authenticate user in LDAP

Question

0.00/5 (No votes)

See more:

Hi,
I have a directory in structure like
ou=system,ou=valeteck,cn=mayank

Now their is username and password for system. CN 'mayank' has password also.
Now I have to authenticate 'mayank' by checking username and password.

I am creating a directoryentry object with domain of system and its username and password. Used a search filter to get mayank and then access its password to validate but its not working.

Posted 13-Aug-12 3:52am

mayankkarki

Add a Solution

4 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Bernhard Hiller · Answer 1 · 2012-08-13T04:22:00

Solution 1

After "creating a directoryentry object with domain of system and its username and password", you call its NativeEntry property:

C#

object o = directoryentry.NativeObject;

An exception will be raised in case of a wrong password.

Posted 13-Aug-12 4:22am

Bernhard Hiller

Comments

mayankkarki 14-Aug-12 8:39am

Thanks,
But system and cn='mayank' have different password.If I create directory entry object with password of cn I didn't get authenticate.I have to check that the password use entered is correct and match with user's password in ldap.

Bernhard Hiller 14-Aug-12 8:49am

oh dear, that phrase "domain of system" was so misleading - I thought of the domain controller of your network, i.e. the server.
Of course, your DirectoryEntry object has to be created with the "samaccountname" of the user and the password!

mayankkarki 14-Aug-12 8:57am

Thanks,
I am coding like this,
DirectoryEntry dEntry=new DirectoryEntry("ldap://localhost:389/cn=mayank,ou=valeteck,ou=system","cn=mayank","password");
But I didn't get any native object.

mayankkarki 16-Aug-12 3:06am

Hi,
I tried using this,
DirectoryEntry dEntry=new DirectoryEntry("ldap://localhost:389/cn=mayank,ou=valeteck,ou=system","cn=mayank","password");
Not get any result.
but if I provide username and password of system I get object but the question is same how to check userPassword property beacuse the value it return in hashed format.

Palanivelrajan · Answer 2 · 2012-11-28T02:29:00

Dear mayankkarki,

I have same requirement to authenticate with LDAP Password. But I used different class instead of DirectoryEntry since it is not working (ie I have authenticate against Lotus Notes LDAP). I used different class(NetworkCredential, LdapConnection ,SearchRequest, SearchResponse and SearchResultEntryCollection) and able to get list of user but I don't know authentication.

If u solved kindly guide me.

Let me also know if I use directry entry class, it through error like protocol error etc.

Gregory Gadow · Answer 3 · 2012-11-28T04:31:00

If I'm reading your question correctly, you have a Windows network login and a password, and you want to validate the user. Do you have to use LDAP?

This is what we use:

VB

Public Function ValidateWindowsCredentials(ByVal UserId As String, _
ByVal Password As String) As Boolean
    Dim Result As Boolean = False

    Try
        Dim PC As New PrincipalContext(ContextType.Domain, "OurDomain")
        'This is done twice: sometimes, the first check fails.
        Result = PC.ValidateCredentials(UserId, Password, ContextOptions.Negotiate)
        Result = PC.ValidateCredentials(UserId, Password, ContextOptions.Negotiate)
    Catch ex As Exception
        Throw ex
    End Try

    Return Result
End Function

My apologies for it being in VB, but you should be able to translate this to C# easily enough. PrincipalContext is part of the System.DirectoryServices.AccountManagement namespace, which was added to the 3.5 Framework (Visual Studio 2008) and, in my experience, it is significantly faster than older technique of trying to change the password to itself.

As far as obtaining a password from a user id, you cannot: the property is write-only. This is by design, to prevent a malicious user from writing code that could harvest network passwords out of the AD data store.

mayankkarki · Answer 4 · 2012-12-13T20:01:00

Hi,
I am describing the way I used to connect and authenticate user in ldap. I have to connect over SSL and I am getting some problem with DirectoryEntry So I used LdapConnection class.

C#

LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier("SJTPNOC.com", 636));
connection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback((con, cer) => true);
connection.SessionOptions.ProtocolVersion = 3;        
connection.AuthType = AuthType.Basic;       
connection.SessionOptions.SecureSocketLayer = true;
connection.Timeout = new TimeSpan(0, 0, 10);   
connection.Credential = new NetworkCredential(username, password);
using (connection){}

If this doesn't throw error then user is authorised otherwise not. Now you have to be careful with username you provide.It must be user full domain name.
CN=mayank/OU=Users/dc=SJTPNOC/dc=com.
Let me know if anybody needs help.

authenticate user in LDAP

4 solutions

Solution 1

Solution 2

Solution 3

Solution 4

Add your solution here

Preview 0