03.19.08

Authenticating and Retrieving Users Full Name via LDAP using ASP.Net 2.0

Posted in Technologies at 7:08 am by shiervermont

Hi All,

I hope this will help you a lot in authenticating and retrieving user’s full name via LDAP using ASP.Net 2.0.

Required Namespace:
using System.DirectoryServices; 

Authenticate Method:

public bool Authenticate(string userName, string password)
{
  DirectoryEntry deSystem = null;
  object obj = null;
  DirectorySearcher dsSystem = null;
  SearchResult srSystem = null;  bool isAuthenticated = false;  try
    {    // Initialize the Directory Entry with LDAP Connection String and use Domain, User Name & Password to Authenticate
    deSystem = new DirectoryEntry(“LDAP://mydomain.com/CN=MyGroup,CN=Users,DC=mydomain,DC=com”, “DOMAIN\\” + userName, password);    // Bind to the native AdsObject to force authentication
    obj = deSystem.NativeObject;    dsSystem = new DirectorySearcher(deSystem);    if (dsSystem != null)
    {
      // Search subtree of UserDN
      dsSystem.SearchScope = SearchScope.Subtree;      // Find the user data
      srSystem = dsSystem.FindOne();

      if (srSystem == null)
      {
        deSystem = null;
        dsSystem = null;
        throw new Exception(“‘UserName’ is not authorized to access the Active Directory. Access Denied!”);
      }
    }
    else
    {
      deSystem = null;
      dsSystem = null;      throw new Exception(“Invalid User Name or Password. Access Denied!”);
    }    // Pick up the user group belong to
    // Determine wheter the User is Member of Users, Domain Users or Administrators Group
    ResultPropertyValueCollection propValColl = srSystem.Properties["member"];    if (propValColl.Count > 0)
    {
      foreach (object propVal in propValColl)
      {
        // Check user exist in Group we are searching for
        string[] strDN = deSystem.Path.Split(“/”.ToCharArray());        string tmpPath = strDN[0] + “//” + strDN[2] + “/” + propVal.ToString();
 

        DirectoryEntry tmpDirEntry = new DirectoryEntry(tmpPath, ADConnection.GetDomain() + “\\” + userName, password, AuthenticationTypes.Secure);        DirectorySearcher tmpDirSearcher = new DirectorySearcher(tmpDirEntry);        SearchResult tmpDirSR = tmpDirSearcher.FindOne();        if (tmpDirSR == null)
          continue;        ResultPropertyValueCollection tmpPropValColl = tmpDirSR.Properties["samaccountname"];         if (tmpPropValColl.Count > 0)
        {
          foreach (object tmpPropVal in tmpPropValColl)
          {
            if (tmpPropVal.ToString().ToLower() == userName.ToLower())
            {
              ResultPropertyValueCollection tmpPropNames = tmpDirSR.Properties["name"];
              foreach (object tmpPropName in tmpPropNames)
                base.Session["CurrentUserName"] = tmpPropName.ToString();
              base.Session["CurrentDomain"] = “DOMAIN”;
              base.Session["CurrentUserID"] = userName;              isAuthenticated = true;
              break;
            }
          }
        }
        else
          continue;        if (isAuthenticated)
          break;
      }
    }
    propValColl = null;
  }
  catch (DirectoryServicesCOMException dsEx)
  {
    throw new Exception(dsEx.Message);
  }
  catch (Exception ex)
  {
    throw new Exception(ex.Message);
  }
  finally
  {
    deSystem = null;
    obj = null;
    adSecurity = null;
    dsSystem = null;
    srSystem = null;
  }
  return isAuthenticated;
}