Last post Jan 28, 2011 03:36 AM by frez
Jan 20, 2011 09:21 PM|InterOrion|LINK
I'd like to Authenticate Users without having to use a Membership Provider.
What's the easiest way to do this?
I'm looking at returning a DirectoryEntry.
Jan 21, 2011 12:35 AM|eikden|LINK
For enterprise application, I always use AD(Directory services) for authetication as easy for use directly access to the system without request username and password.
Jan 21, 2011 02:52 AM|smirnov|LINK
1) Enable Windows Integrated Authentication on IIS for your web site.
2) Modify web.config to use Windows Authentication.
Jan 23, 2011 05:10 PM|InterOrion|LINK
I probably should have explained a little further.
I'm not using a Membership Provider in my application, instead I would like to authenticate directly with AD.
An AD users details are stored in my application's database, the only thing that isn't is the AD password. When a user logs in to the application, the application needs to check whether that user exists in the application database, and then authenticate
that user against AD.
So what I need to know is how to do a "check" on whether the username and password of a user matches the username and password of a user in of the user in AD.
Jan 24, 2011 03:58 AM|smirnov|LINK
You can use
Another way is
After that your users will be automatically authenticated against AD and you will be able to check user's login using HttpContext.User.Identity.Name.
So your final code would be in just few lines
string currentUser = User.Identity.Name;
... sql query where user=currentUser
... if found
Jan 24, 2011 04:14 AM|frez|LINK
Have a look at this:
Google is your friend...
Jan 27, 2011 06:58 PM|InterOrion|LINK
That example pretty much shows exactly what I want to do.
The only thing that I need to add on is to check whether a user exists in the application database.
For example, the application contains a list of the AD users that are permitted to log in to the application.
I need to verify whether or not an AD User is permitted to log in to the application by checking whether they exist in the database.
Where can I add this in, in the authentication process?
Jan 28, 2011 03:36 AM|frez|LINK
I think you need to have a look at the Authenticate event of the login control.
You can use Membership.ValidateUser within that event to check their username and password, and then if it passes that check you can then check the application database for your additional conditions, and if it passes that check you can then set e.Authenticated
to true, otherwise set e.Authenticated to false.