Authentication against active directory

Discussion in 'ASP .Net Security' started by Jon Delano, Jul 22, 2004.

  1. Jon Delano

    Jon Delano Guest

    Hello

    I am developing a ASP.NET site (using VB).
    I found some code that allows me to authenticate the user trying to access
    the site against the active directory server for the company.

    What is happening is some users authenticate and others do not ... but they
    are all a part of the domain.
    The web server the site is running on is part of the domain (else no user
    would authenticate)

    Here is the code I use to authenticate the users :

    ' use the OLEDB provider to access the ADS Object, this allows for
    simple SQL Query for the user.
    Dim cn As New OleDb.OleDbConnection("provider=ADsDSOObject;User ID="
    & txtUserName.Text & ";Password=" & txtPassword.Text)
    Dim cmd As New OleDb.OleDbCommand("Select GivenName, sn from
    'LDAP://[domain is here]' where samAccountName='" & txtUserName.Text & "'",
    cn)
    Dim dtrdr As OleDb.OleDbDataReader

    Try
    cn.Open()

    dtrdr = cmd.ExecuteReader
    If dtrdr.Read = True Then
    ' user authenticated against active directory
    Session.Add("UserFirstName", dtrdr("GivenName"))
    Session.Add("UserLastName", dtrdr("sn"))
    UserIsPhysician()

    If Session("PhysicianID") = -1 Then Exit Sub

    Server.Transfer("patientlist.aspx")
    Else
    Label1.Text = "Unable to access user data."
    End If
    dtrdr.Close()

    Catch ex As Exception
    Dim exMsg As String
    If InStr(ex.Message, "PERMISSION") > 0 Then
    exMsg = ""
    Else
    exMsg = ex.Message
    End If
    Label1.Text = "Invalid Username or Password. " & exMsg
    End Try

    cmd = Nothing
    dtrdr = Nothing
    cn.Close()
    cn = Nothing

    I can't understand why some users will work fine and others just won't.

    If anyone can offer any ideas ... it would be greatly appreicated.

    Thank you
    Jon
     
    Jon Delano, Jul 22, 2004
    #1
    1. Advertising

  2. Have you considered using the classes in System.DirectoryServices for
    accessing AD in .NET? It is much more straightforward.

    Generally, when people authenticate users to AD using LDAP, they will do a
    bind to AD using the DirectoryEntry class. The code might look like this:

    'Imports System.DirectoryServices
    'Imports System.Runtime.InteropServices
    'Imports System.Globalization

    Public Function AuthenticateUser(ByVal userName As String, ByVal password
    As String, ByVal domain As String, ByVal server As String) As Boolean

    If userName Is Nothing OrElse userName.Length = 0 Then Throw New
    ArgumentNullException("userName")
    If password Is Nothing OrElse password.Length = 0 Then Throw New
    ArgumentNullException("password")
    If domain Is Nothing OrElse domain.Length = 0 Then Throw New
    ArgumentNullException("domain")
    If server Is Nothing OrElse server.Length = 0 Then Throw New
    ArgumentNullException("server")

    Dim ntLogonName As String
    Dim entry As DirectoryEntry

    ntLogonName = String.Format(CultureInfo.InvariantCulture,
    "{0}\{1}", domain, userName)


    entry = New DirectoryEntry( _
    String.Format( _
    CultureInfo.InvariantCulture, _
    "LDAP://{0}/rootDSE", server), _
    ntLogonName, _
    password, _
    AuthenticationTypes.Secure _
    )

    Try
    Dim bindTest As Object
    bindTest entry.NativeObject 'this forces the bind to AD
    Return True

    Catch ex As COMException
    If ex.ErrorCode = &H8007052E Then 'COM error code for "Bad
    username or password"
    Return False
    Else
    Throw 'if the problem wasn't bad credentials, then we there is
    something else wrong here
    End If
    Finally
    entry.Dispose()
    End Try

    End Function

    You need to add a reference to System.DirectoryServices as well.

    The DirectorySearcher class is also much more straightforward to use for
    searching AD.

    HTH,

    Joe K.
    "Jon Delano" <> wrote in message
    news:KLVLc.145291$JR4.109063@attbi_s54...
    > Hello
    >
    > I am developing a ASP.NET site (using VB).
    > I found some code that allows me to authenticate the user trying to access
    > the site against the active directory server for the company.
    >
    > What is happening is some users authenticate and others do not ... but

    they
    > are all a part of the domain.
    > The web server the site is running on is part of the domain (else no user
    > would authenticate)
    >
    > Here is the code I use to authenticate the users :
    >
    > ' use the OLEDB provider to access the ADS Object, this allows for
    > simple SQL Query for the user.
    > Dim cn As New OleDb.OleDbConnection("provider=ADsDSOObject;User

    ID="
    > & txtUserName.Text & ";Password=" & txtPassword.Text)
    > Dim cmd As New OleDb.OleDbCommand("Select GivenName, sn from
    > 'LDAP://[domain is here]' where samAccountName='" & txtUserName.Text &

    "'",
    > cn)
    > Dim dtrdr As OleDb.OleDbDataReader
    >
    > Try
    > cn.Open()
    >
    > dtrdr = cmd.ExecuteReader
    > If dtrdr.Read = True Then
    > ' user authenticated against active directory
    > Session.Add("UserFirstName", dtrdr("GivenName"))
    > Session.Add("UserLastName", dtrdr("sn"))
    > UserIsPhysician()
    >
    > If Session("PhysicianID") = -1 Then Exit Sub
    >
    > Server.Transfer("patientlist.aspx")
    > Else
    > Label1.Text = "Unable to access user data."
    > End If
    > dtrdr.Close()
    >
    > Catch ex As Exception
    > Dim exMsg As String
    > If InStr(ex.Message, "PERMISSION") > 0 Then
    > exMsg = ""
    > Else
    > exMsg = ex.Message
    > End If
    > Label1.Text = "Invalid Username or Password. " & exMsg
    > End Try
    >
    > cmd = Nothing
    > dtrdr = Nothing
    > cn.Close()
    > cn = Nothing
    >
    > I can't understand why some users will work fine and others just won't.
    >
    > If anyone can offer any ideas ... it would be greatly appreicated.
    >
    > Thank you
    > Jon
    >
    >
     
    Joe Kaplan \(MVP - ADSI\), Jul 25, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul East
    Replies:
    3
    Views:
    323
    Beginner
    Mar 2, 2004
  2. Patrick
    Replies:
    1
    Views:
    476
    Paul Glavich [MVP - ASP.NET]
    Sep 2, 2004
  3. Ruggiero, Vince
    Replies:
    0
    Views:
    769
    Ruggiero, Vince
    Dec 14, 2009
  4. Ruggiero, Vince
    Replies:
    0
    Views:
    918
    Ruggiero, Vince
    Dec 14, 2009
  5. James Yang
    Replies:
    3
    Views:
    147
    James Yang
    Aug 23, 2007
Loading...

Share This Page