Click here to Skip to main content
15,867,308 members
Articles / Programming Languages / C#
Article

Authentication against Active Directory and Edirectory via LDAP

Rate me:
Please Sign up or sign in to vote.
4.67/5 (41 votes)
27 Jan 20045 min read 349.7K   5.8K   97   81
An article on authenticating user against Active Directory and Edirectory

Contents

Image 1

Figure 1.0 - This is the main window where users login.

Introduction

This article covers HOW-TO authenticate against Microsoft Active Directory and Novell Edirectory via LDAP.

Go to Contents

Background

It is not easy to find an article that talks about how to authenticate users against both MS Active Directory and Novell Edirectory via LDAP. In short, LDAP stands for Lightweight Directory Access Protocol. It is a subset of Directory Access Protocol or DAP. University of Michigan developed it because DAP took up a lot of resources. Anyways, this article goes through all of the necessary steps to start authenticating users against both directory services.

Go to Contents

Functionality Supported

  • Authentication against MS Active Directory
  • Authentication against Novell E-Directory
Go to Contents

Requirements

  • A Server running Active Directory
  • A Server running Edirectory
  • Familiarity with LDAP and how entities are addressed
Go to Contents

Optional Tool

  • Adsvw.exe by Microsoft - This utility allows user to browse LDAP directory. It comes as part of ADSI SDK or as part of support tools in advanced server. It is very helpful when users are trying to find how entities should be referenced. Here is a little tip. If the user was to use it to browse active directory, then make sure Secure Connection is checked. When it comes to Edirectory the check should be on Use Encryp option.
Go to Contents

Using the code

First, add a reference to System.DirectoryServices by going to Project -> Add Reference. When this is done the dialog box as shown by figure 2.0 should display. Under .NET tab click on System.DirectoryServices.dll and click Select. Then click on OK to get back to the project.

Image 2

Figure 2.0 - This is the dialog where user selects the reference.

In this solution, there is a class namely Authenticate. It is contained inside the file called Authenticate.cs. You should add it to your project or copy and paste the class from The Code section. Create a new instance of Authenticate and assign it to aAuthent. Several values needed to be initialized before doing the actual login.

C#
Authenticate aAuthent = new Authenticate();

I'll be referring to various widgets from this point. There are 3 text edit and 2 radio button widgets you need to worry about. Please map the direction appropriately in your workspace. Set the Domain name to the value held by txtDomain widget by invoking SetDomain. This is where user entered IP address (i.e. 10.x.x.x) or host name (i.e. mydomain.com) of the target server. Note, that all but one Set/Modifier methods in this class returns boolean. It just indicates whether it modified the variable successfully or not. This may be against the convention, but, checking the argument inside the function was much more favorable to me instead of duplicating the effort elsewhere.

C#
if (!(aAuthent.SetDomain(this.txtDomain.Text)))
{
    // error message here
}

Then, invoke SetUser function to take in the value of text widget txtUser. This is where user name is supplied.

C#
if (!(aAuthent.SetUser(this.txtUser.Text)))
{
    // error message here
}


After that, call SetPass function to pass the value of txtPassword. This is where user password is supplied.

C#
if (!(aAuthent.SetPass(this.txtPassword.Text)))
{
    // error message here
}


Next, check which directory this user desires to authenticate against. In this solution, there are two radio buttons namely rbtnED and rbtnAD. If the former is checked then invoke SetAuthenticationType with the argument set to true. This will tell the Authenticate class to use Secure Socket Layer or SSL. Edirectory uses ssl protocol to perform authentication task. In the latter case, the boolean value false would instruct the class to use Secure. Active Directory utilizes the secure method. The internal of those communication protocols or methods are outside the scope of this article. Therefore, I will skip them.

C#
if (this.rbtnED.Checked)
  aAuthent.SetAuthenticationType(true);r>
else if (this.rbtnAD.Checked)
  aAuthent.SetAuthenticationType(false);

Finally, the Login function inside this class should be invoked. It handles everything from this point. On success, it will welcome the user; other wise display failure message.

