locked
Login Using Active Directory Services RRS feed

  • Question

  • HI All,

    Am Developing WPF App in which i need Check Username and password against ADS

    i.e

    user:xyz@Comp.com

    pwd:abcd@qwer

    am using below code to check this

    public bool IsAuthenticated(String domain, String username, String pwd)
            {
                String domainAndUsername = domain + @"\" + username;
                DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);
    
                try
                {	//Bind to the native AdsObject to force authentication.			
                    Object obj = entry.NativeObject;
    
                    DirectorySearcher search = new DirectorySearcher(entry);
    
                    search.Filter = "(SAMAccountName=" + username + ")";
                    search.PropertiesToLoad.Add("cn");
                    SearchResult result = search.FindOne();
    
                    if (null == result)
                    {
                        return false;
                    }
    
                    //Update the new path to the user in the directory.
                    _path = result.Path;
                    _filterAttribute = (String)result.Properties["cn"][0];
                }
                catch (Exception ex)
                {
                    throw new Exception("Error authenticating user. " + ex.Message);
                }
    
                return true;
            }

    Any Suggestion would be of great Help.

    Thanks


    Arjun

    Tuesday, May 19, 2015 11:50 AM

Answers

  • Are you on the domain when you do this?

    Are you sure the domain you're using is correct for the user?

    Depending on how your AD is set up you sometimes need an additional parameter.

    ValidateCredentials("myuser", "mypassword", ContextOptions.Negotiate) 


    Hope that helps.

    Technet articles: Uneventful MVVM; All my Technet Articles

    Tuesday, May 19, 2015 2:19 PM

All replies

  • Hi,

    Check out this article

    If this answer was helpful please remember to close your threads by marking helpful posts as answer

    Fares

    Tuesday, May 19, 2015 11:58 AM
  • If the user is on the same domain server you can just use isinrole to check someone is in a group without the need for entry and password.

    This is the safest approach because of course the more you pass round usernames and passwords the greater the security risk.

        private static bool checkGroup(string group)
        {
            WindowsIdentity identity = WindowsIdentity.GetCurrent();
            WindowsPrincipal principal = new WindowsPrincipal(identity);
            return principal.IsInRole(group);
        }

    http://stackoverflow.com/questions/12029378/

    If you particularly need user name and password:

    using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "YOURDOMAIN"))
    {
        // validate the credentials
        bool isValid = pc.ValidateCredentials("myuser", "mypassword");
    }
    http://stackoverflow.com/questions/290548/



    Hope that helps.

    Technet articles: Uneventful MVVM; All my Technet Articles

    Tuesday, May 19, 2015 12:38 PM
  • Hi Andy,

    Thanks For the reply,

    using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "YOURDOMAIN"))
    {
        // validate the credentials
        bool isValid = pc.ValidateCredentials("myuser", "mypassword");
    }

     In the above code am not getting that PrincipalContext  

    I have added "

    using System.DirectoryServices;"

    NameSpace

    Do i need to add any other namespaces?


    Arjun

    Tuesday, May 19, 2015 1:20 PM
  • Did you add a reference (Project->Add Reference->Assemblies->Framework) to System.DirectoryServices.AccountManagement.dll?

    And I think the namespace should be "System.DirectoryServices.AccountManagement": https://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.principalcontext%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396

    Please remember to close your threads by marking helpful posts as answer and then start a new thread if you have a new question. Please don't ask several questions in the same thread.


    Tuesday, May 19, 2015 1:23 PM
  • Hi

    Got that Dll Sorted Out But am getting following error

    Error:Invalid User name or password

    Stack Trace.

    "

       at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
       at System.DirectoryServices.DirectoryEntry.Bind()
       at System.DirectoryServices.DirectoryEntry.get_AdsObject()
       at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
       at System.DirectoryServices.DirectorySearcher.FindOne()
       at SampleApp.ViewModel.LdapAuthentication.Auth() in e:\SVN_WA\SampleApp\ViewModel\LoginViewModel.cs:line 101
       at SampleApp.Controls.LoginUC.Button_Click(Object sender, RoutedEventArgs e) in e:\SVN_WA\SampleApp\Controls\LoginUC.xaml.cs:line 37"

    Arjun

    Tuesday, May 19, 2015 1:59 PM
  • Got That Dll Issue Resolved but 

    "Invalid Username or password error"

    "8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece"


    Arjun

    Tuesday, May 19, 2015 2:06 PM
  • Are you on the domain when you do this?

    Are you sure the domain you're using is correct for the user?

    Depending on how your AD is set up you sometimes need an additional parameter.

    ValidateCredentials("myuser", "mypassword", ContextOptions.Negotiate) 


    Hope that helps.

    Technet articles: Uneventful MVVM; All my Technet Articles

    Tuesday, May 19, 2015 2:19 PM