Authentication against active directory

J

Jon Delano

Hello

I am developing a ASP.NET site (using VB).
I found some code that allows me to authenticate the user trying to access
the site against the active directory server for the company.

What is happening is some users authenticate and others do not ... but they
are all a part of the domain.
The web server the site is running on is part of the domain (else no user
would authenticate)

Here is the code I use to authenticate the users :

' use the OLEDB provider to access the ADS Object, this allows for
simple SQL Query for the user.
Dim cn As New OleDb.OleDbConnection("provider=ADsDSOObject;User ID="
& txtUserName.Text & ";Password=" & txtPassword.Text)
Dim cmd As New OleDb.OleDbCommand("Select GivenName, sn from
'LDAP://[domain is here]' where samAccountName='" & txtUserName.Text & "'",
cn)
Dim dtrdr As OleDb.OleDbDataReader

Try
cn.Open()

dtrdr = cmd.ExecuteReader
If dtrdr.Read = True Then
' user authenticated against active directory
Session.Add("UserFirstName", dtrdr("GivenName"))
Session.Add("UserLastName", dtrdr("sn"))
UserIsPhysician()

If Session("PhysicianID") = -1 Then Exit Sub

Server.Transfer("patientlist.aspx")
Else
Label1.Text = "Unable to access user data."
End If
dtrdr.Close()

Catch ex As Exception
Dim exMsg As String
If InStr(ex.Message, "PERMISSION") > 0 Then
exMsg = ""
Else
exMsg = ex.Message
End If
Label1.Text = "Invalid Username or Password. " & exMsg
End Try

cmd = Nothing
dtrdr = Nothing
cn.Close()
cn = Nothing

I can't understand why some users will work fine and others just won't.

If anyone can offer any ideas ... it would be greatly appreicated.

Thank you
Jon
 
J

Joe Kaplan \(MVP - ADSI\)

Have you considered using the classes in System.DirectoryServices for
accessing AD in .NET? It is much more straightforward.

Generally, when people authenticate users to AD using LDAP, they will do a
bind to AD using the DirectoryEntry class. The code might look like this:

'Imports System.DirectoryServices
'Imports System.Runtime.InteropServices
'Imports System.Globalization

Public Function AuthenticateUser(ByVal userName As String, ByVal password
As String, ByVal domain As String, ByVal server As String) As Boolean

If userName Is Nothing OrElse userName.Length = 0 Then Throw New
ArgumentNullException("userName")
If password Is Nothing OrElse password.Length = 0 Then Throw New
ArgumentNullException("password")
If domain Is Nothing OrElse domain.Length = 0 Then Throw New
ArgumentNullException("domain")
If server Is Nothing OrElse server.Length = 0 Then Throw New
ArgumentNullException("server")

Dim ntLogonName As String
Dim entry As DirectoryEntry

ntLogonName = String.Format(CultureInfo.InvariantCulture,
"{0}\{1}", domain, userName)


entry = New DirectoryEntry( _
String.Format( _
CultureInfo.InvariantCulture, _
"LDAP://{0}/rootDSE", server), _
ntLogonName, _
password, _
AuthenticationTypes.Secure _
)

Try
Dim bindTest As Object
bindTest entry.NativeObject 'this forces the bind to AD
Return True

Catch ex As COMException
If ex.ErrorCode = &H8007052E Then 'COM error code for "Bad
username or password"
Return False
Else
Throw 'if the problem wasn't bad credentials, then we there is
something else wrong here
End If
Finally
entry.Dispose()
End Try

End Function

You need to add a reference to System.DirectoryServices as well.

The DirectorySearcher class is also much more straightforward to use for
searching AD.

HTH,

Joe K.
Jon Delano said:
Hello

I am developing a ASP.NET site (using VB).
I found some code that allows me to authenticate the user trying to access
the site against the active directory server for the company.

What is happening is some users authenticate and others do not ... but they
are all a part of the domain.
The web server the site is running on is part of the domain (else no user
would authenticate)

Here is the code I use to authenticate the users :

' use the OLEDB provider to access the ADS Object, this allows for
simple SQL Query for the user.
Dim cn As New OleDb.OleDbConnection("provider=ADsDSOObject;User ID="
& txtUserName.Text & ";Password=" & txtPassword.Text)
Dim cmd As New OleDb.OleDbCommand("Select GivenName, sn from
'LDAP://[domain is here]' where samAccountName='" & txtUserName.Text & "'",
cn)
Dim dtrdr As OleDb.OleDbDataReader

Try
cn.Open()

dtrdr = cmd.ExecuteReader
If dtrdr.Read = True Then
' user authenticated against active directory
Session.Add("UserFirstName", dtrdr("GivenName"))
Session.Add("UserLastName", dtrdr("sn"))
UserIsPhysician()

If Session("PhysicianID") = -1 Then Exit Sub

Server.Transfer("patientlist.aspx")
Else
Label1.Text = "Unable to access user data."
End If
dtrdr.Close()

Catch ex As Exception
Dim exMsg As String
If InStr(ex.Message, "PERMISSION") > 0 Then
exMsg = ""
Else
exMsg = ex.Message
End If
Label1.Text = "Invalid Username or Password. " & exMsg
End Try

cmd = Nothing
dtrdr = Nothing
cn.Close()
cn = Nothing

I can't understand why some users will work fine and others just won't.

If anyone can offer any ideas ... it would be greatly appreicated.

Thank you
Jon
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Authenticate against Active Directory 4
authentication and active directory 0
Forms Authentication against ADAM 2
Active Directory SSL 1
Active Directory Authentication in IIS 6 7
active directory authentication using ldap 1
Web Application Authentication - Active Directory and SQL 1
Problems when authenticating against the Active Directory using Forms Authentication and Visual Basi 3

Members online

Total: 19 (members: 2, guests: 17)
Robots: 211

Forum statistics

Threads
473,764
Messages
2,569,566
Members
45,041
Latest member
RomeoFarnh

Latest Threads

Top