0

I am creating this project to be deployed in our company's intranet. I am using this code to authenticate the users login:

entry.Username = strUserName;
entry.Password = strPassword;

DirectorySearcher searcher = new DirectorySearcher(entry);
searcher.Filter = "(objectclass=user)";
try
{
    searcher.FindOne();
    return true;
}

It working well on my localhost, but when I deployed it the intranet, I can't log in.

Now my question is, can I access the Directory over the intranet? or is there a better way to achieve this?

Microsoft DN
  • 9,706
  • 10
  • 51
  • 71
CodeMeCodeYou
  • 31
  • 8
  • Check this post: http://stackoverflow.com/questions/290548/validate-a-username-and-password-against-active-directory – Daniel Nachtrub Jul 18 '13 at 05:52
  • Side note: Consider using normal Windows authentication if possible instead of manually dealing with passwords. Handling plain text passwords securely is hard and if your company would have security code reviewers plain text passwords may make deployment of your code much harder. – Alexei Levenkov Jul 18 '13 at 06:00
  • @AlexeiLevenkov However, the passwords are being dealt on the server side. Also using secure transport layer augments security. I don't think Windows Authentication is feasible when you want to port from Intranet over to the Internet. Plus other alternatives are also available like Windows Forms Authentication. – Jay Patel Jul 18 '13 at 06:07
  • @Daniel Nachtrub: What should i put in the LDAP path? im sorry im just a newbie at this.. – CodeMeCodeYou Jul 18 '13 at 06:10
  • Just the Name of your active Directory Domain (e.g. "mydomain.local") – Daniel Nachtrub Jul 18 '13 at 06:46
  • Its WORKING! :) atleast in my local..but when it comes to the intranet it throws this error "The authentication mechanism is unknown".... – CodeMeCodeYou Jul 18 '13 at 06:59

2 Answers2

1

A simpler method would be to use System.DirectoryServices and System.DirectoryServices.AccountManagement

Use this in a function returning Boolean:

Dim context As PrincipalContext = New PrincipalContext(ContextType.Domain, domainName)
If context.ValidateCredentials(userAlias, userPassword, ContextOptions.Negotiate) Then
    Return True
Else
    Return False
End If

The snippet is in VB, but you get the idea. Replace domainName with your domain name, userAlias with your username, and userPassword with your password.

Abhitalks
  • 27,721
  • 5
  • 58
  • 81
  • Thanks for the answer @abhitalnks :) but sad to say im using an older version of VS it doesn't recognize the .AccountManagement – CodeMeCodeYou Jul 18 '13 at 06:31
  • Yes, .NetFx 3.5 required. You will have to add a reference before `using System.DirectoryServices.AccountManagement`. – Abhitalks Jul 18 '13 at 06:34
  • @CodeMeCodeYou As an afterthought: (1) Are you sure you are using `entry.AuthenticationType = DirectoryServices.AuthenticationTypes.Secure` in your code before specifying username/password? (2) Did you try prepending the domain name before the username, like thor\username ? – Abhitalks Jul 18 '13 at 13:11
0

This worked great for me in the past:

var ldapConnectionString = "LDAP://servername/CN=Users,DC=domainname,DC=com";

using (var de = new DirectoryEntry(ldapConnectionString, username, password, AuthenticationTypes.Secure))
{
    if(de.NativeObject != null)
    {
        // user is valid ...
    }
}

You need a reference to: System.DirectoryServices

Dimitar Dimitrov
  • 14,868
  • 8
  • 51
  • 79