Authenticate user against active directory

"fomalhaut" <na**********@n athanmanzi.comw rote in message
news:11******** **************@ m58g2000cwm.goo glegroups.com.. .

Hi All,

I'm builing an application that requires domain admin access to run,
and I'm trying to allow for the application to be run as a normal user
and allow the user to provide it with a username/password that has the
access.

I have a method that will check if the username/password is correct,
however, it will only authenticate the user running the program...

Here's the method:

public static bool validatePasswor d(string adUserName, string
adPassword)
{
DirectoryEntry de = new DirectoryEntry( null, "WDE" +
"\\" + adUserName, adPassword);
try
{
object o = de.NativeObject ;
DirectorySearch er ds = new DirectorySearch er(de);
ds.Filter = "samaccountname =" + adUserName;
ds.PropertiesTo Load.Add("cn");
SearchResult sr = ds.FindOne();
if (sr == null) throw new Exception();
return true;
}
catch
{
return false;
}
}

If I check the username/password of the person that is running the
application, it works fine. If I provide any other username/password,
it fails in the "object o = de.NativeObject ;".

Any ideas as to why it's happening?

Cheers,
Nathan Manzi

start by a change of your catch clause into:

catch(System.Ru ntime.InteropSe rvices.COMExcep tion ex)
{
Console.WriteLi ne(ex);
return false;
}

and it will tell you why, however, there are other things wrong with your code.

This aside, you should not use this to authenticate a windows user, AD is not an
authentication service.
Use Win32 "LogonUser" or better use the SSPI in V2 of the framework . Following is a
complete sample that illustrates you how to authenticate windows users , both local and
domain users, using the WindowsIdentity and the NegotiateStream class in V2 .

using System;
using System.Net;
using System.Net.Sock ets;
using System.Net.Secu rity;
using System.Security .Principal;
class Program
{
static void Main(string[] args)
{
// pass account name, password and domain name as arguments. For local accounts,
pass the machine name as domain name.
WindowsIdentity id = SSPIHelper.Logo nUser("uuuuuu", "pppppp", "ddddd");
if(id != null)
Console.WriteLi ne("[{0}] was authenticated using [{1}], returned access token
[{2}] ",
id.Name,
id.Authenticati onType,
id.Token.ToStri ng()
);
}
}
// using NTLM authentication
public class SSPIHelper
{
public static WindowsIdentity LogonUser(strin g userName, string password, string domain)
{
// need a full duplex stream - loopback is easiest way to get that
TcpListener tcpListener = new TcpListener(IPA ddress.Loopback , 0);
tcpListener.Sta rt();
WindowsIdentity id = null;
tcpListener.Beg inAcceptTcpClie nt(delegate(IAs yncResult asyncResult)
{
using (NegotiateStrea m serverSide = new NegotiateStream (
tcpListener.End AcceptTcpClient (asyncResult).G etStream()))
{
serverSide.Auth enticateAsServe r(CredentialCac he.DefaultNetwo rkCredentials,
ProtectionLevel .None, TokenImpersonat ionLevel.Impers onation);
id = (WindowsIdentit y)serverSide.Re moteIdentity;

}
}, null);

using (NegotiateStrea m clientSide = new NegotiateStream (new
TcpClient(IPAdd ress.Loopback.T oString()
((IPEndPoint)tc pListener.Local Endpoint).Port) .GetStream()))
{
clientSide.Auth enticateAsClien t(new NetworkCredenti al(userName, password,
domain),
"", ProtectionLevel .None, TokenImpersonat ionLevel.Impers onation);
}
return id;
}
}

Willy.