Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

LDAP authentication woes

Status
Not open for further replies.

MrPeanut

Technical User
Nov 1, 2004
12
US
Hey all,

I am creating a Login Page with Change Password functionality (ASP.NET w/ VB.NET code).
The users that I'm trying to change are located in a subdomain. (ex: subdomain.domain.com)
I can not seem to authenticate any user in a Subdomain.

When I use an application like Softerra's LDAP browser, it loads up the top level tree of the domain, and then after about 30 seconds the subdomain's DC is loaded with the appropriate users.

What I've done is piece each part of the LDAP programmatically:
- I obtain a list of all the domains, and then check each domain for the user matching what I have typed in for a login.
- If found, it returns the DN for the user, and then checks if a DirectoryEntry exists with that path.
- If it has, I then pass in the username and password to the domain in question.

The application tends to crap out whenever I try to authenticate any user in the subdomain with this as the innerexception message: "8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece"

Any ideas would be helpful.

In my Application I am doing the following:
Code:
Protected Sub btnAuthenticate_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles lbtnGoTime.Click
Try
   Dim arrDomains As New ArrayList
   Dim DomainUsed As String
   Dim arrUsers As New ArrayList
   Dim blnExists As Boolean
   Dim blnAuthenticated As Boolean
  
   'Populate the Domains into an Array List.
   arrDomains = EnumerateDomains()
  
   'Check each domain for the username entered above.
   For counter As Integer = 0 To arrDomains.Count - 1
      arrUsers = GetAllADDomainUsers(arrDomains.Item(counter).ToString, txtUserName.Text.Trim())
      If arrUsers.Count > 0 Then
         DomainUsed = arrDomains.Item(counter).ToString
         Exit For
      End If
   Next
  
   'Check to see if each user in the Arraylist exists in LDAP.
   For usercounter As Integer = 0 To arrUsers.Count - 1
      blnExists = DoesItExist(arrUsers.Item(usercounter).ToString)
   Next
  
   'If the user exists in the system, try to authenticate
   If blnExists Then
      blnAuthenticated = Authenticate(txtUserName.Text.Trim, txtPassword.Text.Trim, DomainUsed)
      If blnAuthenticated Then
         lblGoResult.Text = "User Authenticated."
      Else
         lblGoResult.Text = "User Failed Authentication."
      End If
   Else
      lblGoResult.Text = "User not found."
   End If
  
   Catch ex As Exception
      Throw New Exception(ex.Message)
   End Try
End Sub

The functions for each step are as follows:

Code:
Public Function EnumerateDomains() As ArrayList

   Try

      Dim alDomains As New ArrayList()
      Dim currentForest As Forest = Forest.GetCurrentForest()
      Dim myDomains As DomainCollection = currentForest.Domains
     
      For Each objDomain As Domain In myDomains
        alDomains.Add("LDAP://" & objDomain.Name & ":389")
      Next
      Return alDomains

   Catch ex As Exception
      Throw New Exception(ex.Message)
   End Try

End Function

Public Function GetAllADDomainUsers(ByVal myPath As String, ByVal username As String) As ArrayList

   Try

      Dim allUsers As New ArrayList()
      Dim searchRoot As New DirectoryEntry(myPath)
      Dim search As New DirectorySearcher(searchRoot)
      Dim result As SearchResult
      Dim resultCol As SearchResultCollection
     
      search.Filter = "(SAMAccountName=" & username & ")"
      search.PropertiesToLoad.Add("distinguishedName")
     
      resultCol = search.FindAll()
      If resultCol IsNot Nothing Then
         For counter As Integer = 0 To resultCol.Count - 1
            result = resultCol(counter)
            If result.Properties.Contains("distinguishedName") Then
               allUsers.Add(DirectCast(result.Properties("distinguishedName")(0), String))
            End If
         Next
      End If
     
      Return allUsers
     
   Catch ex As Exception
      Throw New Exception(ex.Message)
   End Try
     
End Function

' This method does not need you to know the distinguishedName,
' you can concat strings or even guess a location and it will
' still run (and return false if not found).

Public Function DoesItExist(ByVal objectPath As String) As Boolean
  
   Try
  
      Dim found As Boolean = False
      If DirectoryEntry.Exists("LDAP://" + objectPath) Then
         found = True
      End If
      Return found
  
   Catch ex As Exception
      Throw New Exception(ex.Message)
   End Try

End Function

Public Function Authenticate(ByVal userName As String, ByVal password As String, ByVal domain As String) As Boolean
   Dim authentic As Boolean = False
   Dim ts As New TimeSpan(0, 0, 30)

   Try

      Dim entry As New DirectoryEntry(domain, userName, password)
      Dim nativeObject As Object = entry.NativeObject
      authentic = True

   Catch generatedExceptionName As DirectoryServicesCOMException
   End Try

   Return authentic

End Function

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top