locked
ASP.NET 4.0 and LDAP Authentication on IIS 6 RRS feed

  • Question

  • User657329123 posted

    Hi there,

    I'm new with asp.net and I'm writing an application. The login form displays username of the person who has logged in to the PC.  They can enter their AD password to login.  After they login, I want to get their Full Name from LDAP. 

    Simple isn't it. Well may be for some of you, but I've trying to do this for days now and still I'm not making any progress. I googled it but still didn't  find anything helpful. I'm quite frustrated. I'm using Integrated Windows Authentication and Impersonation is set to true.

    I'm running IIS 6.0 and ASP.NET 4.0.

    Can somebody point me to code as how to do this? Please explain your answer step by step.

    Thanks in advance,

    Joe

    Wednesday, April 23, 2014 6:08 PM

Answers

  • User1508394307 posted

    Hi Joe,

    this question has been asked already many times on this forum.

    All what you need to do is to get a value of the "displayName" property.

            string ldapPath = "LDAP://corp.net:389/dc=corp,dc=net";
            DirectoryEntry de = new DirectoryEntry(ldapPath);
            DirectorySearcher s = new DirectorySearcher(de);
    
            string userName = User.Identity.Name;
            s.Filter = "(name=" + userName + ")";
            
            s.PropertiesToLoad.Add("displayName");
            SearchResult sr = s.FindOne();
            
            Label1.Text = "Name is " + sr.Properties["displayName"] + "";

    See more details http://forums.asp.net/t/1665598.aspx?How+to+get+Full+Name+from+AD+LDAP+ 

    Another thing is that if you on Integrated Windows Authentication then you do not need to enter any AD password to login because it is already integrated. Also, impersonation is not required for such things as full name, etc. So, if the above code will not help, please explain your requirements in more details.

    Hope this helps.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, April 24, 2014 3:23 AM
  • User1508394307 posted

    Joe,

    integrated windows authentication works fine in .NET2 and 4. All what usually is required to be done

    1) setup IIS for integrated windows authentication

    2) setup asp.net application

    <authentication mode="Windows" />

    and authorization

    <authorization>
    <deny users="?"/>
    </authorization>

    3) enable integrated windows authentication in IE

    depends on environment you might need some additional settings 

    These 3 points are usually enough to enable integrated windows authentication on ASP.NET. This should then work as follows

    1) user is authenticated in the system (Windows)
    2) he opens IE and navigate to your site
    3) he is automatically authenticated in your application, meaning that there is no username or password prompt is required.

    This works well with any version of .NET

    Now, the original question was about how to get the name of the user. You will get his name with the above code in any .NET version. However, if you could use .NET3.5 or later you could use System.DirectoryServices.AccountManagement Namespace where same task could be easy as 

    UserPrincipal.Current.Name

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, April 25, 2014 7:38 AM

All replies

  • User1508394307 posted

    Hi Joe,

    this question has been asked already many times on this forum.

    All what you need to do is to get a value of the "displayName" property.

            string ldapPath = "LDAP://corp.net:389/dc=corp,dc=net";
            DirectoryEntry de = new DirectoryEntry(ldapPath);
            DirectorySearcher s = new DirectorySearcher(de);
    
            string userName = User.Identity.Name;
            s.Filter = "(name=" + userName + ")";
            
            s.PropertiesToLoad.Add("displayName");
            SearchResult sr = s.FindOne();
            
            Label1.Text = "Name is " + sr.Properties["displayName"] + "";

    See more details http://forums.asp.net/t/1665598.aspx?How+to+get+Full+Name+from+AD+LDAP+ 

    Another thing is that if you on Integrated Windows Authentication then you do not need to enter any AD password to login because it is already integrated. Also, impersonation is not required for such things as full name, etc. So, if the above code will not help, please explain your requirements in more details.

    Hope this helps.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, April 24, 2014 3:23 AM
  • User657329123 posted

    Thanks smirnov. Your code is about getting Full Name but not about how to log in.  Can you tell me how to allow user to log in. Here is what I want:

    I have a web form with fields - username, Password and Login button. When web form loads, it grabs the username of the user logged in to PC and displays in the username textbox. User has to type their AD password and click on Log in button.

    Users from 2 domains will be using this web form.

    I do not want to use Basic Autnetication because passwords are sent in clear text. I have another application that does exactly the same but it is configured to work with ASP.NET 2.0 on IIS and it uses Integrated Windows Authentication.  The only difference is ASP.NET works for one domain and I want the new application in ASP.NET 4.0 to work with 2 domains.

    Why Integrated Windows Authentication works fine in ASP.NET 2.0 and not in ASP.NET 4.0?

    I noticed that with Basic Authentication and Digest, I get logi prompts which I don't want since I've a web form.

    Hope this makes sense.

    Thursday, April 24, 2014 7:10 AM
  • User657329123 posted

    If I decide to forget about 4.0 and switch  to ASP.NET 2.0, then I don't know how to get users Full Name.

    Thursday, April 24, 2014 7:13 AM
  • User1508394307 posted

    Integrated Windows Authentication does not require to enter the user name and password. 

    Users are authenticated against AD, and their credentials are not transmistted across the Internet. In addition, users are provided with a seamless experience, as they only need to log in to Windows, and their browser and IIS take care of managing authentication from then on. 

    http://www.mikesdotnetting.com/Article/216/Windows-Authentication-With-ASP.NET-Web-Pages 

    http://msdn.microsoft.com/en-us/library/ff647405.aspx
    http://msdn.microsoft.com/en-us/library/ff647076.aspx

    Thursday, April 24, 2014 5:41 PM
  • User657329123 posted

    I really didn't think login is going to be such a headche in ASP.NET.

    Thursday, April 24, 2014 6:50 PM
  • User1508394307 posted

    Joe,

    integrated windows authentication works fine in .NET2 and 4. All what usually is required to be done

    1) setup IIS for integrated windows authentication

    2) setup asp.net application

    <authentication mode="Windows" />

    and authorization

    <authorization>
    <deny users="?"/>
    </authorization>

    3) enable integrated windows authentication in IE

    depends on environment you might need some additional settings 

    These 3 points are usually enough to enable integrated windows authentication on ASP.NET. This should then work as follows

    1) user is authenticated in the system (Windows)
    2) he opens IE and navigate to your site
    3) he is automatically authenticated in your application, meaning that there is no username or password prompt is required.

    This works well with any version of .NET

    Now, the original question was about how to get the name of the user. You will get his name with the above code in any .NET version. However, if you could use .NET3.5 or later you could use System.DirectoryServices.AccountManagement Namespace where same task could be easy as 

    UserPrincipal.Current.Name

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, April 25, 2014 7:38 AM