Authentication against active directory

Ask a Question related to ASP.NET Security, Design and Development.

  1. Jon Delano #1

    Default Authentication against active directory

    Hello

    I am developing a ASP.NET site (using VB).
    I found some code that allows me to authenticate the user trying to access
    the site against the active directory server for the company.

    What is happening is some users authenticate and others do not ... but they
    are all a part of the domain.
    The web server the site is running on is part of the domain (else no user
    would authenticate)

    Here is the code I use to authenticate the users :

    ' use the OLEDB provider to access the ADS Object, this allows for
    simple SQL Query for the user.
    Dim cn As New OleDb.OleDbConnection("provider=ADsDSOObject;User ID="
    & txtUserName.Text & ";Password=" & txtPassword.Text)
    Dim cmd As New OleDb.OleDbCommand("Select GivenName, sn from
    'LDAP://[domain is here]' where samAccountName='" & txtUserName.Text & "'",
    cn)
    Dim dtrdr As OleDb.OleDbDataReader

    Try
    cn.Open()

    dtrdr = cmd.ExecuteReader
    If dtrdr.Read = True Then
    ' user authenticated against active directory
    Session.Add("UserFirstName", dtrdr("GivenName"))
    Session.Add("UserLastName", dtrdr("sn"))
    UserIsPhysician()

    If Session("PhysicianID") = -1 Then Exit Sub

    Server.Transfer("patientlist.aspx")
    Else
    Label1.Text = "Unable to access user data."
    End If
    dtrdr.Close()

    Catch ex As Exception
    Dim exMsg As String
    If InStr(ex.Message, "PERMISSION") > 0 Then
    exMsg = ""
    Else
    exMsg = ex.Message
    End If
    Label1.Text = "Invalid Username or Password. " & exMsg
    End Try

    cmd = Nothing
    dtrdr = Nothing
    cn.Close()
    cn = Nothing

    I can't understand why some users will work fine and others just won't.

    If anyone can offer any ideas ... it would be greatly appreicated.

    Thank you
    Jon


    Jon Delano Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. Windows Authentication with Asp.net and against Active Directory
      How can i use Windows authentication in IIS against AD. How will i create a WindowsPrincipal object(with asp.net) in the Context.User property...
    2. User Authentication, Active Directory and more (help)
      Hi, Can a .NET application make use of the information within the Active Directory in order to Authenticate and Authorize users? For example...
    3. Forms Authentication with Active Directory using vb.net
      I have seen many examples of form authentication using c#. Can someone point me to a sample using vb.net. I would like to use WinNT://domain,...
    4. Active Directory Authentication in ASP
      I have been attempting to find a script that works in a variety of AD implementations to authenticate a user from a form in ASP. After many failed...
    5. Authentication on Active Directory
      How do I autheticate using a <FORM> and C# on Active Directory? Thanks in advance
  2. Joe Kaplan \(MVP - ADSI\) #2

    Default Re: Authentication against active directory

    Have you considered using the classes in System.DirectoryServices for
    accessing AD in .NET? It is much more straightforward.

    Generally, when people authenticate users to AD using LDAP, they will do a
    bind to AD using the DirectoryEntry class. The code might look like this:

    'Imports System.DirectoryServices
    'Imports System.Runtime.InteropServices
    'Imports System.Globalization

    Public Function AuthenticateUser(ByVal userName As String, ByVal password
    As String, ByVal domain As String, ByVal server As String) As Boolean

    If userName Is Nothing OrElse userName.Length = 0 Then Throw New
    ArgumentNullException("userName")
    If password Is Nothing OrElse password.Length = 0 Then Throw New
    ArgumentNullException("password")
    If domain Is Nothing OrElse domain.Length = 0 Then Throw New
    ArgumentNullException("domain")
    If server Is Nothing OrElse server.Length = 0 Then Throw New
    ArgumentNullException("server")

    Dim ntLogonName As String
    Dim entry As DirectoryEntry

    ntLogonName = String.Format(CultureInfo.InvariantCulture,
    "{0}\{1}", domain, userName)


    entry = New DirectoryEntry( _
    String.Format( _
    CultureInfo.InvariantCulture, _
    "LDAP://{0}/rootDSE", server), _
    ntLogonName, _
    password, _
    AuthenticationTypes.Secure _
    )

    Try
    Dim bindTest As Object
    bindTest entry.NativeObject 'this forces the bind to AD
    Return True

    Catch ex As COMException
    If ex.ErrorCode = &H8007052E Then 'COM error code for "Bad
    username or password"
    Return False
    Else
    Throw 'if the problem wasn't bad credentials, then we there is
    something else wrong here
    End If
    Finally
    entry.Dispose()
    End Try

    End Function

    You need to add a reference to System.DirectoryServices as well.

    The DirectorySearcher class is also much more straightforward to use for
    searching AD.

    HTH,

    Joe K.
    "Jon Delano" <jd31068@hotmail.com> wrote in message
    news:KLVLc.145291$JR4.109063@attbi_s54...
    > Hello
    >
    > I am developing a ASP.NET site (using VB).
    > I found some code that allows me to authenticate the user trying to access
    > the site against the active directory server for the company.
    >
    > What is happening is some users authenticate and others do not ... but
    they
    > are all a part of the domain.
    > The web server the site is running on is part of the domain (else no user
    > would authenticate)
    >
    > Here is the code I use to authenticate the users :
    >
    > ' use the OLEDB provider to access the ADS Object, this allows for
    > simple SQL Query for the user.
    > Dim cn As New OleDb.OleDbConnection("provider=ADsDSOObject;User
    ID="
    > & txtUserName.Text & ";Password=" & txtPassword.Text)
    > Dim cmd As New OleDb.OleDbCommand("Select GivenName, sn from
    > 'LDAP://[domain is here]' where samAccountName='" & txtUserName.Text &
    "'",
    > cn)
    > Dim dtrdr As OleDb.OleDbDataReader
    >
    > Try
    > cn.Open()
    >
    > dtrdr = cmd.ExecuteReader
    > If dtrdr.Read = True Then
    > ' user authenticated against active directory
    > Session.Add("UserFirstName", dtrdr("GivenName"))
    > Session.Add("UserLastName", dtrdr("sn"))
    > UserIsPhysician()
    >
    > If Session("PhysicianID") = -1 Then Exit Sub
    >
    > Server.Transfer("patientlist.aspx")
    > Else
    > Label1.Text = "Unable to access user data."
    > End If
    > dtrdr.Close()
    >
    > Catch ex As Exception
    > Dim exMsg As String
    > If InStr(ex.Message, "PERMISSION") > 0 Then
    > exMsg = ""
    > Else
    > exMsg = ex.Message
    > End If
    > Label1.Text = "Invalid Username or Password. " & exMsg
    > End Try
    >
    > cmd = Nothing
    > dtrdr = Nothing
    > cn.Close()
    > cn = Nothing
    >
    > I can't understand why some users will work fine and others just won't.
    >
    > If anyone can offer any ideas ... it would be greatly appreicated.
    >
    > Thank you
    > Jon
    >
    >

    Joe Kaplan \(MVP - ADSI\) Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139