Last post Sep 19, 2010 02:05 AM by sonaasp
Sep 07, 2010 07:34 AM|sonaasp|LINK
I am using 3.5 framework and sql server 2005. I need to do form authentication with active directory. There are many articles on net. Everything works fine but having problem with AD rights. I want just to check whether the current user exists in AD or not.
But the problem is all users does not have search rights. So its always returns null value from AD. For users who has search rights, for those users it's authenticating. How to give rights to all users, or is it advisable to give search rights for all users
or what is the better way??? Please help...
My need is ...I just want to check whether the user exists in active directory....
Sep 08, 2010 02:42 AM|johram|LINK
By default, all domain users have read access to entire AD unless configured otherwise. So when you say that "not all users have search rights", you mean that this someone has deliberately taken away this right? This sounds very strange to me. At what level
is this restriction set? (If at all possible?)
Anyway, if your mission is to authenticate the user (in order to see if the user/password combination is correct) then you do not need to search for the user. You can just try to open a connection with the AD, provide the credentials for the user and then
check the NativeObject property. If you get an exception there, then your user is not authenticated, otherwise ok.
DirectoryEntry user = new DirectoryEntry("LDAP://dc=yourdomain,dc=com"", "yourdomain\\" + username, password)
bool authenticated = false;
object nativeObject = user.NativeObject
authenticated = true;
// Not authenticated
Sep 19, 2010 02:05 AM|sonaasp|LINK
U r really great man. It worked. This issue was just breaking my head. U solved it for me. Thanks a lot.