Michael,
Here's some test code, it's gonna be very similar to the code in the article
I mentioned in my first post, with some tweaks.
Here's the bulk of my LDAPAuthentication class. I excluded the GetGroups
method, and also put in comments, the values of some stuff I'm pulling out
of web.config.
#region Constructor
#region LDAPAuthentication
public LDAPAuthentication() {}
#endregion
#region LDAPAuthentication(string path)
public LDAPAuthentication(string path) { _path = path; }
#endregion
#endregion
private string _path;
private string _filterattribute;
#region bool IsAuthenticated
public bool IsAuthenticated(
string Domain,
string UserName,
string Password)
{
// Credentials should be in the form Domain\UserName
string DomainUserName = Domain + @"\" + UserName;
// Create an Active Directory object
DirectoryEntry oDE = new DirectoryEntry(
_path, // LDAP://ELRW.com/DC=ELRW,DC=com
DomainUserName, // User
Password, // Password
AuthenticationTypes.Secure); // Authentication Type
try
{
// Get the native ADSI object
Object oNativeObject = oDE.NativeObject;
// Perform query against Active Directory
DirectorySearcher oDS = new DirectorySearcher(oDE);
// Set LDAP filter string
oDS.Filter = "(SAMAccountName=" + UserName + ")";
// Set the Properties retrieved during the search
oDS.PropertiesToLoad.Add("cn");
// Execute the search and only return the first entry
SearchResult oSR = oDS.FindOne();
// Check if any search results came back
if (null == oSR) return false;
// Set _path to the path of the search results
_path = oSR.Path;
// Set _filterattribute to the properties retrieved during the search
_filterattribute = (string)oSR.Properties["cn"][0];
}
catch (Exception)
{
return false;
}
return true;
}
#endregion
Here's the method in my Login page which called the IsAuthenticated method
of LDAPAuthentication
#region LoginUser
private void LoginUser()
{
// Retrieve LDAP Connect String and Domain Name
// LDAP://ELRW.com/DC=ELRW,DC=com
string sADPath =
ConfigurationSettings.AppSettings["LDAPConnectString"].ToString();
// ELRW
string sDomain =
ConfigurationSettings.AppSettings["DomainName"].ToString();
// Instance of LdapAuthentication class
LDAPAuthentication oLdapAuth = new LDAPAuthentication(sADPath);
try
{
if (true == oLdapAuth.IsAuthenticated(sDomain, txtUserName.Value.Trim(),
txtPassword.Value.Trim()))
{
// Retrieve a list of AD Groups the User is a Member of
string sGroups = oLdapAuth.GetGroups();
// Create the User's FormsAuthenticationTicket
FormsAuthenticationTicket oAuthTicket = new FormsAuthenticationTicket(
1, // Version
txtUserName.Value.Trim(), // Name
DateTime.Now, // Date Issued
DateTime.Now.AddHours(8), // Expiration Date --> 8 Hours
true, // Persistence
sGroups); // UserData --> Group Membership
// Encrypt the FormsAuthenticationTicket
string sTicket = FormsAuthentication.Encrypt(oAuthTicket);
// Create the auth cookie for the User
HttpCookie oCookie = new
HttpCookie(FormsAuthentication.FormsCookieName, sTicket);
oCookie.Expires = DateTime.Now.AddHours(8);
// Add the cookie to the collection
Response.Cookies.Add(oCookie);
// Create User Sessions
CreateUserSessions(txtUserName.Value.Trim());
// Redirect the User
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Value.Trim(
), false));
}
else
{
divLoginError.Visible = true;
lblLogin.Text = "* Sorry, you entered incorrect login credentials,
please try again. *";
}
}
catch (Exception ex)
{
throw (ex);
}
}
#endregion
When I was testing trying to authenticate with mixed mode, I removed the
code that was adding the domain + "\" to my username.
I stuck a regex validator on my login screen to make sure the username came
in the format (e-mail address removed),
so, the new DirectoryEntry line woulda looked like this:
DirectoryEntry oDE = new DirectoryEntry(
LDAP://ELRW.com/DC=ELRW,DC=com,
(e-mail address removed)
"mypassword",
AuthenticationTypes.Secure);
Thanks for your help!!
