Very simple active directory password authentication 1

[dbrooks74]

I am looking to get authentication against our corporate active directory.

I have a username and password box that someone will fill out. When they click submit, it should verify if the user entered a valid username and password against the active directory.

In asp.net (Visual Basic .NET 1.1) I have:

Dim myADSPath As String "LDAP://domain.local/CN=Users,DC=domain,DC=local"

' Create an Instance of DirectoryEntry.
Dim myDirectoryEntry As New DirectoryEntry(myADSPath)
        myDirectoryEntry.Username = txtUsername.Text
        myDirectoryEntry.Password = txtPassword.Text

I basically just need code that says, myDirectory.valid

Any ideas? Just looking for some simple line of code....

Thanks

 

[jmeckley]

what exactly are you going to do with the DirectoryEntry after the username/password are validated? there is not an IsValid property as validtion has nothing to do with AD.

If your looking for users to authenticate bofore accessing the system there is a much easier way. Set up authtentication/authorization in the web.config file.

<system.web>
  <authentication mode="Windows" />
  <authorization>
     <deny roles="[domain\group],..." users="[domain\username],..." />
     <allow roles="[domain\group],..." users="[domain\username],..." />
  </authorization>
<system.web>

if you need to get their username in a page class use
[tt]User.Identity.Name[/tt]. If you need to get their username in a non-Page class use [tt]System.Security.Principal.WindowsIdentity.GetCurrent().Name[/tt].

with this configuration users are automatically validated when the visit pages within the application.

Jason Meckley
Programmer
Specialty Bakers, Inc.

 

[dbrooks74]

Does this mean they need to authenticate using username and password or does it take it from the PC they are logged into?

 

[jmeckley]

If your using Windows authentication the system will atomatically validate the client and grant/deny access for that webpage. In this setup you will not need a logon/logout feature. the user just needs to open/close the browser.

Jason Meckley
Programmer
Specialty Bakers, Inc.

 

[dbrooks74]

The issue is that multiple people use the same PC. I would like them to be forced to put in a username and password everytime they open the login page.

 

[jmeckley]

2 options:
1. have the users login/out of windows.
2. use forms authentication.

theorically, this situation might work:
use forms authentication.
continue along the same line of authentication from your original post.
for "validation" have the user query their own information from AD. To do this create a filter that would return a single piece of information about themselves (samaccount, mail, displayname).
If the username/password is valid no errors will occur and the DirectorySearcher.FindOne() will not return null.
If it's not an exception will be thrown or the DirectorySearcher.FindOne() will return null.
sudo code

Dim pwd as string = txtPassword.Text
Dim domainUser as string = txtPassword.Text
dim user as string = domainUser.split(@'\')(1)
Dim path As String = "LDAP://domain.local/CN=Users,DC=domain,DC=local"

Dim myDirectoryEntry as DirectoryEntry = new DirectoryEntry(path, domainUser, pwd)
Dim searcher as DirectorySearcher = new DirectorySearcher(myDirectoryEntry)
boolean isValid;
try
   searcher.Fitler = "(&(objectCategory=user)(samaccountname=" & user & "))"
   searcher.PropertiesToLoad.Add("mail")

   SearchResult result = searcher.FindOne()
   isValid = (result = nothing)
catch
   isValid = false
end catch
finally
   searcher.Close()
   searcher = nothing
   myDirectoryEntry = nothing
end finally
end try

if (Not isValid)
   ''invalid username/password
end if

Jason Meckley
Programmer
Specialty Bakers, Inc.

 

[dbrooks74]

This is exactly what I was looking for.

Thank you!