Authenticate users against an active directory service?? 
Author Message
 Authenticate users against an active directory service??

Hi All:

I'm trying to authenticate users who login to my system against an active
directory. I'm trying to do this via both vb.net and asp.net. The code I'm
using is as follows:

Dim dirEntry As DirectoryServices.DirectoryEntry
Dim dirSearcher As DirectoryServices.DirectorySearcher
Dim de As DirectoryServices.DirectoryEntry
Dim ds As DirectoryServices.DirectorySearcher
Dim fullname As String

Try

'de = New DirectoryServices.DirectoryEntry("LDAP://" & txtDomain.Text,
strLogin, strPwd)

de = New
a
ny.com, ou=Tech,o=company.com")

ds = New DirectoryServices.DirectorySearcher(de)
'ds.Filter = "(samAccountName=" & strLogin & ")"

'if we want more user properties we can add those here so that they get
picked up
'when we query the AD

ds.PropertiesToLoad.Add("mail")
ds.PropertiesToLoad.Add("givenName")

' Fill container
Dim sr As DirectoryServices.SearchResult
sr = ds.FindOne()
fullname = CType(sr.Properties("givenName").Item(0), String)
email = CType(sr.Properties("mail").Item(0), String)
AuthenticateUser = email

Catch except As Exception
      AuthenticateUser = "-1" 'Return False
End Try

There are two environments in which I'm trying the above code viz. in my
company (which is small and we have one domain) and my client (which is a
huge company spread across a lot of locations).

Within my company:
de = New DirectoryServices.DirectoryEntry("LDAP://" & txtDomain.Text,
strLogin, strPwd)

The above code works perfectly well i.e. if the supplied pwd is wrong the
object is not created and this I know the user is not valid.

How ever that line of code does not work at my client, which is why I tried
the following line after some reading:
de = New
a
ny.com, ou=Tech,o=company.com")

The above line does not work either and an exception is generated at:
sr = ds.FindOne()

The error I get is Expected Expression.

This is the first time I've tried doing something of this sort -  I'm sure
I'm doing something wrong, but I just can not seem to figure out what it is.
I am certain there should be some straight forward way by which users can be
authenticated against an active directory service.

Would be much obliged if someone could help me out with this!

TIA

Vinay



Tue, 01 Feb 2005 05:45:25 GMT  
 Authenticate users against an active directory service??

Hi All:

I'm trying to authenticate users who login to my system against an active
directory. I'm trying to do this via both vb.net and asp.net. The code I'm
using is as follows:

Dim dirEntry As DirectoryServices.DirectoryEntry
Dim dirSearcher As DirectoryServices.DirectorySearcher
Dim de As DirectoryServices.DirectoryEntry
Dim ds As DirectoryServices.DirectorySearcher
Dim fullname As String

Try

'de = New DirectoryServices.DirectoryEntry("LDAP://" & txtDomain.Text,
strLogin, strPwd)

de = New
a
ny.com, ou=Tech,o=company.com")

ds = New DirectoryServices.DirectorySearcher(de)
'ds.Filter = "(samAccountName=" & strLogin & ")"


'if we want more user properties we can add those here so that they get
picked up
'when we query the AD

ds.PropertiesToLoad.Add("mail")
ds.PropertiesToLoad.Add("givenName")

' Fill container
Dim sr As DirectoryServices.SearchResult
sr = ds.FindOne()
fullname = CType(sr.Properties("givenName").Item(0), String)
email = CType(sr.Properties("mail").Item(0), String)
AuthenticateUser = email

Catch except As Exception
      AuthenticateUser = "-1" 'Return False
End Try

There are two environments in which I'm trying the above code viz. in my
company (which is small and we have one domain) and my client (which is a
huge company spread across a lot of locations).

Within my company:
de = New DirectoryServices.DirectoryEntry("LDAP://" & txtDomain.Text,
strLogin, strPwd)

The above code works perfectly well i.e. if the supplied pwd is wrong the
object is not created and this I know the user is not valid.

This looks to be correct so it's possible that there is an issue with the domain naming. Did you try
to create just the domain object without verifying credentials?

If it fails what is the error message?


Microsoft MVP (Visual Basic)



Wed, 02 Feb 2005 02:42:31 GMT  
 Authenticate users against an active directory service??
How do you get at their password?
Why are you trying to autenticate a user who is already authenticated because they are logged in?

Willy.

