What permissions does user need to validate credentials in Active Directory?

Question

I have some code that uses the PrincipalContext object with a specific username and password passed into its constructor to bind to Active Directory.

Then a call is made .ValidateCredentials() passing in a different username and password for the user being validated.

My question is, what permission is necessary in Active Directory in order for the first user to bind in Active Directory?

Answer 1

When I began working on the subject I found everything very confusing this tutorial was one of the better ones to get started with as ther are lot of acronyms which adds difficulty. https://hynek.me/articles/ldap-a-gentle-introduction/

I would reference you to a similar question on valildation but not specifically on credentials as there are several code snippets that is relevant to this type of work.

Validate a username and password against Active Directory?

What I think you are asking about is an Authentication function

I think posting my entire code can only confuse you so I will explain the structure of it and hope that gets you going and give a snippet.

The way I have done it and there are many method is the following:

public class LdapAuthentication with a method IsAuthenticated where the method is passed the domain, user name, and password

Then I use DirectoryEntry DirectorySearcher to find and filter the SAMAccountName Then it depends on your application and what you are trying to find.

But most of these are inside the System.DirectoryServices

            try
            {   //Bind to the native AdsObject to force authentication.         
                Object obj = entry.NativeObject;

                DirectorySearcher search = new DirectorySearcher(entry);

                search.Filter = "(SAMAccountName=" + username + ")";
                search.PropertiesToLoad.Add("cn");
                SearchResult result = search.FindOne();

                if (null == result)
                {
                    return false;
                }

                //Update the new path to the user in the directory.
                _path = result.Path;
                _filterAttribute = (String)result.Properties["cn"][0];
            }
            catch (Exception ex)
            {
                throw new Exception("Error authenticating user. " + ex.Message);
            }

This should give you enough to start searching and get what you need. Good luck!