3

I am trying to make a simple authentication system with LDAP in .NET. I was checking some namespaces in .NET and simply make the standart code snippet as below.

DirectoryEntry de = new DirectoryEntry(path,username,password);

DirectorySearcher s = new DirectorySearcher(de);
s.Filter = "(&(cn=" + username2 + "))";

SearchResult result = s.FindOne();
if (result != null) {
    Console.WriteLine("User exists");
} else {
    Console.WriteLine("User does not exist");
}

I have an admin username and password, username and password, which I use to authenticate the client application. I have a second username and password, username2 and password2 that needs to be checked in the LDAP to log in.

username is the admin account and username2 is just an user in LDAP. So how can I check username2's password?

Jared Harley
  • 8,219
  • 4
  • 39
  • 48
Arda
  • 407
  • 5
  • 14
  • Similar to: http://stackoverflow.com/questions/400872/active-directory-check-username-password I prefer the solution of creating a second directory entry with username2 and userpass2, and then trying to access something in it, and catching an exception to determine if it is invalid – Brandon Jan 16 '13 at 14:58
  • @Brandon thanks for your reply. But when I do a similar think, irectoryEntry de1 = new DirectoryEntry(path,username2,password2); I got the invalid username and password error. – Arda Jan 16 '13 at 15:17

2 Answers2

2

A slightly backwards (and clunky) way is to log in as the user and try to retrieve something, then treat an exception as an invalid password:

static bool CheckUser(string userName, string password) 
{
    var adSettings = ConfigurationManager.ConnectionStrings["ActiveDirectory"];
    if (adSettings == null ||
        string.IsNullOrWhiteSpace(adSettings.ConnectionString))
    {
        return false;
    }

    try
    {
        using (var de = new DirectoryEntry(adSettings.ConnectionString, userName, password))
        {
            // This should throw an exception if the password is wrong
            object nativeObject = de.NativeObject;
        }
    }
    catch (DirectoryServicesCOMException)
    {
        // Wrong password
        return false;
    }
    catch (System.Runtime.InteropServices.COMException)
    {
        // Can't connect
        return false;
    }

    return true;
}
Keith
  • 150,284
  • 78
  • 298
  • 434
  • thanks a lot for your reply, but this is not valid also...username is just exists in LDAP not in computer. – Arda Jan 16 '13 at 15:53
  • @Arda I think I'm a little confused - I thought you had the second user's name and password and want to validate them, is this incorrect? Do you want to get the password for the second user after logging in as the admin? – Keith Jan 16 '13 at 16:07
  • @Arda if that's the case (you want to read the password) then LDAP can't help you - it will validate a password for a user, but it shouldn't give you that user's password in plain text (it shouldn't even store them in plain text). – Keith Jan 16 '13 at 16:08
  • I know that I can't retrive password from LDAP. Maybe I am not so clear, let me explain it again... I have a system user which I use it to connect LDAP(the user name in DirectoryEntry constructor) and I have another user which is not a user in system but defined in LDAP and also have a password in LDAP. I want to check if that second user can login my app according to LDAP's information. – Arda Jan 16 '13 at 16:19
  • @Arda so the second user provides a username and password that you want to check in LDAP, but then you have a different user that the actual application runs as? Why not just use my function here to verify the second user, then log in as the admin user to do everything else? Am I missing something? – Keith Jan 17 '13 at 09:00
  • When I do as your code, I got the invalid username or password error – Arda Jan 17 '13 at 12:34
0

I have something in VB which might help you out i guess. Was working on this few days ago with my collegue. Do let me know--- Code:

    Dim cookie As HttpCookie = New HttpCookie("username")
    cookie.Value = TextBox1.Text
    cookie.Expires = DateAndTime.Now.AddHours(12)
    Response.Cookies.Add(cookie)
    Dim entry As New DirectoryEntry("LDAP://xyz.com/dc=xyz,dc=com", TextBox1.Text, TextBox2.Text)
    Try
        Dim obj As New Object
        obj = entry.NativeObject
        Dim search As New DirectorySearcher(entry)
        search.Filter = "(SAMAccountName=" + TextBox1.Text + ")"
        search.PropertiesToLoad.Add("cn")
        Dim result As SearchResult
        result = search.FindOne()
        If result.Equals(Nothing) then
            MsgBox("Try Again with valid username")
        Else
            MsgBox("User Found!")
        Response.Redirect("~/Dashboard.aspx")
        End If
    Catch ex As Exception
        MsgBox(ex.ToString)
    End Try

End Sub
Vinayak Pahalwan
  • 2,915
  • 4
  • 26
  • 34