Quote:

> Hi All:

> I'm trying to authenticate users who login to my system against an active
> directory. I'm trying to do this via both vb.net and asp.net. The code I'm
> using is as follows:

> Dim dirEntry As DirectoryServices.DirectoryEntry
> Dim dirSearcher As DirectoryServices.DirectorySearcher
> Dim de As DirectoryServices.DirectoryEntry
> Dim ds As DirectoryServices.DirectorySearcher
> Dim fullname As String

> Try

> 'de = New DirectoryServices.DirectoryEntry("LDAP://" & txtDomain.Text,
> strLogin, strPwd)

> de = New
a
> ny.com, ou=Tech,o=company.com")

> ds = New DirectoryServices.DirectorySearcher(de)
> 'ds.Filter = "(samAccountName=" & strLogin & ")"

> 'if we want more user properties we can add those here so that they get
> picked up
> 'when we query the AD

> ds.PropertiesToLoad.Add("mail")
> ds.PropertiesToLoad.Add("givenName")

> ' Fill container
> Dim sr As DirectoryServices.SearchResult
> sr = ds.FindOne()
> fullname = CType(sr.Properties("givenName").Item(0), String)
> email = CType(sr.Properties("mail").Item(0), String)
> AuthenticateUser = email

> Catch except As Exception
>       AuthenticateUser = "-1" 'Return False
> End Try

> There are two environments in which I'm trying the above code viz. in my
> company (which is small and we have one domain) and my client (which is a
> huge company spread across a lot of locations).

> Within my company:
> de = New DirectoryServices.DirectoryEntry("LDAP://" & txtDomain.Text,
> strLogin, strPwd)

> The above code works perfectly well i.e. if the supplied pwd is wrong the
> object is not created and this I know the user is not valid.

> How ever that line of code does not work at my client, which is why I tried
> the following line after some reading:
> de = New
a
> ny.com, ou=Tech,o=company.com")

> The above line does not work either and an exception is generated at:
> sr = ds.FindOne()

> The error I get is Expected Expression.

> This is the first time I've tried doing something of this sort -  I'm sure
> I'm doing something wrong, but I just can not seem to figure out what it is.
> I am certain there should be some straight forward way by which users can be
> authenticated against an active directory service.

> Would be much obliged if someone could help me out with this!

> TIA

> Vinay




Wed, 02 Feb 2005 04:17:06 GMT  
 Authenticate users against an active directory service??
I have not tried to do that - will do that. What do you mean by an issue
with domain naming? If it refers to ldap.company.com - that is something
that the client's IT dept gave me.

Vinay


Quote:


> Hi All:
>
> I'm trying to authenticate users who login to my system against an
active
> directory. I'm trying to do this via both vb.net and asp.net. The code
I'm
> using is as follows:
>
> Dim dirEntry As DirectoryServices.DirectoryEntry
> Dim dirSearcher As DirectoryServices.DirectorySearcher
> Dim de As DirectoryServices.DirectoryEntry
> Dim ds As DirectoryServices.DirectorySearcher
> Dim fullname As String
>
> Try
>
> 'de = New DirectoryServices.DirectoryEntry("LDAP://" & txtDomain.Text,
> strLogin, strPwd)
>
> de = New
>

a

- Show quoted text -

Quote:
> ny.com, ou=Tech,o=company.com")
>
> ds = New DirectoryServices.DirectorySearcher(de)
> 'ds.Filter = "(samAccountName=" & strLogin & ")"

>
> 'if we want more user properties we can add those here so that they get
> picked up
> 'when we query the AD
>
> ds.PropertiesToLoad.Add("mail")
> ds.PropertiesToLoad.Add("givenName")
>
> ' Fill container
> Dim sr As DirectoryServices.SearchResult
> sr = ds.FindOne()
> fullname = CType(sr.Properties("givenName").Item(0), String)
> email = CType(sr.Properties("mail").Item(0), String)
> AuthenticateUser = email
>
> Catch except As Exception
>       AuthenticateUser = "-1" 'Return False
> End Try
>
> There are two environments in which I'm trying the above code viz. in my
> company (which is small and we have one domain) and my client (which is
a
> huge company spread across a lot of locations).
>
> Within my company:
> de = New DirectoryServices.DirectoryEntry("LDAP://" & txtDomain.Text,
> strLogin, strPwd)
>
> The above code works perfectly well i.e. if the supplied pwd is wrong
the
> object is not created and this I know the user is not valid.

> This looks to be correct so it's possible that there is an issue with the

domain naming. Did you try

- Show quoted text -

Quote:
> to create just the domain object without verifying credentials?

> If it fails what is the error message?