C#
aAuthent.Login(); 
Go to Contents

The Code

C#
/// <summary>
/// This class performs user authentication against Active Directory and
/// Novell Edirectory.
/// </summary>
public class Authenticate
{
  /// <summary>
  /// string specifying user name
  /// </summary>
  private string strUser;

  /// <summary>
  /// string specifying user password
  /// </summary>
  private string strPass;

  /// <summary>
  /// string specifying user domain
  /// </summary>
  private string strDomain;

  /// <summary>
  /// AuthenticationTypes specifying the security
  /// protocol to use, i.e. Secure, SSL
  /// </summary>
  private AuthenticationTypes atAuthentType;

  /// <summary>
  /// default constructor
  /// </summary>
  public Authenticate()
  {
  }

  /// <summary>
  /// function that sets the domain name
  /// </summary>
  /// <param name="strValue"></param>
  /// <returns>It returns true, if user passed
  ///            something; otherwise, false </returns>
  public bool SetDomain(string strValue)
  {
    if (strValue.Length <= 0)
      return false;

    this.strDomain = "LDAP://" + strValue;
    return true;
  }

  /// <summary>
  /// function that sets user name
  /// </summary>
  /// <param name="strValue"></param>
  /// <returns>It returns true, if user passed
  ///          something; otherwise, false </returns>
  public bool SetUser(string strValue)
  {
    if (strValue.Length <= 0)
      return false;

    this.strUser = strValue;
    return true;
  }

  /// <summary>
  /// function that sets user password
  /// </summary>
  /// <param name="strValue"></param>
  /// <returns>It returns true, if user passed
  ///          something; otherwise, false </returns>
  public bool SetPass(string strValue)
  {
    if (strValue.Length <= 0)
      return false;

    this.strPass = strValue;
    return true;
  }

  /// <summary>
  /// function that sets user authentication type
  /// </summary>
  /// <param name="bValue"></param>
  public void SetAuthenticationType(bool bValue)
  {
    // set ssl to true if true is found
    if (bValue)
      atAuthentType = AuthenticationTypes.SecureSocketsLayer;
    // otherwise set it to secure
    else
      atAuthentType = AuthenticationTypes.Secure;
  }

  /// <summary>
  /// function that performs login task
  /// and welcomes user if they are verified
  /// </summary>
  public void Login()
  {
    // now create the directory entry to establish connection
    using(DirectoryEntry deDirEntry = new DirectoryEntry(this.strDomain,
                                                         this.strUser,
                                                         this.strPass,
                                                         this.atAuthentType))

    {
      // if user is verified then it will welcome them
      try
      {
        MessageBox.Show("Welcome to '" + deDirEntry.Name + "'");

        // TODO: add your specific tasks here
      }
      catch (Exception exp)
      {
        MessageBox.Show("Sorry, unable to verify your information");
      }
    }

  }
}

Go to Contents

Points of Interest

One thing that was problematic was the way addressing worked. In Active Directory, users are allowed to pass in their name without utilizing the distinguished name format. If they were to try the same trick against Edirectory then it would fail right away.

Go to Contents

HOW-TO use this Demo

Authenticating against Edirectory

First, enter the user name. This is something the user needs to find out before proceeding with the next step. Use the ADSVW utility that was recommended to find out how the current user should be addressed. In this example, cn=userA,ou=rajibOU,o=rajibContext means there is an individual named userA belonging to organization unit rajibOU attempting to log in to the resources under rajibContext.

Image 3

Figure 3.0 - User enters the distinguished name.

Second, enter the password for this particular user.

Image 4

Figure 3.1 - User enters the password.

Third, enter the domain name or IP address that is applicable.

Image 5

Figure 3.2 - User enters the IP address of the target server.

Fourth, choose either Active Directory or Edirectory.

