Given a username and a password for a domain user, what would be the best way to authenticate that user programatically?
DirectoryServices. AccountManagement) Encapsulates the account data and operations common to all security principals. This is the abstract base class from which all security principals are derived.
FindAll Method (System. DirectoryServices) Executes the search and returns a collection of the entries that are found.
DirectoryEntry(String) Initializes a new instance of the DirectoryEntry class that binds this instance to the node in Active Directory Domain Services located at the specified path. DirectoryEntry(String, String, String) Initializes a new instance of the DirectoryEntry class.
PrincipalContext(ContextType, String, String, ContextOptions) Initializes a new instance of the PrincipalContext class with the specified context type, name, container, and context options.
It appears that .NET 3.5 added a new namespace to deal with this issue - System.DirectoryServices.AccountManagement. Code sample is below:
Private Function ValidateExternalUser(ByVal username As String, ByVal password As String) As Boolean
Using context As PrincipalContext = New PrincipalContext(ContextType.Domain, _defaultDomain)
Return context.ValidateCredentials(username, password, ContextOptions.Negotiate)
End Using
End Function
The namespace also seems to provide a lot of methods for manipulating a domain account (changing passwords, expiring passwords, etc).
You can use some hacks to authenticate only.
Try
Dim directoryEntry as New DirectoryEntry("LDAP://DomainController:389/dc=domain,dc=suffix", "username", "password")
Dim temp as Object = directoryEntry.NativeObject
return true
Catch
return false
End Try
If the user is not valid, the directory entry NativeObject cannot be accessed and throws an exception. While this isn't the most efficient way (exceptions are evil, blah blah blah), it's quick and painless. This also has the super-cool advantage of working with all LDAP servers, not just AD.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With