain user details
string ADUserName =
Convert.ToString(ConfigurationManager.AppSettings["ADUserName"]);
string ADUserPassword =
Convert.ToString(ConfigurationManager.AppSettings["ADUserPassword"]);

DirectoryEntry entry = new
DirectoryEntry(ActiveDirectoryServer, ADUserName, ADUserPassword);
DirectorySearcher ds = new DirectorySearcher(entry);

ds.Filter = "(&(objectClass=user)(objectClass=person))";
if (loginName != "")
{
ds.Filter = ds.Filter.Remove(ds.Filter.Length - 1, 1);
ds.Filter += "(sAMAccountName=" + loginName.Trim() +
"*))";
}
if (firstName != "")
{
ds.Filter = ds.Filter.Remove(ds.Filter.Length - 1, 1);
ds.Filter += "(givenName=" + firstName.Trim() + "*))";
}
if (lastName != "")
{
ds.Filter = ds.Filter.Remove(ds.Filter.Length - 1, 1);
ds.Filter += "(sn=" + lastName.Trim() + "*))";
}

dtSearchUserList.Columns.Clear();
dtSearchUserList.Columns.Add(new DataColumn("LoginName",
typeof(string)));
dtSearchUserList.Columns.Add(new DataColumn("FirstName",
typeof(string)));
dtSearchUserList.Columns.Add(new DataColumn("LastName",
typeof(string)));

foreach (SearchResult sr in ds.FindAll())
{
DataRow row = dtSearchUserList.NewRow();
string name = sr.Properties["Name"][0].ToString();
string firstname = "";
string lastname = "";

if (name.Length == 0)
{
firstname = "";
lastname = "";
}
else if (name.IndexOf(",") != -1)
{
iActualLength = name.Length;
iLength = name.IndexOf(",") + 2;

if (iActualLength < iLength)
{
firstname = "";
lastname = name;
}
else
{
firstname = name.Substring(name.IndexOf(",") +
2);
lastname = name.Substring(0,
name.IndexOf(","));
}
}
else if (name.IndexOf(" ") != -1)
{
iActualLength = name.Length;
iLength = name.IndexOf(" ") + 1;

if (iActualLength < iLength)
{
firstname = "";
lastname = name;
}
else
{
lastname = name.Substring(name.IndexOf(" ") +
1);
firstname = name.Substring(0, name.IndexOf("
"));
}
}
else
{
firstname = "";
lastname = name;
}
row["FirstName"] = firstname.Replace("'", "");
row["LastName"] = lastname.Replace("'", "");
row["LoginName"] = sr.Properties["SamAccountName"]
[0].ToString();
dtSearchUserList.Rows.Add(row);
}

if (dtSearchUserList != null &&
dtSearchUserList.Rows.Count 0)
{
dtSearchUserList.DefaultView.Sort = "LoginName ASC,
FirstName ASC, LastName ASC";
dgADUserList.DataSource = dtSearchUserList;
dgADUserList.DataBind();
blSUSearchSucess = true;
lblSUErrorText.Text = "";
}
else
{
dtSearchUserList.Columns.Clear();
dtSearchUserList.Columns.Add(new DataColumn("Select",
typeof(string)));
dtSearchUserList.Columns.Add(new
DataColumn("LoginName", typeof(string)));
dtSearchUserList.Columns.Add(new
DataColumn("FirstName", typeof(string)));
dtSearchUserList.Columns.Add(new
DataColumn("LastName", typeof(string)));
dgADUserList.DataSource = dtSearchUserList;
dgADUserList.DataBind();
lblSUErrorText.Text = ErrorLog.GetText("NoUsers");
blSUSearchSucess = false;
}
}
catch (Exception ex)
{
blSUSearchSucess = false;
TraceSUError.Log("\nAn error occurred while fetching user
details.\nException occurred : " + ex.Message);
strURL = "ErrorPage.aspx?strErrPageName=SearchUsers.asp x";
Response.Redirect(strURL, false);
}

return blSUSearchSucess;
}

Also you can check login user details,

IIdentity WinId = HttpContext.Current.User.Identity;
WindowsIdentity wi = (WindowsIdentity)WinId;

strDCHLoginID = wi.Name.Split('\\')[1];
hidDHLoginID.Value = wi.Name.Split('\\')
[1];

if (ValidLoginUserData(strDCHLoginID)) //check user is
present in Database

Regards,
Abhijit B

On May 7, 12:59 pm, "Jon" <rosenb...@mainstreams.comwrote:
I am modifying an app for a customer in ASP.Net 1.1. The app is running on
a
server outside their network, yet they want to authenticate users against
their internal active directory set up (they will open the necessary
ports).

So, I have a simple login page with username and password, and then I will
authenticate that credentials entered against their AD server. I am having
a
real hard time figuring this out. We can't use Windows Forms Auth, so I
need
to do it all manually in code.

On the System.DirectoryServices namespace I can't find what methods I need
to connect to their AD using SSL and then to authenticate the user. I've
found a lot online using Forms Auth and ADAM, but nothing has really fit
what I'm doing.

Could anyone point me to a tutorial or outline what methods, etc I need to
use to accomplish this?

