[RESOLVED] LDAP Authentication Difficulties

[Scott MacMaster]

Code:

    Public Function Authenticate(ByVal username As String, ByVal password As String) As Boolean

        Dim path As String = "LDAP://dc=" + Environment.UserDomainName
        Dim domainAndUsername As String = username + "@" + Environment.UserDomainName
        Dim entry As DirectoryEntry = New DirectoryEntry(path, domainAndUsername, password)

        Try
            ' Bind to the native AdsObject to force authentication.
            Dim obj As Object = entry.NativeObject
            Dim search As DirectorySearcher = New DirectorySearcher(entry)
            search.Filter = "(SAMAccountName=" + username + ")"
            search.PropertiesToLoad.Add("cn")
            Dim result As SearchResult = search.FindOne()
            If result Is Nothing Then
                Return False
            End If
            ' Update the new path to the user in the directory
            path = result.Path
            Dim filterAttributeas As Object = result.Properties("cn")(0)
        Catch ex As Exception
            lblMessage.Text = "Error authenticating user. " + ex.Message
            Return False
        End Try

        Return True
    End Function

This worked perfectly on our dev server. However, when I copied it to our web server it didn't. It took me hours of playing before I finally got it to work. I had to change the first 2 lines to

Code:

Dim path As String = "LDAP://_butlernt1.bc3campus/dc=bc3campus"
Dim domainAndUsername As String = username + "@bc3campus"

My best guess is the web server isn't able to lookup domain info. I suppose hard coding the domain name isn't a big issue since that isn't likely to change. However, I would prefer not to hard code the dc since we have 4 domain controllers. I don't what authentication to fail if the dc I hard coded happens to go down. Also, we plan on replacing at least a couple of the domain controllers soon. I'd have to change this code when we do that.

Does anyone have any ideas on what I can do to get this to work without specifying the dc or domain name?


Thanks,
Scott

[Scott MacMaster]

Nevermind, I figured it out. ASPNET doesn't have permission to access network resources. I created an account in active directory and told ASP.NET to impersonate it.


Scott

[layiwan]

Hi Scott,

Is this script working in asp.net without the need to install any ldap client component?

I am currently developing a web application using asp.net and I want to authenticate my users against my ldap server. I downloaded an ldap client component called LdapClient.Net from ldapservices and it worked well until I figured out that this component is licensed. I am getting frustrated as I couldn't find a free ldap client component. Then, I saw your thread hoping that I could use your script and get the ldap authentication working without the need to install any ldap client component. So, do you use an ldap client component together with this script?

Thanks a million for your later response.

[Scott.Macmaster]

You don't need an LDAP Client. .NET has everything you need. Pretty much everything you'll need is in DirectoryEntry and DirectorySearcher.

The .NET implementation is actually a wrapper class for something else. I forget what it's called but it's using com so you have to explicitly dispose of DirectoryEntry objects to avoid memory leaks. I suggest just using the using keyword to handle that.

The code I originally posted should have been more like this to dispose of my DirectoryEntry object.

Code:

    Public Function Authenticate(ByVal username As String, ByVal password As String) As Boolean

        Dim path As String = "LDAP://dc=" + Environment.UserDomainName
        Dim domainAndUsername As String = username + "@" + Environment.UserDomainName
        
        using entry New DirectoryEntry(path, domainAndUsername, password)
            ...
        end using

        Return True
    End Function

Scott