LDAP Search within Active Directory for authentication

Discussion in 'C#' started by wak0, Oct 2, 2009.

0
  1. #1
    Hi, I hope you guys can help me.

    I need to build a form that request username and password on ASP not ASP.net (sorry to clarify but i got some responses in other forums in .net)

    This form will send an LDAP query into the active directory located on a different server and it will check for existing users.

    If the users exist they will be redirected to a new page. if not they will be prompt to try again for username and password.

    Im not an experience programmer in asp, but in php. so I understand the logic. If you can point me to the right direction I will appreciate it.
     
    wak0, Oct 2, 2009 IP
  2. rahulwb

    rahulwb Peon

    Messages:
    32
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    //first add following lines to ur web.config, some of this will be irrelevant for ur ldap settings make appropraite changes
    <appSettings>
    <add key="ldapServer" value="LDAP://directory.name.com: _portnumber"/>
    <add key="ldapSearch" value="ou=people,o=companyname,c=US"/>
    <add key="ldapAttrUserId" value="uid"/>
    </appSettings>

    //create a c# class and then create a object and then call authenticate user
    public class ldapAuthentication
    {
    private string _serverPath;
    private string _searchPath;
    private string _userAttr;

    public ldapAuthentication()
    {
    _serverPath = ConfigurationManager.AppSettings["ldapServer"].ToString();
    _searchPath = ConfigurationManager.AppSettings["ldapSearch"].ToString();
    _userAttr = ConfigurationManager.AppSettings["ldapAttrUserId"].ToString();
    }

    public bool AuthenticateUser(string _userID, string _passWord)
    {
    bool _isValid = false;

    if (_userID == null)
    {
    throw (new Exception("Please Enter User ID!"));
    }

    if (_passWord == null)
    {
    throw (new Exception("Enter Password!"));
    }

    //user id must supplied to search
    if (_userID.Length < 1 || _passWord.Length < 1)
    {
    throw (new Exception("UserId and/or password are not Entered!"));
    }

    DirectoryEntry dirEntry = new DirectoryEntry(_serverPath + "/" + _searchPath);
    dirEntry.AuthenticationType = AuthenticationTypes.ServerBind;
    DirectorySearcher dirSearch = new DirectorySearcher(dirEntry);

    dirSearch.Filter = "(" + _userAttr + "=" + _userID + ")";
    SearchResult sr = dirSearch.FindOne();

    try
    {
    if (null != sr)
    {
    dirEntry.Username = _userAttr + "=" + _userID + "," + _searchPath;
    dirEntry.Password = _passWord;
    dirEntry.AuthenticationType = AuthenticationTypes.ServerBind;
    dirSearch.FindOne();
    _isValid = true;
    }
    else
    {
    throw (new Exception("Invalid User ID"));
    }
    }
    catch (Exception ex)
    {
    _isValid = false;
    throw (new Exception("Invalid Password"));
    }

    dirSearch = null;
    sr = null;

    return _isValid;

    }
    }
     
    rahulwb, Oct 5, 2009 IP