Active Directory Authencation without using Password.

Hello friends,

I am using the following code for Authenticating the user through Active Directory.

In it we need the password of the user.

Is it possible to retrive the password of the user from AD.

If not can this code be modified to use only UserName to authencate the user.

Pls find the code below.

I need the Solution on urgent basis pls reply with your valuable comments.

Thanks

Harsh Tyagi..

IsAuthenticated(string domain, string username, string pwd)
        {

            //string Username = domain + @"\" +username;

            string Username = username;
            DirectoryEntry entry = new DirectoryEntry(_path, Username, pwd, AuthenticationTypes.Secure);

            try
            {
                //Bind to the native AdsObject to force authentication.
                object obj = entry.NativeObject;

                DirectorySearcher search = new DirectorySearcher(entry);

                search.Filter = "(SAMAccountName= " + username + ")";
                search.PropertiesToLoad.Add("cn");
                SearchResult result = search.FindOne();

                if (null == result)
                {
                    return false;
                }

                //Update the new path to the user in the directory.
                _path = result.Path;
                _filterAttribute = result.Properties["cn"][0].ToString();
            }
            catch (Exception ex)
            {
                throw new Exception("Error authenticating user. " + ex.Message);
            }

            return true;
        }

Re: Active Directory Authencation without using Password.

You cannot retrive the password of the user from AD

DirectoryEntry entry = new DirectoryEntry("LDAP://DomainName");
DirectorySearcher Dsearch = new DirectorySearcher(entry);
String Name="Alex";
dSearch.Filter = "(&(objectClass=user)(l=" + Name + "))";

foreach(SearchResult sResultSet in dSearch.FindAll())
    {
          
     // Login Name
     Console.WriteLine(GetProperty(sResultSet,"cn"));
     // First Name
     Console.WriteLine(GetProperty(sResultSet,"givenName"));
     // Middle Initials
     Console.Write(GetProperty(sResultSet,"initials"));
     // Last Name
     Console.Write(GetProperty(sResultSet,"sn"));
   }

Public static string GetProperty(SearchResult searchResult,
 string PropertyName)
  {
   if(searchResult.Properties.Contains(PropertyName))
   {
    return searchResult.Properties[PropertyName][0].ToString() ;
   }
   else
   {
    return string.Empty;
   }
  }

from above code you can verify that 'Alex' exists in AD or not

http://www.codeproject.com/Articles/6778/How-to-get-User-Data-from-the-Active-Directory

Re: Active Directory Authencation without using Password.

From your code it would appear you have a login form that the user is to enter their username and password into to be authenticated through AD. If you do not need or want the user to provide their password, you can have them auto authenticate through with their credentials that they are logged on their computers. You can use Application_AuthenticateRequest if you are using forms authentication or WindowsAuthentication_Authenticate if you are using windows authentication in the global.asax file.

You can setup a service account in AD and use its login info to provide access in your code instead of providing the user's info. Then use the username of the user to filter AD to see if that account exists and if it does return true. You can grab the user's name with either request.servervariables("LOGON_USER") or e.Identity.name.