Image 6

Figure 3.2 - User selects the directory service.

Finally, click Login and it should produce the output as shown in figure 3.4.

Image 7

Figure 3.4 - Show the outcome of user login attempt.

Authenticating against Active Directory

First, enter the user name.

Image 8

Figure 3.5 - User enters the distinguished name.

Second, enter the password for this particular user.

Image 9

Figure 3.6 - User enters the password.

Third, enter the domain name or IP address that is applicable.

Image 10

Figure 3.7 - User enters the IP address of the target server.

Fourth, choose Active Directory.

Image 11

Figure 3.8 - User selects the directory service.

Finally, click Login and it should produce the output as shown in figure 3.9.

Image 12

Figure 3.9 - Shows the outcome of user login attempt.

Go to Contents

Conclusion

Well, this is my second article. I hope you found it useful and intuitive enough.

Go to Contents

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


Written By
Architect
United States United States
Over the course of his 16+year career, Rajib Bahar has been a creative problem solver, finding innovative solutions to clients’ data questions, issues and challenges. He works primarily in Business Intelligence, and Data analytics practice with experience in BigData, DataScience, & Cloud computing environments. His career initially started in the unix world submitting perl and fortran jobs to super-computers back in 2000. This was before Big Data and distributed computing got Big. Later on, he moved on to .NET application development roles, and worked with variety of Database systems such as MS Sql Server, MySQL, PostgresSQL, DB2, & Oracle. Around 2008, he started working in Business Intelligence and/or Datawarehousing practice utilizing both Ralph Kimball and Inmon methodologies. Currently, he is working in Big Data platforms and connecting it with SQL Server 2016, R, Python, and building POCs on Data Science for BI projects. He also enjoys working with visualization tools such as Power BI, Tablue, and QlikView. His recent venture in the Data world includes a podcast on BigData, Data Science, DBMS, analytics, and cloud computing. The podcast is also syndicated across iTunes and YouTube. The link to podcast is http://www.soundcloud.com/data-podcast.

He has also served as a Board of Members of directors at KFAI radio, PASSMN, and various other non-profits. His expertise in data have led to savings at KFAI radio on expensive software license costs, reduced paper expense via online voting. Currently, he spends time contributing to the Data Visualization challenge the station faces.

Feel free to connect with Rajib @rajib2k5 or linkedin.com/in/rajibb

Comments and Discussions

 
GeneralRe: Excellent Work Pin
Rajib Bahar18-Feb-04 14:27
Rajib Bahar18-Feb-04 14:27 
GeneralI can't run the demo project Pin
Hossein728-Aug-04 23:07
Hossein728-Aug-04 23:07 
GeneralRe: I can't run the demo project Pin
Anonymous29-Aug-04 8:22
Anonymous29-Aug-04 8:22 
GeneralI want to login but... Pin
Hossein711-Sep-04 23:38
Hossein711-Sep-04 23:38 
QuestionAuthenticating not the same as logging in? Pin
Cyndi17-Feb-04 10:18
Cyndi17-Feb-04 10:18 
AnswerRe: Authenticating not the same as logging in? Pin
Rajib Bahar18-Feb-04 14:26
Rajib Bahar18-Feb-04 14:26 
Questionhow about integrated windows security? Pin
Oleksandr Kucherenko2-Feb-04 21:41
Oleksandr Kucherenko2-Feb-04 21:41 
AnswerRe: how about integrated windows security? Pin
Rajib Bahar3-Feb-04 3:34
Rajib Bahar3-Feb-04 3:34 
AnswerRe: how about integrated windows security? Pin
Bo Friis11-Sep-05 20:12
sussBo Friis11-Sep-05 20:12 
GeneralLooks pretty good Pin
Matt Newman29-Jan-04 9:20
Matt Newman29-Jan-04 9:20 
GeneralRe: Looks pretty good Pin
Rajib Bahar29-Jan-04 9:33
Rajib Bahar29-Jan-04 9:33 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.