Thank you so much!
Jon
Jun 27 '08 #3

P: n/a
Hi Jon,

Two questions -
the AppSettings AD user and pass - do those need to be for the domain
admin?

It can be any user who can access all user details present in your
domain(e.g. firstname, lastname, email, loginid etc.).
If your site is hosted in QA/Production environment I suggest to have
Admin user credentials.

Second, the ActiveDirectoryServer variable - would that just be the
windows
machine name of the AD server or a full domain name, etc?

ActiveDirectoryServer is domainname

In Web.Config you can mention for example :-

<add key="ActiveDirectoryServer" value="LDAP://xyznet.org" />
domainname
<add key="ADUserName" value="xyz\jon" /domainname\username or
simply username
<add key="ADUserPassword" value="password" />

Regards,
Abhijit B

On May 8, 7:49*am, "Jon" <rosenb...@mainstreams.comwrote:
Thank you! I will try this and see if I can get it working. Two questions -
the AppSettings AD user and pass - do those need to be for the domain admin?
Second, the ActiveDirectoryServer variable - would that just be the windows
machine name of the AD server or a full domain name, etc?

Thanks, again
Jon

"ABHIJIT B" <abhijitbavdhan...@gmail.comwrote in message

news:4f**********************************@e53g2000 hsa.googlegroups.com...
Hi Jon,

I did AD authentication in one of my page in ASP.NET 2.0 , you can
find same in 1.1

/// <summary>
* * /// This will get user list.
* * /// </summary>
* * protected bool GetSearchUserData()
* * {
* * * * try
* * * * {
* * * * * * //Bind Search UserList grid *as per user entered

* * * * * * string loginName = txtSULoginName.Text;
* * * * * * string firstName = txtSUFirstName.Text;
* * * * * * string lastName = txtSULastName.Text;

* * * * * * string ActiveDirectoryServer =
Convert.ToString(ConfigurationManager.AppSettings["ActiveDirectoryServer"])*;

* * * * * *// User that can access domain user details
* * * * * * string ADUserName =
Convert.ToString(ConfigurationManager.AppSettings["ADUserName"]);
* * * * * * string ADUserPassword =
Convert.ToString(ConfigurationManager.AppSettings["ADUserPassword"]);

* * * * * * DirectoryEntry entry = new
DirectoryEntry(ActiveDirectoryServer, ADUserName, ADUserPassword);
* * * * * * DirectorySearcher ds = new DirectorySearcher(entry);

* * * * * * ds.Filter = "(&(objectClass=user)(objectClass=person))";
* * * * * * if (loginName != "")
* * * * * * {
* * * * * * * * ds.Filter = ds.Filter.Remove(ds.Filter.Length - 1, 1);
* * * * * * * * ds.Filter += "(sAMAccountName=" + loginName.Trim() +
"*))";
* * * * * * }
* * * * * * if (firstName != "")
* * * * * * {
* * * * * * * * ds.Filter = ds.Filter.Remove(ds.Filter.Length - 1, 1);
* * * * * * * * ds.Filter += "(givenName=" + firstName..Trim() + "*))";
* * * * * * }
* * * * * * if (lastName != "")
* * * * * * {
* * * * * * * * ds.Filter = ds.Filter.Remove(ds.Filter.Length - 1, 1);
* * * * * * * * ds.Filter += "(sn=" + lastName.Trim() + "*))";
* * * * * * }

* * * * * * dtSearchUserList.Columns.Clear();
* * * * * * dtSearchUserList.Columns.Add(new DataColumn("LoginName",
typeof(string)));
* * * * * * dtSearchUserList.Columns.Add(new DataColumn("FirstName",
typeof(string)));
* * * * * * dtSearchUserList.Columns.Add(new DataColumn("LastName",
typeof(string)));

* * * * * * foreach (SearchResult sr in ds.FindAll())
* * * * * * {
* * * * * * * * DataRow row = dtSearchUserList.NewRow();
* * * * * * * * string name = sr.Properties["Name"][0].ToString();
* * * * * * * * string firstname = "";
* * * * * * * * string lastname = "";

* * * * * * * * if (name.Length == 0)
* * * * * * * * {
* * * * * * * * * * firstname = "";
* * * * * * * * * * lastname = "";
* * * * * * * * }
* * * * * * * * else if (name.IndexOf(",") != -1)
* * * * * * * * {
* * * * * * * * * * iActualLength = name.Length;
* * * * * * * * * * iLength = name.IndexOf(",") + 2;

* * * * * * * * * * if (iActualLength < iLength)
* * * * * * * * * * {
* * * * * * * * * * * * firstname = "";
* * * * * * * * * * * * lastname = name;
* * * * * * * * * * }
* * * * * * * * * * else
* * * * * * * * * * {
* * * * * * * * * * * * firstname = name.Substring(name.IndexOf(",") +
2);
* * * * * * * * * * * * lastname = name.Substring(0,
name.IndexOf(","));
* * * * * * * * * * }
* * * * * * * * }
* * * * * * * * else if (name.IndexOf(" ") != -1)
* * * * * * * * {
* * * * * * * * * * iActualLength = name.Length;
* * * * * * * * * * iLength = name.IndexOf(" ") + 1;

