Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Authenticating Domain Users with System.DirectoryServices

Tags:

.net

authentication

directoryservices

Given a username and a password for a domain user, what would be the best way to authenticate that user programatically?

like image 699
John Christensen Avatar asked Aug 27 '08 18:08

John Christensen

People also ask

What is System DirectoryServices AccountManagement?

DirectoryServices. AccountManagement) Encapsulates the account data and operations common to all security principals. This is the abstract base class from which all security principals are derived.

What is DirectorySearcher in c# net?

FindAll Method (System. DirectoryServices) Executes the search and returns a collection of the entries that are found.

What is C# DirectoryEntry?

DirectoryEntry(String) Initializes a new instance of the DirectoryEntry class that binds this instance to the node in Active Directory Domain Services located at the specified path. DirectoryEntry(String, String, String) Initializes a new instance of the DirectoryEntry class.

What is C# PrincipalContext?

PrincipalContext(ContextType, String, String, ContextOptions) Initializes a new instance of the PrincipalContext class with the specified context type, name, container, and context options.

2 Answers

It appears that .NET 3.5 added a new namespace to deal with this issue - System.DirectoryServices.AccountManagement. Code sample is below:

Private Function ValidateExternalUser(ByVal username As String, ByVal password As String) As Boolean
    Using context As PrincipalContext = New PrincipalContext(ContextType.Domain, _defaultDomain)
        Return context.ValidateCredentials(username, password, ContextOptions.Negotiate)
    End Using
End Function

The namespace also seems to provide a lot of methods for manipulating a domain account (changing passwords, expiring passwords, etc).

like image 54
John Christensen Avatar answered Sep 22 '22 15:09

John Christensen

You can use some hacks to authenticate only.

Try
    Dim directoryEntry as New DirectoryEntry("LDAP://DomainController:389/dc=domain,dc=suffix", "username", "password")
    Dim temp as Object = directoryEntry.NativeObject
    return true
Catch
    return false
End Try

If the user is not valid, the directory entry NativeObject cannot be accessed and throws an exception. While this isn't the most efficient way (exceptions are evil, blah blah blah), it's quick and painless. This also has the super-cool advantage of working with all LDAP servers, not just AD.

like image 38
David J. Sokol Avatar answered Sep 19 '22 15:09

David J. Sokol
Sign in to Comment

Related questions

What is best practise for IValueConverter?
Applying '==' operator to generic parameter [duplicate]
How can I draw a horizontal line and center it?
C# - Unhandled Exception - Illegal Characters in Path
Index and length must refer to a location within the string?
WCF doesn't serialize all properties
Do C# enum flags have to be sequential
Regular expression to allow alphanumeric, only one space and then alpahnumeric
Bit-shifting with Int64
LINQ query with GROUP BY and Count(*) into Anonymous Type
Call System.IDisposable.Dispose on object 'emailForm' before all references to it are out of scope
New to mocking frameworks
Unity behavior for registering the same type twice and resolving only the singleton
Require Authentication for all requests to an OWIN application
.net framework 4.5.1 missing from Visual Studio 2012
Take groups of 5 strings from List [duplicate]
Escaping JavaScript special characters from ASP.NET
What's the implementation of List?
Ambiguous Authentication in Netsuite Token Based API call
Elastic NEST using Term filter on text field with inner keyword field

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!