Click here to Skip to main content
Click here to Skip to main content

Simple Active Directory Authentication Using LDAP and ASP.NET

, 16 Mar 2010
Rate this:
Please Sign up or sign in to vote.
Quick and easy Active Directory authentication using LDAP and ASP.NET

Introduction

I searched the web high and low for Active Directory authentication using VB.NET, and all of the articles I found used the impersonate model to do LDAP queries. However, using the System.DirectoryServices.dll library, there's a simple function that does all of the work for you. This function basically takes a username and password, and tries to authenticate it on the given LDAP (Active Directory).

Background

Instead of writing 20-30 lines of inefficient code, I wanted to make something very short and simple. All this function does is attempt to create an LDAP object using the given credentials. If it fails, then the username/password combination is invalid.

The Code

First off, you need to make sure to reference the System.DirectoryServices.dll. Then, include the library in your page, using:

Imports System.DirectoryServices

You can use this function along with forms based authentication or just to check a user's credentials. It takes the following input variables:

  • path: An LDAP path for the FQDN of your AD. E.g., LDAP://mydomain.com.
  • user: The user's account name. Can be prefixed by the domain; e.g., mydomain\tom or just tom.
  • pass: The user's password.
Function AuthenticateUser(path as String, user As String, pass As String) As Boolean
    Dim de As New DirectoryEntry(path, user, pass, AuthenticationTypes.Secure)
    Try 
        'run a search using those credentials.  
        'If it returns anything, then you're authenticated
        Dim ds As DirectorySearcher = New DirectorySearcher(de)
        ds.FindOne()
        Return True
    Catch
        'otherwise, it will crash out so return false
        Return False
    End Try 
End Function

The function returns a simple True/False if it successfully binds to the LDAP using the given credentials.

***Update*** I added the AuthenticationType.Secure to enable the Kerberos/NTLM encryption of the data as it's passed along the network. I also changed the function to actually search for an object instead of just using the NativeObject binding. With the updated code, I've verified that no clear text is passed (using Network Monitor) and it also works with passwords using symbols.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

Jesse Fatherree
Systems Engineer
United States United States
No Biography provided

Comments and Discussions

 
QuestionAuthentication Pinmemberduentm23-Jul-07 14:00 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web01 | 2.8.140709.1 | Last Updated 16 Mar 2010
Article Copyright 2007 by Jesse Fatherree
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid