//Update the new path to the user in the directory.
_path = result.Path;
_filterAttribute = result.Properties["cn"][0].ToString();
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
From your code it would appear you have a login form that the user is to enter their username and password into to be authenticated through AD. If you do not need or want the user to provide their password, you can have them auto authenticate through with
their credentials that they are logged on their computers. You can use Application_AuthenticateRequest if you are using forms authentication or WindowsAuthentication_Authenticate if you are using windows authentication in the global.asax file.
You can setup a service account in AD and use its login info to provide access in your code instead of providing the user's info. Then use the username of the user to filter AD to see if that account exists and if it does return true. You can grab the user's
name with either request.servervariables("LOGON_USER") or e.Identity.name.
Marked as answer by Dino He - MSFT on May 29, 2012 07:18 AM
harshtyagi
Member
51 Points
76 Posts
Active Directory Authencation without using Password.
May 22, 2012 10:45 AM|LINK
Hello friends,
I am using the following code for Authenticating the user through Active Directory.
In it we need the password of the user.
Is it possible to retrive the password of the user from AD.
If not can this code be modified to use only UserName to authencate the user.
Pls find the code below.
I need the Solution on urgent basis pls reply with your valuable comments.
Thanks
Harsh Tyagi..
IsAuthenticated(string domain, string username, string pwd)
{
//string Username = domain + @"\" +username;
string Username = username;
DirectoryEntry entry = new DirectoryEntry(_path, Username, pwd, AuthenticationTypes.Secure);
try
{
//Bind to the native AdsObject to force authentication.
object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName= " + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (null == result)
{
return false;
}
//Update the new path to the user in the directory.
_path = result.Path;
_filterAttribute = result.Properties["cn"][0].ToString();
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
return true;
}
kashifilyaz
Participant
1144 Points
198 Posts
Re: Active Directory Authencation without using Password.
May 22, 2012 11:28 AM|LINK
You cannot retrive the password of the user from AD
DirectoryEntry entry = new DirectoryEntry("LDAP://DomainName"); DirectorySearcher Dsearch = new DirectorySearcher(entry); String Name="Alex"; dSearch.Filter = "(&(objectClass=user)(l=" + Name + "))"; foreach(SearchResult sResultSet in dSearch.FindAll()) { // Login Name Console.WriteLine(GetProperty(sResultSet,"cn")); // First Name Console.WriteLine(GetProperty(sResultSet,"givenName")); // Middle Initials Console.Write(GetProperty(sResultSet,"initials")); // Last Name Console.Write(GetProperty(sResultSet,"sn")); } Public static string GetProperty(SearchResult searchResult, string PropertyName) { if(searchResult.Properties.Contains(PropertyName)) { return searchResult.Properties[PropertyName][0].ToString() ; } else { return string.Empty; } }from above code you can verify that 'Alex' exists in AD or not
http://www.codeproject.com/Articles/6778/How-to-get-User-Data-from-the-Active-Directory
gww
Contributor
2143 Points
458 Posts
Re: Active Directory Authencation without using Password.
May 22, 2012 01:20 PM|LINK
From your code it would appear you have a login form that the user is to enter their username and password into to be authenticated through AD. If you do not need or want the user to provide their password, you can have them auto authenticate through with their credentials that they are logged on their computers. You can use Application_AuthenticateRequest if you are using forms authentication or WindowsAuthentication_Authenticate if you are using windows authentication in the global.asax file.
You can setup a service account in AD and use its login info to provide access in your code instead of providing the user's info. Then use the username of the user to filter AD to see if that account exists and if it does return true. You can grab the user's name with either request.servervariables("LOGON_USER") or e.Identity.name.