> Microsoft MVP (Visual Basic)



Wed, 02 Feb 2005 04:37:01 GMT  
 Authenticate users against an active directory service??
I'm getting the password from a web form (e.g. login.aspx)
I need to do this as this is an intranet application and users need to
access the application by logging in to the system.

Vinay



Quote:
> How do you get at their password?
> Why are you trying to autenticate a user who is already authenticated

because they are logged in?
Quote:

> Willy.




Quote:
> > Hi All:

> > I'm trying to authenticate users who login to my system against an
active
> > directory. I'm trying to do this via both vb.net and asp.net. The code
I'm
> > using is as follows:

> > Dim dirEntry As DirectoryServices.DirectoryEntry
> > Dim dirSearcher As DirectoryServices.DirectorySearcher
> > Dim de As DirectoryServices.DirectoryEntry
> > Dim ds As DirectoryServices.DirectorySearcher
> > Dim fullname As String

> > Try

> > 'de = New DirectoryServices.DirectoryEntry("LDAP://" & txtDomain.Text,
> > strLogin, strPwd)

> > de = New

a

- Show quoted text -

Quote:
> > ny.com, ou=Tech,o=company.com")

> > ds = New DirectoryServices.DirectorySearcher(de)
> > 'ds.Filter = "(samAccountName=" & strLogin & ")"

> > 'if we want more user properties we can add those here so that they get
> > picked up
> > 'when we query the AD

> > ds.PropertiesToLoad.Add("mail")
> > ds.PropertiesToLoad.Add("givenName")

> > ' Fill container
> > Dim sr As DirectoryServices.SearchResult
> > sr = ds.FindOne()
> > fullname = CType(sr.Properties("givenName").Item(0), String)
> > email = CType(sr.Properties("mail").Item(0), String)
> > AuthenticateUser = email

> > Catch except As Exception
> >       AuthenticateUser = "-1" 'Return False
> > End Try

> > There are two environments in which I'm trying the above code viz. in my
> > company (which is small and we have one domain) and my client (which is
a
> > huge company spread across a lot of locations).

> > Within my company:
> > de = New DirectoryServices.DirectoryEntry("LDAP://" & txtDomain.Text,
> > strLogin, strPwd)

> > The above code works perfectly well i.e. if the supplied pwd is wrong
the
> > object is not created and this I know the user is not valid.

> > How ever that line of code does not work at my client, which is why I
tried
> > the following line after some reading:
> > de = New

a

- Show quoted text -

Quote:
> > ny.com, ou=Tech,o=company.com")

> > The above line does not work either and an exception is generated at:
> > sr = ds.FindOne()

> > The error I get is Expected Expression.

> > This is the first time I've tried doing something of this sort -  I'm
sure
> > I'm doing something wrong, but I just can not seem to figure out what it
is.
> > I am certain there should be some straight forward way by which users
can be
> > authenticated against an active directory service.

> > Would be much obliged if someone could help me out with this!

> > TIA

> > Vinay




Wed, 02 Feb 2005 04:38:20 GMT  
 Authenticate users against an active directory service??
Yes, but the user have a Windows domain account, why not simply let IIS/ASP do the authentication?
Now, the user's windows passwords are passed over the wire, in clear text, to an application they have to trust not to use their
credentials  to do some other things than they expect from the application, I would not accept this if I was the client.
Another thing you seem to forget is that accessing the AD is time/resource consuming especially in a large domain and you have to go
to the AD each time they touch the login page.

Willy.

Quote:

> I'm getting the password from a web form (e.g. login.aspx)
> I need to do this as this is an intranet application and users need to
> access the application by logging in to the system.

> Vinay



> > How do you get at their password?
> > Why are you trying to autenticate a user who is already authenticated
> because they are logged in?

> > Willy.



> > > Hi All:

> > > I'm trying to authenticate users who login to my system against an
> active
> > > directory. I'm trying to do this via both vb.net and asp.net. The code
> I'm
> > > using is as follows:

> > > Dim dirEntry As DirectoryServices.DirectoryEntry
> > > Dim dirSearcher As DirectoryServices.DirectorySearcher
> > > Dim de As DirectoryServices.DirectoryEntry
> > > Dim ds As DirectoryServices.DirectorySearcher
> > > Dim fullname As String

> > > Try

> > > 'de = New DirectoryServices.DirectoryEntry("LDAP://" & txtDomain.Text,
> > > strLogin, strPwd)

> > > de = New

a
> > > ny.com, ou=Tech,o=company.com")

> > > ds = New DirectoryServices.DirectorySearcher(de)
> > > 'ds.Filter = "(samAccountName=" & strLogin & ")"

