Click here to Skip to main content
15,439,117 members
Please Sign up or sign in to vote.
4.00/5 (1 vote)
See more:
We have an web application developed using c#(VS 2008/3.5 framework). The application uses the mode of authentication as "Windows" with a service account present in domain (Domain1) to run the application as ASP.Net user. We have authentication to be done for the users present in different domain (Domain 2). When authentication is done using the directory services(Directory searcher), we are able to connect to LDAP of domain1 and bind it, so that user is authenticated. Also, the user is able to be authenticated if the user has been migrated from domain1 to domain 2. However, if there is a user id directly created in domain 2, then application is not able to bind to Domain2 (during the LDAP authentication) and hence, this user is not being authenticated by the application. Please suggest the solution regarding the same.
HTML
<authentication mode="Windows" />
<identity impersonate="true" username="domain1\svc_acc" password="***" />

C#
public bool ValidateUidPwdAndGetUserTypeGlobal(string TPXId, string password)
        {

            string strADPath = "LDAP://a.b.c/dc=a,dc=b,dc=c";
            try
            {
                DirectoryEntry objDirEntry = new DirectoryEntry(strADPath, TPXId, password);
                
                DirectorySearcher search = new DirectorySearcher(objDirEntry);
                search.Filter = "(samaccountname=" + TPXId + ")";
                SearchResult result = search.FindOne();
                if (null == result)
                {
                    return false;
                }
                else
                    return true;
            }
            catch (Exception ex)
            {
                return false;
            }
        }

Exception thrown during LDAP authentication: Unknown username or bad password.
Posted
Updated 7-Jun-19 4:04am
v2

1 solution

So it seems like all you are looking to do is authenticate a user against active directory correct? If so then this snippet will work

Method For AD Auth
C#
using System.DirectoryServices;

public static bool IsAuthenticated(string ldap, string usr, string pwd)
{
    bool authenticated = false;

    try
    {
        DirectoryEntry entry = new DirectoryEntry(ldap, usr, pwd);
        object nativeObject = entry.NativeObject;
        authenticated = true;
    }
    catch (DirectoryServicesCOMException cex)
    {
        Console.WriteLine(cex);
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex);
    }
    return authenticated;
}


Then to do your scenario, if the user uses the first LDAP server (domain1) and it does not authenticate it would automatically try the second LDAP server (domain2) for authnetication. The first LDAP string is what you provided in your sample and then assuming the LDAP string for domain2 is different then just place that in the else if portion. This would then authenticate the user to the first server, fail, then auth to the second server and presumably pass if the user is valid.

C#
bool returnAuth = false;
string returnServer = null;

if(IsAuthenticated("LDAP://a.b.c/dc=a,dc=b,dc=c", "domain2\user", "domain1pass"))
{
    returnAuth = true;
    returnServer = "Domain One Auth";
}
else if(IsAuthenticated("LDAP://a2.b2.c2/dc=a2,dc=b2,dc=c2", "domain2\user", "domain1pass"))
{
    returnAuth = true;
    returnServer = "Domain Two Auth";
}
 
Share this answer
 
v3
Comments
Mukund Thakker 7-Jun-19 10:04am     CRLF
Dear David, How do I pass domain server IP along with my domain name?
David_Wimbley 7-Jun-19 23:11pm     CRLF
If im understanding you correctly, you pass one or the other, not both. Ex: a domain of google.com maps to an IP address. Using DHCP, it will map the domain name to the IP. If you mean just the domain of the AD instance, that would be the "domain2" in the username.
Mukund Thakker 10-Jun-19 4:03am     CRLF
I want to provide functionality of login into application with multiple domain Active Directory. I am getting below error when I try to login (passing domain name, username, password) with domain which is not in default DNS, Exception :The server is not operational. Stack : at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_NativeObject() So I think domain is not found or may be it is not resolved to mapped IP address.
David_Wimbley 10-Jun-19 16:21pm    
Looks like the issue lies with your LDAP server, not your code. Need to take a look at your server or work with your sys admin.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900