CODEWITHSUNDEEP
c#authenticationactive-directorydirectoryservices
LBenjaminv15
LBenjaminv15

Reputation: 1

Authenticating user using SAMAccountName

I'm new here so bear with me with my explanation. I am currently tasked to create this AD portal login page where the user have to enter their userID and password.

However, as I've done many searches online I found out that there is no way to authenticate the user with both UserID and Password as SAMAccountName just needs the UserID.

The thing here is the user I have to authenticate is not the user which I use for the LDAP connection login. LDAP connection will always be the same admin ID and password, while the users I have to authenticate are different users.

Most examples shown on the web explains that the LDAP UserID and the SAMAccountName are using the same userID. However, that is not applicable to my situation.

Therefore, I want to ask. Is it possible to authenticate a user's UserID and Password using SAMAccountName? Hope you're able to provice a code example as I am not an experienced programmer compared to most of the people here. Thanks.

    public SearchResult GetADUser(string UserID, string Password)
    {
         SearchResult results;

         try
         {
               DirectoryEntry de = GetDirectoryObject(CommonConstant.LDAP_CONNECTION_STRING);
               de.Username = CommonConstant.AD_ADMIN_ID;
               de.Password = CommonConstant.AD_ADMIN_Password;

               DirectorySearcher deSearch = new DirectorySearcher();
               deSearch.SearchRoot = de;

               deSearch.Filter = "(&(objectClass=user)(objectCategory=person)(samaccountname=" + UserID + "))";
               deSearch.SearchScope = SearchScope.Subtree;
               results = deSearch.FindOne();
          }
          catch (Exception ex)
          {
               throw new Exception(String.Format("GetADUser() returned {0}, \"{1}\"", ex.StackTrace, ex.Message));
          }

          return results;
    }

Upvotes: 0

Views: 1445

Answers (1)

Erik Funkenbusch
Erik Funkenbusch

Reputation: 93454

You're making a lot of assumptions, and some of those assumptions are simply not correct.

Yes, it's true that to be able to access LDAP, you need a username and password. And it's true that many samples use the credentials supplied to authenticate against LDAP in order to.. well, authenticate against LDAP.

The problem is that you don't need to do any of this. You say it's an "AD Portal", which I assume means it's a web application. And since you're using C#, I assume you're using asp.net. If you're using asp.net, then you can simply use the ASP.NET membership system to authenticate using Windows authentication against AD. It's more or less "built-in".

You don't need to do LDAP queries. You're way over-complicating the problem. It's very very simple.

Unless there is something very specific you are trying to do, you really are going down the wrong path for a simple AD Login page.

Upvotes: 2

Related Questions