Reputation: 43813
Query an AD domain via SSL
I have a domain and port number (636) as well as a username and password.
I am trying to figure out a way to connect to this AD via Secure LDAP and get a users 'givenname', 'sn', 'mail', and probably a few custom attributes.
However I have no idea how to do this in C#.
I think that Microsoft may have a method for this available already but I am going to defer to you all.
The final user experience will be: See login screen, enter username and password, those credentials are sent over LDAP and the users info is returned to my web app, then I log them in if it all went well... though I don't know what a failed attempt would look like either so I can deny them. Any ideas?
Please include code samples so I can understand the implementation, thanks!
Upvotes: 1
Views: 1386
Answers (3)
Reputation: 754220
You should definitely check out the .NET 3.5 System.DirectoryServices.AccountManagement namespace as suggested by Brad.
To get a good head start on how to use it, read this MSDN Magazine article: Managing Directory Security Principals in the .NET Framework 3.5
The article does talk several times about how to securely (using SSL) connect to your AD domain, and how to e.g. create users or retrieve user information. I think reading that article closely and trying out the code samples should give you a good idea on how to do what you're looking for.
Update: quite obviously, all those method in S.DS.AM require you to be authenticated against AD. The new classes also provide for pretty simple verification of user credentials (as shown in that article I linked to):
// establish context
PrincipalContext domain = new PrincipalContext(ContextType.Domain);
// determine whether a user can validate to the directory
bool validated = domain.ValidateCredentials("user1", "Password1");
Upvotes: 0
Reputation: 15673
Did you even try google?
EDIT
Sorry for the hubub and the snarky response. I think the problem you were having is you didn't quite ask the question right -- either here or on google. Anyhow, you don't need a lick of C# code here. You just need to configure your web app to use AD as a membership provider. You'll need a connection string [getting this right was the hardest part]:
<connectionStrings>
<add name="MyAd"
connectionString="LDAP://adserver/OU=Users"
/>
</connectionStrings>
And a membership provider:
<membership defaultProvider="AdProvider">
<providers>
<add
name="AdProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="MyAd"
applicationName="ItRemoteHelpdesk"
enablePasswordReset="false"
/>
</providers>
</membership>
Then users can login with their normal username@domain and password.
Upvotes: 4
Reputation: 15567
The System.DirectoryServices.AccountManagement is the .NET dll to use for the newer, non-LDAP AD authentication.
Try this website for a good starting point with code examples:
http://www.codeproject.com/KB/system/usingAccountManagement.aspx
Upvotes: 1
Related Questions
- How to get a DirectoryEntry from LDAP over SSL?
- LDAPS connection with ASP.Net/C#
- How to get Domains from a forest from Active Directory over LDAP SSL in c#
- Active Directory Login check with SSL
- Get other ldap query strings associated with a domain
- how to get ssl certificate for ldap/Active directory
- C#: How to Connect to Active Directory with SSL Enabled using DirectoryContext, Domains and DirectoryEntry classes?
- Query Active Directory in C#
- How can I better query multiple domains in Active Directory using C#?
- C#: How to connect to Active Directory with SSL enabled?