Authenticating and Retrieving Users Full Name via LDAP using ASP.Net 2.0

shiervermont — Wed, 19 Mar 2008 07:08:17 +0000

Hi All,

I hope this will help you a lot in authenticating and retrieving user’s full name via LDAP using ASP.Net 2.0.

Required Namespace:
using System.DirectoryServices;

Authenticate Method:

public bool Authenticate(string userName, string password)
{
DirectoryEntry deSystem = null;
object obj = null;
DirectorySearcher dsSystem = null;
SearchResult srSystem = null; bool isAuthenticated = false; try
    {    // Initialize the Directory Entry with LDAP Connection String and use Domain, User Name & Password to Authenticate
    deSystem = new DirectoryEntry(“LDAP://mydomain.com/CN=MyGroup,CN=Users,DC=mydomain,DC=com”, “DOMAIN\\” + userName, password);    // Bind to the native AdsObject to force authentication
    obj = deSystem.NativeObject;    dsSystem = new DirectorySearcher(deSystem);    if (dsSystem != null)
    {
      // Search subtree of UserDN
      dsSystem.SearchScope = SearchScope.Subtree;      // Find the user data
      srSystem = dsSystem.FindOne();

      if (srSystem == null)
      {
        deSystem = null;
        dsSystem = null;
        throw new Exception(“‘UserName’ is not authorized to access the Active Directory. Access Denied!”);
      }
    }
    else
    {
      deSystem = null;
      dsSystem = null;      throw new Exception(“Invalid User Name or Password. Access Denied!”);
    }    // Pick up the user group belong to
    // Determine wheter the User is Member of Users, Domain Users or Administrators Group
    ResultPropertyValueCollection propValColl = srSystem.Properties["member"];    if (propValColl.Count > 0)
    {
      foreach (object propVal in propValColl)
      {
        // Check user exist in Group we are searching for
        string[] strDN = deSystem.Path.Split(“/”.ToCharArray());        string tmpPath = strDN[0] + “//” + strDN[2] + “/” + propVal.ToString();

        DirectoryEntry tmpDirEntry = new DirectoryEntry(tmpPath, ADConnection.GetDomain() + “\\” + userName, password, AuthenticationTypes.Secure);        DirectorySearcher tmpDirSearcher = new DirectorySearcher(tmpDirEntry);        SearchResult tmpDirSR = tmpDirSearcher.FindOne();        if (tmpDirSR == null)
          continue;        ResultPropertyValueCollection tmpPropValColl = tmpDirSR.Properties["samaccountname"];         if (tmpPropValColl.Count > 0)
        {
          foreach (object tmpPropVal in tmpPropValColl)
          {
            if (tmpPropVal.ToString().ToLower() == userName.ToLower())
            {
              ResultPropertyValueCollection tmpPropNames = tmpDirSR.Properties["name"];
              foreach (object tmpPropName in tmpPropNames)
                base.Session["CurrentUserName"] = tmpPropName.ToString();
              base.Session["CurrentDomain"] = “DOMAIN”;
              base.Session["CurrentUserID"] = userName;             isAuthenticated = true;
              break;
            }
          }
        }
      else
          continue;      if (isAuthenticated)
        break;
    }
    }
propValColl = null;
}
catch (DirectoryServicesCOMException dsEx)
{
    throw new Exception(dsEx.Message);
}
catch (Exception ex)
{
    throw new Exception(ex.Message);
}
finally
{
    deSystem = null;
obj = null;
    adSecurity = null;
dsSystem = null;
    srSystem = null;
}
return isAuthenticated;
}

Shier Vermont's Blog

Authenticating and Retrieving Users Full Name via LDAP using ASP.Net 2.0