Re: Authenticate user against active directory
- From: "Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx>
- Date: Fri, 23 Feb 2007 11:34:59 +0100
"fomalhaut" <nathan.manzi@xxxxxxxxxxxxxxx> wrote in message news:1172195630.071467.314960@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi All,
I'm builing an application that requires domain admin access to run,
and I'm trying to allow for the application to be run as a normal user
and allow the user to provide it with a username/password that has the
access.
I have a method that will check if the username/password is correct,
however, it will only authenticate the user running the program...
Here's the method:
public static bool validatePassword(string adUserName, string
adPassword)
{
DirectoryEntry de = new DirectoryEntry(null, "WDE" +
"\\" + adUserName, adPassword);
try
{
object o = de.NativeObject;
DirectorySearcher ds = new DirectorySearcher(de);
ds.Filter = "samaccountname=" + adUserName;
ds.PropertiesToLoad.Add("cn");
SearchResult sr = ds.FindOne();
if (sr == null) throw new Exception();
return true;
}
catch
{
return false;
}
}
If I check the username/password of the person that is running the
application, it works fine. If I provide any other username/password,
it fails in the "object o = de.NativeObject;".
Any ideas as to why it's happening?
Cheers,
Nathan Manzi
start by a change of your catch clause into:
catch(System.Runtime.InteropServices.COMException ex)
{
Console.WriteLine(ex);
return false;
}
and it will tell you why, however, there are other things wrong with your code.
This aside, you should not use this to authenticate a windows user, AD is not an authentication service.
Use Win32 "LogonUser" or better use the SSPI in V2 of the framework . Following is a complete sample that illustrates you how to authenticate windows users , both local and domain users, using the WindowsIdentity and the NegotiateStream class in V2 .
using System;
using System.Net;
using System.Net.Sockets;
using System.Net.Security;
using System.Security.Principal;
class Program
{
static void Main(string[] args)
{
// pass account name, password and domain name as arguments. For local accounts, pass the machine name as domain name.
WindowsIdentity id = SSPIHelper.LogonUser("uuuuuu", "pppppp", "ddddd");
if(id != null)
Console.WriteLine("[{0}] was authenticated using [{1}], returned access token [{2}] ",
id.Name,
id.AuthenticationType,
id.Token.ToString()
);
}
}
// using NTLM authentication
public class SSPIHelper
{
public static WindowsIdentity LogonUser(string userName, string password, string domain)
{
// need a full duplex stream - loopback is easiest way to get that
TcpListener tcpListener = new TcpListener(IPAddress.Loopback, 0);
tcpListener.Start();
WindowsIdentity id = null;
tcpListener.BeginAcceptTcpClient(delegate(IAsyncResult asyncResult)
{
using (NegotiateStream serverSide = new NegotiateStream(
tcpListener.EndAcceptTcpClient(asyncResult).GetStream()))
{
serverSide.AuthenticateAsServer(CredentialCache.DefaultNetworkCredentials,
ProtectionLevel.None, TokenImpersonationLevel.Impersonation);
id = (WindowsIdentity)serverSide.RemoteIdentity;
}
}, null);
using (NegotiateStream clientSide = new NegotiateStream(new TcpClient(IPAddress.Loopback.ToString()
((IPEndPoint)tcpListener.LocalEndpoint).Port).GetStream()))
{
clientSide.AuthenticateAsClient(new NetworkCredential(userName, password, domain),
"", ProtectionLevel.None, TokenImpersonationLevel.Impersonation);
}
return id;
}
}
Willy.
.
- References:
- Authenticate user against active directory
- From: fomalhaut
- Authenticate user against active directory
- Prev by Date: how to write the values in textbox to xml format..
- Next by Date: problem RichTextBox
- Previous by thread: Authenticate user against active directory
- Next by thread: Etched or black line on a form
- Index(es):
Relevant Pages
|
|
