Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C#2.0 ASP.NET LDAP
We have an web application developed using c#(VS 2008/3.5 framework). The application uses the mode of authentication as "Windows" with a service account present in domain (Domain1) to run the application as ASP.Net user. We have authentication to be done for the users present in different domain (Domain 2). When authentication is done using the directory services(Directory searcher), we are able to connect to LDAP of domain1 and bind it, so that user is authenticated. Also, the user is able to be authenticated if the user has been migrated from domain1 to domain 2. However, if there is a user id directly created in domain 2, then application is not able to bind to Domain2 (during the LDAP authentication) and hence, this user is not being authenticated by the application. Please suggest the solution regarding the same.
<authentication mode="Windows" />
<identity impersonate="true" username="domain1\svc_acc" password="***" />
public bool ValidateUidPwdAndGetUserTypeGlobal(string TPXId, string password)
        {
 
            string strADPath = "LDAP://a.b.c/dc=a,dc=b,dc=c";
            try
            {
                DirectoryEntry objDirEntry = new DirectoryEntry(strADPath, TPXId, password);
                
                DirectorySearcher search = new DirectorySearcher(objDirEntry);
                search.Filter = "(samaccountname=" + TPXId + ")";
                SearchResult result = search.FindOne();
                if (null == result)
                {
                    return false;
                }
                else
                    return true;
            }
            catch (Exception ex)
            {
                return false;
            }
        }
Exception thrown during LDAP authentication: Unknown username or bad password.
Posted 11-Jan-13 0:53am
Edited 11-Jan-13 5:55am
v2

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

So it seems like all you are looking to do is authenticate a user against active directory correct? If so then this snippet will work
 
Method For AD Auth
using System.DirectoryServices;
 
public static bool IsAuthenticated(string ldap, string usr, string pwd)
{
    bool authenticated = false;
 
    try
    {
        DirectoryEntry entry = new DirectoryEntry(ldap, usr, pwd);
        object nativeObject = entry.NativeObject;
        authenticated = true;
    }
    catch (DirectoryServicesCOMException cex)
    {
        Console.WriteLine(cex);
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex);
    }
    return authenticated;
}
 
Then to do your scenario, if the user uses the first LDAP server (domain1) and it does not authenticate it would automatically try the second LDAP server (domain2) for authnetication. The first LDAP string is what you provided in your sample and then assuming the LDAP string for domain2 is different then just place that in the else if portion. This would then authenticate the user to the first server, fail, then auth to the second server and presumably pass if the user is valid.
 
bool returnAuth = false;
string returnServer = null;
 
if(IsAuthenticated("LDAP://a.b.c/dc=a,dc=b,dc=c", "domain2\user", "domain1pass"))
{
    returnAuth = true;
    returnServer = "Domain One Auth";
}
else if(IsAuthenticated("LDAP://a2.b2.c2/dc=a2,dc=b2,dc=c2", "domain2\user", "domain1pass"))
{
    returnAuth = true;
    returnServer = "Domain Two Auth";
}
  Permalink  
v3

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 480
1 Maciej Los 290
2 Richard MacCutchan 225
3 BillWoodruff 185
4 Suraj Sahoo | Coding Passion 155
0 OriginalGriff 8,764
1 Sergey Alexandrovich Kryukov 7,437
2 DamithSL 5,639
3 Maciej Los 5,279
4 Manas Bhardwaj 4,986


Advertise | Privacy | Mobile
Web02 | 2.8.1411028.1 | Last Updated 13 Jan 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100