by David Kiff
16. December 2006 07:28
My Final Year Project requires Active Directory Authentication, ASP.NET has a very simple GUI to set this up although I have used LDAP to create finer grained code- more customisable :D. Here is the method I have used:
public bool IsAuthenticated(string domain, string username, string pwd)
{
string domainAndUsername = domain + @"\" + username;
DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);
try
{
// Bind to the native AdsObject to force authentication.
Object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (null == result) { return false; }
// Update the new path to the user in the directory
_path = result.Path;
_filterAttribute = (String)result.Properties["cn"][0];
}
catch
{
throw
}
return true;
}
If you want to create a simpler AD login we can use the ASP.NET Login control with Memberships. Example memberships code for the web.config file:
<membership defaultProvider="ADMembershipProvider">
<providers>
<clear/>
<add name="ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ActiveDirectory" connectionUsername="userName" connectionPassword="password" attributeMapUsername="sAMAccountName" enableSearchMethods="true" requiresUniqueEmail="true"/>
</providers>
</membership>
The Login Control can utilize the membership:
<asp:Login ID="LoginControl" runat="server"
EnableTheming="true"
DisplayRememberMe="true"
FailureText="Login attempt has failed.">
</asp:Login>
To me it seems more beneficial to use the first option, the membership way is easier although you require administration rights for the connection.