locked
ACTIVE DIRECTORY CONNECT TO MY ASP.NET PAGE PLEASE HELP... RRS feed

  • Question

  • User1046245955 posted

    please help... im using the active directory username and password to enter to my page but need to check my user database if they have the access.. the username is working but the problem is the active directory users password is not working... here's my code...


    using System;
    using System.Data;
    using System.Configuration;
    using System.Web;
    using System.Web.Security;
    using System.Web.UI;
    using System.Web.UI.WebControls;
    using System.Web.UI.WebControls.WebParts;
    using System.Web.UI.HtmlControls;
    using System.Data.SqlClient;
    using System.Data.Odbc;
    using System.Data.OleDb;
    using System.DirectoryServices;


    public partial class _Default : System.Web.UI.Page
    {
            public void getDirectoryInfo(string Empno, out string FullName, out string EmailAddress)
            {
                DirectoryEntry entry = new
                DirectoryEntry("LDAP:// DOMAIN IP ADDRESS");

                DirectorySearcher search = new DirectorySearcher(entry);

                search.Filter = "(SAMAccountName=" + Empno + ")";

                SearchResult result = search.FindOne();
               
                try
                {
                    if (result != null)
                    {
                        DirectoryEntry directoryEntry = result.GetDirectoryEntry();
                        FullName = directoryEntry.Properties["displayName"][0].ToString();
                        EmailAddress = directoryEntry.Properties["mail"][0].ToString();                    
                    }
                    else
                    {
                        FullName = "Not Found";
                        EmailAddress = "Not Found";
                    }
                }
                catch (Exception Ex)
                {

                    FullName = "Not Found";
                    EmailAddress = "Not Found";
                }
            }

    protected void Page_Load(object sender, EventArgs e)
        {
         
    copylabel.Text = DateTime.Now.ToString("yyyy");
        }

        protected void saveadd(object sender, EventArgs e)
        {
            string sName;
            string sEmail;

            getDirectoryInfo(empusername.Text, out sName, out sEmail);

            if (sName != "Not Found")
            {
                string constr;
                constr = "Provider=OraOLEDB.Oracle;Data Source=SERVERTABLE;User Id=123;Password=123;";
                OleDbConnection con = new OleDbConnection(constr);
                con.Open();

                OleDbCommand cm = new OleDbCommand("select * from LIST_USER where username='" + empusername.Text + "', con);

                OleDbDataReader reader = cm.ExecuteReader();
                if (reader.HasRows)
                {

                    OleDbDataReader drReader = null;

                    string myConnection = "Provider=OraOLEDB.Oracle;Data Source=SERVER;User Id=123;Password=123;";
                    OleDbConnection myConn = new OleDbConnection(myConnection);
                    myConn.Open();

                    string strCmd;

                    strCmd = "Select USERNAME, DEPT_CODE, EMP_NAME, ID FROM MAIL_HEADLIST where ";
                    strCmd += "USERNAME = '" + empusername.Text + "'";

                    OleDbCommand mycommand = new OleDbCommand();

                    mycommand.CommandText = strCmd;
                    mycommand.Connection = myConn;
                    drReader = mycommand.ExecuteReader();

                    drReader.Read();
                    if (drReader.HasRows)
                    {
                        Session["user"] = null;
                        Session["user"] = drReader["ID"].ToString();
                        Session["dcode"] = drReader["DEPT_CODE"].ToString();

                    }
                    drReader.Close();
                    myConn.Close();
                    Response.Redirect("main.aspx?dc=" + Session["dcode"].ToString() + "&bg=" + Session["user"].ToString());
                }

                else
                {
                    Response.Write("<script language=JavaScript>alert('Sorry,your username or password is Invalid.Please check your username and password.')</script>");
                }
                con.Close();
            }
        }
    }

    Monday, August 2, 2010 2:22 AM

All replies

  • User-968139384 posted

    Hi.

    I tested and received both user name and email from AD using your code. How do you want to test the password? Is it stored in some way in the database, or do you want to retrieve it from AD (won't do)?

    If it is the DirectorySearch that fails, maybe you should try using AuthenticationTypes.Secure and a username/password for the DirectoryEntry? 

    Anders

    Monday, August 2, 2010 3:22 AM
  • User1046245955 posted

    i can access the username from active directory but i need also the password so my asp.net page have the same username and password from active directory...

    Monday, August 2, 2010 3:36 AM