Simple Check against AD on Active Directory 1

[dbrooks74]

I know there are 10 different ways to do this but wanted to check, what is the easiest way (least amount of code) that I can check a username and password against active directory.

I will manage the internal access to the program seperately, but I don't want them to have to use a different password from the AD one.

 

[onpnt]

Principal.WindowsPrincipal set to the Thread.CurrentPrincipal. Then validate with the IsInRole method to see if the users are in the AD group you want to have access to your application


[sub]____________ signature below ______________
The worst mistake you'll ever make is to do something simply the way you know how while ignoring the way it should be done[/sub]

 

[chiph]

Note that IsInRole only works if your A-D tree is set up correctly, or if the domain's group policies allow you to query A-D.

Chip H.
(ask me how I know this... :-(


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first

 

[onpnt]

Only other method I've used is DirectoryServices (DirectoryEntry) and get the users

Would you recommend this over the later Chip?

[sub]____________ signature below ______________
The worst mistake you'll ever make is to do something simply the way you know how while ignoring the way it should be done[/sub]

 

[steve1rm]

Hello,

I don't mean to hi-jack this post.

But I was wondering how do you find the users that are listed in Active Directory.

I have designed an e-mail application that uses exchange server 2007. I was wondering how can I obtain the users that are listed in active directory.

Many thanks and code examples would be most grateful,

Steve

 

[cjelec]

steve1rm,

I think its something like:

Dim dir As New DirectoryEntry(LDAPConnectionString)
                            Dim search As New DirectorySearcher(dir, "(objecttype=user)")
                            Dim results As SearchResultCollection = search.FindAll

The results should be a collection of all the users, but it will contain user templates, so you may need to chech if the user is locked out which indicates a template user.

There is a forum for AD in tek-tips...

 

[onpnt]

I checked around. Read a few articles here and there and found references to nested groups having problems (basically not read) with the IsInRole() Method. I've seen issues with performance. Those two things has made me rethink the usage of this group. Our AD groups are setup very well and I've never had problems with it making me question this. The method usage seems to lack flexibility in some respect though.

I've found this issue. Role-Based Authentication Fails for Users Who Belong to Many Groups. This has been resolved however unless you are on earlier versions

Another article I found to be a good read

All in all I see the implementation of this method being as any other method that has these types of obvious situations that accompany them. It will be used when the environment says it is stable and that is our job to figure out if it is the best thing for the time and task.

Probably a bunch of useless mumbling but I thought I would post it



[sub]____________ signature below ______________
The worst mistake you'll ever make is to do something simply the way you know how while ignoring the way it should be done[/sub]