> > > 'if we want more user properties we can add those here so that they get
> > > picked up
> > > 'when we query the AD

> > > ds.PropertiesToLoad.Add("mail")
> > > ds.PropertiesToLoad.Add("givenName")

> > > ' Fill container
> > > Dim sr As DirectoryServices.SearchResult
> > > sr = ds.FindOne()
> > > fullname = CType(sr.Properties("givenName").Item(0), String)
> > > email = CType(sr.Properties("mail").Item(0), String)
> > > AuthenticateUser = email

> > > Catch except As Exception
> > >       AuthenticateUser = "-1" 'Return False
> > > End Try

> > > There are two environments in which I'm trying the above code viz. in my
> > > company (which is small and we have one domain) and my client (which is
> a
> > > huge company spread across a lot of locations).

> > > Within my company:
> > > de = New DirectoryServices.DirectoryEntry("LDAP://" & txtDomain.Text,
> > > strLogin, strPwd)

> > > The above code works perfectly well i.e. if the supplied pwd is wrong
> the
> > > object is not created and this I know the user is not valid.

> > > How ever that line of code does not work at my client, which is why I
> tried
> > > the following line after some reading:
> > > de = New

a
> > > ny.com, ou=Tech,o=company.com")

> > > The above line does not work either and an exception is generated at:
> > > sr = ds.FindOne()

> > > The error I get is Expected Expression.

> > > This is the first time I've tried doing something of this sort -  I'm
> sure
> > > I'm doing something wrong, but I just can not seem to figure out what it
> is.
> > > I am certain there should be some straight forward way by which users
> can be
> > > authenticated against an active directory service.

> > > Would be much obliged if someone could help me out with this!

> > > TIA

> > > Vinay




Wed, 02 Feb 2005 04:56:28 GMT  
 Authenticate users against an active directory service??

I have not tried to do that - will do that. What do you mean by an issue
with domain naming? If it refers to ldap.company.com - that is something
that the client's IT dept gave me.

I just want to verify that you can retrieve the domain object. That might narrow it down to a domain
naming issue. If it doesn't work try specifying the domain server name instead of the name they gave
you.


Microsoft MVP (Visual Basic)



Wed, 02 Feb 2005 05:08:51 GMT  
 Authenticate users against an active directory service??
Well, I can retrieve the domain object, because when I do this:
de = New
a
ny.com, ou=Tech,o=company.com")

I can get the user's details such as Full Name, etc etc. But what I really
need to do is to be able to take the user's NT Login/email + Pwd and
validate that. I will try to use the domain server name instead and see what
happens.

Thanks!
Vinay


Quote:


> I have not tried to do that - will do that. What do you mean by an issue
> with domain naming? If it refers to ldap.company.com - that is something
> that the client's IT dept gave me.
>

> I just want to verify that you can retrieve the domain object. That might

narrow it down to a domain
Quote:
> naming issue. If it doesn't work try specifying the domain server name

instead of the name they gave
Quote:
> you.


> Microsoft MVP (Visual Basic)



Wed, 02 Feb 2005 05:58:52 GMT  
 Authenticate users against an active directory service??

Well, I can retrieve the domain object, because when I do this:
de = New
a
ny.com, ou=Tech,o=company.com")

I can get the user's details such as Full Name, etc etc. But what I really
need to do is to be able to take the user's NT Login/email + Pwd and
validate that. I will try to use the domain server name instead and see what
happens.

Sounds like there might be some sort of configuration issue. You can also try the default naming
context which looks something like this:

"LDAP://DC=Company,DC=com"

dim rootds as new DirectoryEntry("LDAP://rootDSE")

strDNC = rootds.properties("DefaultNamingContext")(0)

Dim de As New DirectoryEntry("LDAP://" & strDNC, domainUserID, password)


Microsoft MVP (Visual Basic)



Fri, 04 Feb 2005 23:10:07 GMT  
 
 [ 9 post ] 

 Relevant Pages 

1. Authenticate user against Acrive Directory......

2. Ole Directory Services (Active Directory Services) 1.1 - Has any body managed to use the VB examples

3. Query Active Directory for User's Home Directory Path

4. need vb script to change users home directory in on fell swoop (active directory)

5. Need to Authenticate against OpenLDAP Server and enumerate objects with DirectoryServices Class in VB.NET

6. Authenticating against Exchange

7. Authenticating txtPassword.Text against Access DB

8. Authenticate Against AD

9. Authenticating against the NT DNS

10. Active Directory Services

11. Logging on through Active Directory Services

12. Active Directory Services Interface (ADSI)

 

 
Powered by phpBB® Forum Software