locked
Problem while configuring and authentication AD domain user using ADAM RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User297677855 posted

    Hi folks,

    We are developing an application, and it would use ADAM and AD for user authentication. We configured all the users in AD. Whenever the request comes to the application it first comes to ADAM then the ADAM internally checks into AD domain for authentication, after successful authentication it should get the privileges from AzMan. We are able to create the normal users in ADAM by following the guidelines given by resource http://erlend.oftedal.no/blog/?blogid=6. And also we are able to authenticate the users using .Net 2.0 web application. But the problem comes only with domain users. We are unable to find the way to select the AD domain user as ADAM user. We found the way to select as a group user. But on top of my knowledge we need to add AD domain user as ADAM user to authenticate.

    For this we are using Windows-XP machine with SP-2 and Windows 2003 Administrative Tools pack and IIS 5.1 installed, and our Active Directory is on Windows 2003 machine, and ADAM is on Windows-XP machine.

    We have been struggling for a long time to configure the Active Directory, and ADAM works closely. Please help on these issues

    1. How to select AD domain user as ADAM user?
    2. What kind of credentials we need to pass to authenticate the selected AD domain user?
    3. Is there any other .Net providers to validate the users other than ActiveDirectoryMembershipProvider?
    4. How the ADAM requests the AD for authentication?
    Friday, May 4, 2007 9:37 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User1586656181 posted

    Hello Sharat,

    As far as your problem is concerned I can give you some code which I am not sure how far it can assist you.

    But you can try with the following as per your Domain Name. Mainly we use LDAP or GC for authentication purpose. So if your organisation has some other Directory Service Provider than you have to use that.

    Anyways, in C# I have this

    string _FILTER = "(&(ObjectClass={0})(sAMAccountName={1}))";

    string ADsFilter = string.Format(_FILTER, "person", userid);

     

    DirectoryEntry root = new DirectoryEntry("GC://DC=<domainname>,DC=AD");

    root.AuthenticationType = AuthenticationTypes.Secure;

    //Below credentials is a must to search in Active Directory. 

    root.Username = userid; //userid is string which is passed as parameter

    root.Password = pwd; //password is string which is passed as parameter

     

     //Now we declare the Searcher and use it to retrive the needed values

    DirectorySearcher searcher = new DirectorySearcher(root);

    searcher.SearchScope = SearchScope.Subtree;

    searcher.ReferralChasing = ReferralChasingOption.All;

    searcher.Filter = ADsFilter;

    SearchResult search = searcher.FindOne();

    DirectoryEntry ADsObject = search.GetDirectoryEntry();

     

     //Retrieving the value from AD object

    string strUserId = ADsObject.Username.ToString();

    string strdDisplayName = ADsObject.Properties["displayName"].Value.ToString();

    For more help you may contact me at tarak_shah@satyam.com

    bye...  

     

    Friday, May 11, 2007 2:28 AM