Click here to Skip to main content
13,260,108 members (46,270 online)
Rate this:
Please Sign up or sign in to vote.
See more:
I have a directory in structure like

Now their is username and password for system. CN 'mayank' has password also.
Now I have to authenticate 'mayank' by checking username and password.

I am creating a directoryentry object with domain of system and its username and password. Used a search filter to get mayank and then access its password to validate but its not working.
Posted 13-Aug-12 4:52am
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

After "creating a directoryentry object with domain of system and its username and password", you call its NativeEntry property:
object o = directoryentry.NativeObject;

An exception will be raised in case of a wrong password.
mayankkarki 14-Aug-12 8:39am
But system and cn='mayank' have different password.If I create directory entry object with password of cn I didn't get authenticate.I have to check that the password use entered is correct and match with user's password in ldap.
Bernhard Hiller 14-Aug-12 8:49am
oh dear, that phrase "domain of system" was so misleading - I thought of the domain controller of your network, i.e. the server.
Of course, your DirectoryEntry object has to be created with the "samaccountname" of the user and the password!
mayankkarki 14-Aug-12 8:57am
I am coding like this,
DirectoryEntry dEntry=new DirectoryEntry("ldap://localhost:389/cn=mayank,ou=valeteck,ou=system","cn=mayank","password");
But I didn't get any native object.
mayankkarki 16-Aug-12 3:06am
I tried using this,
DirectoryEntry dEntry=new DirectoryEntry("ldap://localhost:389/cn=mayank,ou=valeteck,ou=system","cn=mayank","password");
Not get any result.
but if I provide username and password of system I get object but the question is same how to check userPassword property beacuse the value it return in hashed format.
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

Dear mayankkarki,

I have same requirement to authenticate with LDAP Password. But I used different class instead of DirectoryEntry since it is not working (ie I have authenticate against Lotus Notes LDAP). I used different class(NetworkCredential, LdapConnection ,SearchRequest, SearchResponse and SearchResultEntryCollection) and able to get list of user but I don't know authentication.

If u solved kindly guide me.

Let me also know if I use directry entry class, it through error like protocol error etc.
Rate this: bad
Please Sign up or sign in to vote.

Solution 3

If I'm reading your question correctly, you have a Windows network login and a password, and you want to validate the user. Do you have to use LDAP?

This is what we use:
    Public Function ValidateWindowsCredentials(ByVal UserId As String, _
    ByVal Password As String) As Boolean
        Dim Result As Boolean = False
            Dim PC As New PrincipalContext(ContextType.Domain, "OurDomain")
            'This is done twice: sometimes, the first check fails.
            Result = PC.ValidateCredentials(UserId, Password, ContextOptions.Negotiate)
            Result = PC.ValidateCredentials(UserId, Password, ContextOptions.Negotiate)
        Catch ex As Exception
            Throw ex
        End Try
        Return Result
    End Function

My apologies for it being in VB, but you should be able to translate this to C# easily enough. PrincipalContext is part of the System.DirectoryServices.AccountManagement namespace, which was added to the 3.5 Framework (Visual Studio 2008) and, in my experience, it is significantly faster than older technique of trying to change the password to itself.

As far as obtaining a password from a user id, you cannot: the property is write-only. This is by design, to prevent a malicious user from writing code that could harvest network passwords out of the AD data store.
Rate this: bad
Please Sign up or sign in to vote.

Solution 4

I am describing the way I used to connect and authenticate user in ldap. I have to connect over SSL and I am getting some problem with DirectoryEntry So I used LdapConnection class.
LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier("", 636));
connection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback((con, cer) => true);
connection.SessionOptions.ProtocolVersion = 3;        
connection.AuthType = AuthType.Basic;       
connection.SessionOptions.SecureSocketLayer = true;
connection.Timeout = new TimeSpan(0, 0, 10);   
connection.Credential = new NetworkCredential(username, password);
using (connection){}

If this doesn't throw error then user is authorised otherwise not. Now you have to be careful with username you provide.It must be user full domain name.
Let me know if anybody needs help.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy |
Web03 | 2.8.171114.1 | Last Updated 14 Dec 2012
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100