Figure 1.0 - This is the main window where users login.
This article covers HOW-TO authenticate against Microsoft Active Directory and Novell Edirectory via LDAP.
Go to Contents
It is not easy to find an article that talks about how to authenticate users against both MS Active Directory and Novell Edirectory via LDAP. In short, LDAP stands for Lightweight Directory Access Protocol. It is a subset of Directory Access Protocol or DAP. University of Michigan developed it because DAP took up a lot of resources. Anyways, this article goes through all of the necessary steps to start authenticating users against both directory services.
Go to Contents
- Authentication against MS Active Directory
- Authentication against Novell E-Directory
Go to Contents
- A Server running Active Directory
- A Server running Edirectory
- Familiarity with LDAP and how entities are addressed
Go to Contents
- Adsvw.exe by Microsoft - This utility allows user to browse LDAP directory. It comes as part of ADSI SDK or as part of support tools in advanced server. It is very helpful when users are trying to find how entities should be referenced. Here is a little tip. If the user was to use it to browse active directory, then make sure Secure Connection is checked. When it comes to Edirectory the check should be on Use Encryp option.
Go to Contents
First, add a reference to System.DirectoryServices
by going to Project -> Add Reference. When this is done the dialog box as shown by figure 2.0 should display. Under .NET tab click on System.DirectoryServices.dll and click Select. Then click on OK to get back to the project.
Figure 2.0 - This is the dialog where user selects the reference.
In this solution, there is a class namely Authenticate. It is contained inside the file called Authenticate.cs. You should add it to your project or copy and paste the class from The Code section. Create a new instance of Authenticate and assign it to aAuthent
. Several values needed to be initialized before doing the actual login.
Authenticate aAuthent = new Authenticate();
I'll be referring to various widgets from this point. There are 3 text edit and 2 radio button widgets you need to worry about. Please map the direction appropriately in your workspace. Set the Domain name to the value held by txtDomain widget by invoking SetDomain
. This is where user entered IP address (i.e. 10.x.x.x) or host name (i.e. mydomain.com) of the target server. Note, that all but one Set/Modifier methods in this class returns boolean. It just indicates whether it modified the variable successfully or not. This may be against the convention, but, checking the argument inside the function was much more favorable to me instead of duplicating the effort elsewhere.
if (!(aAuthent.SetDomain(this.txtDomain.Text)))
{
}
Then, invoke SetUser
function to take in the value of text widget txtUser. This is where user name is supplied.
if (!(aAuthent.SetUser(this.txtUser.Text)))
{
}
After that, call SetPass
function to pass the value of txtPassword. This is where user password is supplied.
if (!(aAuthent.SetPass(this.txtPassword.Text)))
{
}
Next, check which directory this user desires to authenticate against. In this solution, there are two radio buttons namely rbtnED
and rbtnAD
. If the former is checked then invoke SetAuthenticationType
with the argument set to true
. This will tell the Authenticate class to use Secure Socket Layer
or SSL
. Edirectory uses ssl protocol to perform authentication task. In the latter case, the boolean value false
would instruct the class to use Secure
. Active Directory utilizes the secure method. The internal of those communication protocols or methods are outside the scope of this article. Therefore, I will skip them.
if (this.rbtnED.Checked)
aAuthent.SetAuthenticationType(true);r>
else if (this.rbtnAD.Checked)
aAuthent.SetAuthenticationType(false);
Finally, the Login
function inside this class should be invoked. It handles everything from this point. On success, it will welcome the user; other wise display failure message.
aAuthent.Login();
Go to Contents
public class Authenticate
{
private string strUser;
private string strPass;
private string strDomain;
private AuthenticationTypes atAuthentType;
public Authenticate()
{
}
public bool SetDomain(string strValue)
{
if (strValue.Length <= 0)
return false;
this.strDomain = "LDAP://" + strValue;
return true;
}
public bool SetUser(string strValue)
{
if (strValue.Length <= 0)
return false;
this.strUser = strValue;
return true;
}
public bool SetPass(string strValue)
{
if (strValue.Length <= 0)
return false;
this.strPass = strValue;
return true;
}
public void SetAuthenticationType(bool bValue)
{
if (bValue)
atAuthentType = AuthenticationTypes.SecureSocketsLayer;
else
atAuthentType = AuthenticationTypes.Secure;
}
public void Login()
{
using(DirectoryEntry deDirEntry = new DirectoryEntry(this.strDomain,
this.strUser,
this.strPass,
this.atAuthentType))
{
try
{
MessageBox.Show("Welcome to '" + deDirEntry.Name + "'");
}
catch (Exception exp)
{
MessageBox.Show("Sorry, unable to verify your information");
}
}
}
}
Go to Contents
One thing that was problematic was the way addressing worked. In Active Directory, users are allowed to pass in their name without utilizing the distinguished name format. If they were to try the same trick against Edirectory then it would fail right away.
Go to Contents
Authenticating against Edirectory
First, enter the user name. This is something the user needs to find out before proceeding with the next step. Use the ADSVW utility that was recommended to find out how the current user should be addressed. In this example, cn=userA,ou=rajibOU,o=rajibContext means there is an individual named userA belonging to organization unit rajibOU attempting to log in to the resources under rajibContext.
Figure 3.0 - User enters the distinguished name.
Second, enter the password for this particular user.
Figure 3.1 - User enters the password.
Third, enter the domain name or IP address that is applicable.
Figure 3.2 - User enters the IP address of the target server.
Fourth, choose either Active Directory or Edirectory.
Figure 3.2 - User selects the directory service.
Finally, click Login and it should produce the output as shown in figure 3.4.
Figure 3.4 - Show the outcome of user login attempt.
Authenticating against Active Directory
First, enter the user name.
Figure 3.5 - User enters the distinguished name.
Second, enter the password for this particular user.
Figure 3.6 - User enters the password.
Third, enter the domain name or IP address that is applicable.
Figure 3.7 - User enters the IP address of the target server.
Fourth, choose Active Directory.
Figure 3.8 - User selects the directory service.
Finally, click Login and it should produce the output as shown in figure 3.9.
Figure 3.9 - Shows the outcome of user login attempt.
Go to Contents
Well, this is my second article. I hope you found it useful and intuitive enough.
Go to Contents