Re: ADFS Development Issues

Hi Joe,

I have gone through some of the examples on your site and, although
still haven't got that working, I have made some minor progress! My
error is now "There is no such object on the server". My code has just
changed to the following:


** This part is calling the function **
If IsUserAuthenticated("LDAP://TestADFS.testadfsdomain.com.au/
CN=Users,DC=TestADFS,DC=testadfsdomain,DC=com,DC=au",
"testadfsdomain.com.au", "Administrator", "********").ToString() Then
MessageBox.Show("Logged in!")
End If


** This is my new function **

Public Function IsUserAuthenticated(ByVal strAdPath As String,
ByVal strDomain As String, ByVal strUserName As String, ByVal
strPassword As String) As Boolean
Dim isAuthenticated As Boolean = False

Try

Dim dirEntry As DirectoryEntry = New
DirectoryEntry(strAdPath, strDomain & "\" & strUserName, strPassword,
AuthenticationTypes.Secure)
Dim obj As Object = dirEntry.NativeObject
isAuthenticated = True ' authenticated

Catch ex As Exception
MessageBox.Show(ex.Message)
End Try

Return isAuthenticated
End Function


The funny thing is that the actual authentication seems to be fine. If
I change the password to an incorrect value I get an "Unknown user or
bad password" error. But when I use the correct password it fails with
the unknown object error. Any ideas?

Conor.


On Apr 22, 5:23 am, "Joe Kaplan"
<joseph.e.kap...@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Your path is somewhat inverted, in that the DN goes from most specific to
least, so it should probably look like:

LDAP://TestADFS.testadfsdomain.com.au/CN=Users,DC=TestADFS,DC=testadfsdomai­n,DC=co­m,DC=au

Generally, it is better to get the root NC name of the domain by first
getting the rootDSE object and reading the defaultNamingContext attribute.
You can use that to build a directoryentry to use as the search root.
However, you don't really need to do a search if you just want to check the
user's credentials. Just create a DirectoryEntry pointing to the domain
(you can use the RootDSE object) and force it to bind by accessing the
NativeObject property in a try/catch block. If it succeeds, you are fine,
if you get an error indicating bad credentials, the credentials are bad, if
you get a different error, then there is another problem.

We cover this stuff in some detail in ch 12 of our book and have code
samples available for download from the site below if you are interested.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net
--"CJ" <conorjgallag...@xxxxxxxxx> wrote in message

news:1177147572.011770.192580@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Ok, I should really read over my posts before clicking that send
button.... Let me correct myself, because I was using wrong machine
names in places:

The LDAP connection string I am using is:
LDAP://TestADFS.testadfsdomain.com.au/DC=TestADFS,DC=testadfsdomain,DC=co­m­,DC=au,CN=Users

I corrected the other name (WIN2K3R2EE). It's was the name of the
Windows Server 2003 R2 Vitual PC I downloaded from Microsoft! It was
renamed to TestADFS when I started my testing.

Sorry about that.

Conor.


.