Click here to Skip to main content
15,878,996 members
Search within:


LDAP user Authentication using Directory searcher in c#
Please Sign up or sign in to vote.
4.00/5 (1 vote)
See more:
C#2.0
C#
ASP.NET
LDAP
We have an web application developed using c#(VS 2008/3.5 framework). The application uses the mode of authentication as "Windows" with a service account present in domain (Domain1) to run the application as ASP.Net user. We have authentication to be done for the users present in different domain (Domain 2). When authentication is done using the directory services(Directory searcher), we are able to connect to LDAP of domain1 and bind it, so that user is authenticated. Also, the user is able to be authenticated if the user has been migrated from domain1 to domain 2. However, if there is a user id directly created in domain 2, then application is not able to bind to Domain2 (during the LDAP authentication) and hence, this user is not being authenticated by the application. Please suggest the solution regarding the same.
HTML
<authentication mode="Windows" />
<identity impersonate="true" username="domain1\svc_acc" password="***" />

C#
public bool ValidateUidPwdAndGetUserTypeGlobal(string TPXId, string password)
        {

            string strADPath = "LDAP://a.b.c/dc=a,dc=b,dc=c";
            try
            {
                DirectoryEntry objDirEntry = new DirectoryEntry(strADPath, TPXId, password);
                
                DirectorySearcher search = new DirectorySearcher(objDirEntry);
                search.Filter = "(samaccountname=" + TPXId + ")";
                SearchResult result = search.FindOne();
                if (null == result)
                {
                    return false;
                }
                else
                    return true;
            }
            catch (Exception ex)
            {
                return false;
            }
        }

Exception thrown during LDAP authentication: Unknown username or bad password.
Posted
Updated 7-Jun-19 4:04am
v2
Add a Solution

1 solution

So it seems like all you are looking to do is authenticate a user against active directory correct? If so then this snippet will work

Method For AD Auth
C#
using System.DirectoryServices;

public static bool IsAuthenticated(string ldap, string usr, string pwd)
{
    bool authenticated = false;

    try
    {
        DirectoryEntry entry = new DirectoryEntry(ldap, usr, pwd);
        object nativeObject = entry.NativeObject;
        authenticated = true;
    }
    catch (DirectoryServicesCOMException cex)
    {
        Console.WriteLine(cex);
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex);
    }
    return authenticated;
}


Then to do your scenario, if the user uses the first LDAP server (domain1) and it does not authenticate it would automatically try the second LDAP server (domain2) for authnetication. The first LDAP string is what you provided in your sample and then assuming the LDAP string for domain2 is different then just place that in the else if portion. This would then authenticate the user to the first server, fail, then auth to the second server and presumably pass if the user is valid.

C#
bool returnAuth = false;
string returnServer = null;

if(IsAuthenticated("LDAP://a.b.c/dc=a,dc=b,dc=c", "domain2\user", "domain1pass"))
{
    returnAuth = true;
    returnServer = "Domain One Auth";
}
else if(IsAuthenticated("LDAP://a2.b2.c2/dc=a2,dc=b2,dc=c2", "domain2\user", "domain1pass"))
{
    returnAuth = true;
    returnServer = "Domain Two Auth";
}
 
Share this answer
 
Posted
Updated 12-Jan-13 20:12pm
v3
Comments
Mukund Thakker 7-Jun-19 10:04am    
Dear David,

How do I pass domain server IP along with my domain name?
David_Wimbley 7-Jun-19 23:11pm    
If im understanding you correctly, you pass one or the other, not both. Ex: a domain of google.com maps to an IP address. Using DHCP, it will map the domain name to the IP.

If you mean just the domain of the AD instance, that would be the "domain2" in the username.
Mukund Thakker 10-Jun-19 4:03am    
I want to provide functionality of login into application with multiple domain Active Directory.
I am getting below error when I try to login (passing domain name, username, password) with domain which is not in default DNS,
Exception :The server is not operational.
Stack : at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_NativeObject()

So I think domain is not found or may be it is not resolved to mapped IP address.
David_Wimbley 10-Jun-19 16:21pm    
Looks like the issue lies with your LDAP server, not your code. Need to take a look at your server or work with your sys admin.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
authenticate user in LDAP
How to set up LDAP authentication with symfony, docker compose, and traefik?
I am trying to authenticate user using ldap in C# but getting following errors.
LDAP/AD authentication
How to authenticate users from active directory in ASP.NET MVC(.NET framework)
Active directory with ldap authentication
LDAP authentication using spring boot
Linux Ldap Authentication from asp.net
Authenticating User using LDAP
Problem with LDAP authentication in asp.net application

Advertise
Privacy
Cookies
Terms of Use
Last Updated 7 Jun 2019
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900