none
Authenticate a user against Active Directory database RRS feed

  • Question

  • Hello, I'm new to this forum and new to c# and .net technologies so I would like  to apologize  in case  of  miss  placeing this  question.

    Here is my problem. I work with Visual Studio 2005  with Framework 2.0 installed.  My OS is  Windows XP Professional  Version 2002  with  Service  Pack  2.

    I want to authenticate a user using Active Directory. Here it is my code:

        public System.Boolean authenticateUser(string userName, string password) {
         string loginPath="WinNT://" + Environment.MachineName+",computer"; 
         try {
            AD = new System.DirectoryServices.DirectoryEntry(loginPath);
          }catch(Exception e) {
              return false;
        }  
          DirectoryEntries direcEntries = AD.Children;
          System.Collections.IEnumerator someEnum = direcEntries.GetEnumerator();
          while (someEnum.MoveNext())
          {
              DirectoryEntry de = (DirectoryEntry)someEnum.Current;         
              if (de.Username.Equals(userName))
              {

                  try
                  {
                      de.Password = password ;
                      object o = de.NativeObject;                
                  }
                  catch (DirectoryServicesCOMException ex)
                  {
                      string adError = ex.Message;
                      return false;
                  }
                  catch (System.Runtime.InteropServices.COMException  ex)
                  {
                      string adError = ex.Message;
                      return false;
            }
       }
       return true;
    }

    The problem is this code does not work. Sometimes it does but not all the time.
    When it does for a wrong password I get the following exception System.Runtime.InteropServices.COMException   instead of the DirectoryServicesCOMException exception.


    In other cases even for a correct password I get the exception System.Runtime.InteropServices.COMException.

    Can you please help me with this problem ? I have spent the last 3 days trying to solve this problem and I had no luck.

    Thank you.
    Monday, December 10, 2007 8:26 AM

Answers

All replies

  • (Can you please help me with this problem ? I have spent the last 3 days trying to solve this problem and I had no luck.)

     

    You should have posted earlier I would have saved you a lot of pain, your code will not run in XP because there is no AD in XP a desk top operating system.  You need to run you code either against Win2003 or the soon to be released Win2008.  You also need to configure the AD add users to it before you can use it for development.  In the meantime visit the AD programming experts there are many code samples.

     

    http://directoryprogramming.net/



    Monday, December 10, 2007 3:52 PM
  • 10x man !  It is great to know that somebody is able to help you with this kind of problems.

    I have one more question: is it possile to authenticate against Active Directory within Win2003 without having to install and configure a LDAP server?

    Another important aspect regards the possibility to identify an user within the group(s) that it is tied to.

    10x again !


    Tuesday, December 11, 2007 7:07 AM
  • Microsoft AD require only system configuration and adding users to groups there is no LDAP server to install.  And you second question is covered by ADAM and AZMAN both are part of the AD Asp.net membership provider. Go to the link below and download existing code samples from the AD coding experts.


    http://directoryprogramming.net/files/default.aspx

     

    http://blog.oppositionallydefiant.com/post/Leveraging-Active-Directory-As-A-Membership-and-Role-Management-Data-Store-in-ASPNET-20.aspx

     

    Tuesday, December 11, 2007 3:14 PM
  • Hello !

    Thank you for spending time helping me with this problem. Fortunately I have followed your advice and managed to install a Win2003 virtual machine. All my efforts were't at all rewarded because I kept trying to authenticate using "WinNT://ip...

    In the end I understood that using "LDAP" instead of "WinNT" does not require any kind of LDAP Server installation. LDAP is only a protocol created to simplify x.500.

    Anyway, using "LDAP" I have succedeed to authenticate and to retrieve all the groups an user is tied to.

    Thank you very much !

    Valentin

    Regards
    Wednesday, December 12, 2007 6:50 AM