* * * * * * * * * * if (iActualLength < iLength)
* * * * * * * * * * {
* * * * * * * * * * * * firstname = "";
* * * * * * * * * * * * lastname = name;
* * * * * * * * * * }
* * * * * * * * * * else
* * * * * * * * * * {
* * * * * * * * * * * * lastname = name.Substring(name.IndexOf(" ") +
1);
* * * * * * * * * * * * firstname = name.Substring(0, name.IndexOf("
"));
* * * * * * * * * * }
* * * * * * * * }
* * * * * * * * else
* * * * * * * * {
* * * * * * * * * * firstname = "";
* * * * * * * * * * lastname = name;
* * * * * * * * }
* * * * * * * * row["FirstName"] = firstname.Replace("'", "");
* * * * * * * * row["LastName"] = lastname.Replace("'", "");
* * * * * * * * row["LoginName"] = sr.Properties["SamAccountName"]
[0].ToString();
* * * * * * * * dtSearchUserList.Rows.Add(row);
* * * * * * }

* * * * * * if (dtSearchUserList != null &&
dtSearchUserList.Rows.Count 0)
* * * * * * {
* * * * * * * * dtSearchUserList.DefaultView.Sort = "LoginName ASC,
FirstName ASC, LastName ASC";
* * * * * * * * dgADUserList.DataSource = dtSearchUserList;
* * * * * * * * dgADUserList.DataBind();
* * * * * * * * blSUSearchSucess = true;
* * * * * * * * lblSUErrorText.Text = "";
* * * * * * }
* * * * * * else
* * * * * * {
* * * * * * * * dtSearchUserList.Columns.Clear();
* * * * * * * * dtSearchUserList.Columns.Add(new DataColumn("Select",
typeof(string)));
* * * * * * * * dtSearchUserList.Columns.Add(new
DataColumn("LoginName", typeof(string)));
* * * * * * * * dtSearchUserList.Columns.Add(new
DataColumn("FirstName", typeof(string)));
* * * * * * * * dtSearchUserList.Columns.Add(new
DataColumn("LastName", typeof(string)));
* * * * * * * * dgADUserList.DataSource = dtSearchUserList;
* * * * * * * * dgADUserList.DataBind();
* * * * * * * * lblSUErrorText.Text = ErrorLog.GetText("NoUsers");
* * * * * * * * blSUSearchSucess = false;
* * * * * * }
* * * * }
* * * * catch (Exception ex)
* * * * {
* * * * * * blSUSearchSucess = false;
* * * * * * TraceSUError.Log("\nAn error occurred while fetching user
details.\nException occurred : " + ex.Message);
* * * * * * strURL = "ErrorPage.aspx?strErrPageName=SearchUsers.asp x";
* * * * * * Response.Redirect(strURL, false);
* * * * }

* * * * return blSUSearchSucess;
* * }

Also you can check login user details,

IIdentity WinId = HttpContext.Current.User.Identity;
* * * * * * * * WindowsIdentity wi = (WindowsIdentity)WinId;

* * * * * * * * strDCHLoginID = wi.Name.Split('\\')[1];
* * * * * * * * hidDHLoginID.Value = wi.Name.Split('\\')
[1];

* * * * * * * * if (ValidLoginUserData(strDCHLoginID)) //check user is
present in Database

Regards,
Abhijit B

On May 7, 12:59 pm, "Jon" <rosenb...@mainstreams.comwrote:
I am modifying an app for a customer in ASP.Net 1.1. The app is running on
a
server outside their network, yet they want to authenticate users against
their internal active directory set up (they will open the necessary
ports).
So, I have a simple login page with username and password, and then I will
authenticate that credentials entered against their AD server. I am having
a
real hard time figuring this out. We can't use Windows Forms Auth, so I
need
to do it all manually in code.
On the System.DirectoryServices namespace I can't find what methods I need
to connect to their AD using SSL and then to authenticate the user. I've
found a lot online using Forms Auth and ADAM, but nothing has really fit
what I'm doing.
Could anyone point me to a tutorial or outline what methods, etc I need to
use to accomplish this?
Thank you so much!
Jon- Hide quoted text -

- Show quoted text -
Jun 27 '08 #4

P: n/a
If all you want to do is authenticate the userid/password against AD,
here is a very simple solution:

String ldapPath=
Convert.ToString( ConfigurationManager.AppSettings["ActiveDirectoryServer"] );
String domainAndUsername = String.Format( "{0}\\{1}", domainName,
userName); // values from login page
try
{
// Authenticate the userName/password against an LDAP server
System.DirectoryServices.DirectoryEntry dirEntry = new
System.DirectoryServices.DirectoryEntry( ldapPath, domainAndUsername,
password );
Object obj = dirEntry.NativeObject; // bind to the native object to
force authentication
}
catch(Exception ex)
{
return false;
}
return true;
As Abhijit B mentions, the format of the ldapPath is: "LDAP://
<hostname>".
This technique does not require an admin account.

- Andy
Jun 27 '08 #5

This discussion thread is closed

Replies have been disabled for this discussion.