Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

authenticating users in different DCs using LDAP

Status
Not open for further replies.
MrPeanut

MrPeanut

Technical User
Nov 1, 2004
12
US
Hey all,

I'm building a web form that allows users to log in. The underlying authentication will be to check if the user is in the AD.

Everything works for people in the root DC, but I also have users in a child DC. How do I search users in both the root as well as the child DC? I tried setting the search scope to Subtree and it does not work.

A simple test I did was to retrieve all users in the domain using the following function:

Code: 
        Public Function GetAllADDomainUsers() As ArrayList
            Dim allUsers As New ArrayList()

            Dim searchRoot As New DirectoryEntry(_path)
            Dim search As New DirectorySearcher(searchRoot)
            search.Filter = "(&(objectClass=user)(objectCategory=person))"
            search.PropertiesToLoad.Add("samaccountname")
            ' search.SearchScope = SearchScope.Subtree

            Dim result As SearchResult
            Dim resultCol As SearchResultCollection = search.FindAll()
            If resultCol IsNot Nothing Then
                For counter As Integer = 0 To resultCol.Count - 1
                    result = resultCol(counter)
                    If result.Properties.Contains("samaccountname") Then
                        allUsers.Add(DirectCast(result.Properties("samaccountname")(0), String))
                    End If
                Next
            End If
            Return allUsers
        End Function

_path = "LDAP://dc1/DC=webroot,DC=com"

I can retrieve all users in webroot but there is a sub DC called test.

When I change my path to:
_path = "LDAP://dc1/DC=test,DC=webroot,DC=com"

it will list the users in test but not in the webroot.

Ok so that allows me to see that it is retrieving a list of users in those domains. Now when I try to authenticate I use the method:

Code: 
        Public Function IsAuthenticated(ByVal username As String, _
                                        ByVal pwd As String) As Boolean

            Dim entry As New DirectoryEntry(_path, username, pwd)

            entry.AuthenticationType = AuthenticationTypes.Secure
            Try
                Dim search As New DirectorySearcher(entry)
                search.SearchScope = SearchScope.Subtree
                search.PropertiesToLoad.Add("cn")
                search.PropertiesToLoad.Add("objectClass=users")
                search.Filter = "(samAccountName=" + username + ")"
                
                Dim result As SearchResult = search.FindOne()
                If result Is Nothing Then
                    Return False
                End If
                _path = result.Path
                _filterAttribute = DirectCast(result.Properties("cn")(0), String)
            Catch ex As Exception
                Throw New Exception("Error authenticating user. " + ex.Message)
            End Try
            Return True
        End Function

It craps out for the test domain.

Any ideas would be helpful.
 
Sort by date Sort by votes
Wouldn't it be simpler to find out which domain the user belongs to and looking in that domain instead of looking in all the domains? What if user1 exists in both domains and has different rights?

Christiaan Baes
Belgium

My Blog
 
Upvote 0 Downvote
Christiaan,

Could you assist me in doing that? I'm still fairly new with LDAP, and I'd love to be able to get something like this going.

Thanks
 
Upvote 0 Downvote
Let me think out loud here

I would change the function to this

Code: 
Public Function IsAuthenticated(ByVal username As String, _
                                        ByVal pwd As String, byval Path as String) As Boolean

            Dim entry As New DirectoryEntry(Path, username, pwd)

            entry.AuthenticationType = AuthenticationTypes.Secure
            Try
                Dim search As New DirectorySearcher(entry)
                search.SearchScope = SearchScope.Subtree
                search.PropertiesToLoad.Add("cn")
                search.PropertiesToLoad.Add("objectClass=users")
                search.Filter = "(samAccountName=" + username + ")"
                
                Dim result As SearchResult = search.FindOne()
                If result Is Nothing Then
                    Return False
                End If
                _path = result.Path
                _filterAttribute = DirectCast(result.Properties("cn")(0), String)
            Catch ex As Exception
                Throw New Exception("Error authenticating user. " + ex.Message)
            End Try
            Return True
        End Function

ok so now we can give the path to the function so now all we have to do is determine the domain from which the user is using at that time. Which you can get from environment.UserDomainName (not sure if this will tell you t he superdomain but hey I can't do it all.

So see if this can help you further.

Christiaan Baes
Belgium

My Blog
 
Upvote 0 Downvote
That doesn't seem to help me out. Thanks though. I'm searching for more alternatives.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Makumbi256
  • Locked
  • Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
477
Makumbi256
Makumbi256
G12Consult
  • Locked
  • Question
Different landing pages for different roles
Replies
0
Views
538
G12Consult
G12Consult
JohnB33
  • Locked
  • Question
int type causes error
Replies
0
Views
498
JohnB33
JohnB33
a6green
  • Locked
  • Question
How to configure AT&T / Avaya Definity G3 incoming ISDN trunk
Replies
2
Views
576
a6green
a6green
WIREMESH
  • Locked
  • Question
Play mp4 files in asp.net 2.0 webforms application
Replies
0
Views
152
WIREMESH
WIREMESH

Part and Inventory Search

Sponsor

Back
Top