FormsAuthentication using windows

[Fredrik Elestedt]

Hi,

I've been trying to use FormsAuthentication agains windows users and
groups - not Active Directory.
I couldn't find any articles on this directly, not to say that there aren't
any out there, if you know of one - please let me know.
Anyways - the problem I'm having is that only Administrators can logon,
probably since they're the only ones allowed to open users and groups (even
their own user account).
The code I've used is as follows:

private SortedList ListMembersInGroup() {
string dirPath = ConfigurationSettings.AppSettings["ADGroupRoot"];
SortedList userList = new SortedList();
using (DirectoryEntry _groupEntry = new DirectoryEntry(dirPath, {working
user}, {working pass})) {
IADsGroup gr = _groupEntry.NativeObject as IADsGroup;
IADsMembers MembersCollection = gr.Members();
MembersCollection.Filter = new object[] {"user"};
foreach (IADsUser member in MembersCollection) {
DirectoryEntry _user = new DirectoryEntry(member.ADsPath, {working user},
{working pass});
userList.Add(_user.Name, _user.Properties);
}
}
return userList;
}

public bool IsAuthenticated(string username, string pwd) {
string pathAndUserName = ConfigurationSettings.AppSettings["ADUserRoot"]
.Replace("%USERNAME%", username);
using (DirectoryEntry entry = new DirectoryEntry(pathAndUserName, username,
pwd)) {
try {
// Here I get an Unknown exception when the user is not an
administrator...
Object obj = entry.NativeObject;
} catch { return false; }
if (!entry.Path.Equals(pathAndUserName))
return false;
}
return this.ListMembersInGroup().ContainsKey(username);
}

Where
ConfigurationSettings.AppSettings["ADGroupRoot"]="WinNT://ELESTEDT/server/{group}"
ConfigurationSettings.AppSettings["ADUserRoot"]="WinNT://ELESTEDT/server/%USERNAME%"
{working user} is a Administrator account,
{working pass} is the password to the Administrator account,
{group} is the group users have to be in to be allowed to logon.

Any help is appriciated...

 

[Guest]

The first option that comes to mind is using Enterprise Services (ie, COM+)
for the authentication and setting the user of the application to a
priveleged acount that can run the user check). The web app is then divorced
from the authentication process, allowing it more authority to do the check.
Giving the web app more priveges (not easy) is not a good option, however.
---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

 

[Fredrik Elestedt]

Well then,

I can see only one way out - SQL auth.
Thanks anyway.

// Fredrik

The first option that comes to mind is using Enterprise Services (ie,
COM+)
for the authentication and setting the user of the application to a
priveleged acount that can run the user check). The web app is then
divorced
from the authentication process, allowing it more authority to do the
check.
Giving the web app more priveges (not easy) is not a good option, however.
---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

Hi,

I've been trying to use FormsAuthentication agains windows users and
groups - not Active Directory.
I couldn't find any articles on this directly, not to say that there
aren't
any out there, if you know of one - please let me know.
Anyways - the problem I'm having is that only Administrators can logon,
probably since they're the only ones allowed to open users and groups
(even
their own user account).
The code I've used is as follows:

private SortedList ListMembersInGroup() {
string dirPath = ConfigurationSettings.AppSettings["ADGroupRoot"];
SortedList userList = new SortedList();
using (DirectoryEntry _groupEntry = new DirectoryEntry(dirPath, {working
user}, {working pass})) {
IADsGroup gr = _groupEntry.NativeObject as IADsGroup;
IADsMembers MembersCollection = gr.Members();
MembersCollection.Filter = new object[] {"user"};
foreach (IADsUser member in MembersCollection) {
DirectoryEntry _user = new DirectoryEntry(member.ADsPath, {working
user},
{working pass});
userList.Add(_user.Name, _user.Properties);
}
}
return userList;
}

public bool IsAuthenticated(string username, string pwd) {
string pathAndUserName = ConfigurationSettings.AppSettings["ADUserRoot"]
.Replace("%USERNAME%", username);
using (DirectoryEntry entry = new DirectoryEntry(pathAndUserName,
username,
pwd)) {
try {
// Here I get an Unknown exception when the user is not an
administrator...
Object obj = entry.NativeObject;
} catch { return false; }
if (!entry.Path.Equals(pathAndUserName))
return false;
}
return this.ListMembersInGroup().ContainsKey(username);
}

Where
ConfigurationSettings.AppSettings["ADGroupRoot"]="WinNT://ELESTEDT/server/{group}"
ConfigurationSettings.AppSettings["ADUserRoot"]="WinNT://ELESTEDT/server/%USERNAME%"
{working user} is a Administrator account,
{working pass} is the password to the Administrator account,
{group} is the group users have to be in to be allowed to logon.

Any help is appriciated...

 

[Patrick Olurotimi Ige]

Fredrik Elestedt,
Why don't u use Windows Auth against Active Directory..Looking at
the code u posted ..i figured u were using NT provider against Active
Directory!
** Forms Auth also couls be considered against A.Directory..
Hope this helps..
Patrick