对Active Directory进行ASP.NET用户身份验证时遇到问题

Question

I replaced our domain name with "demo"... please ignore missing commas and such in the image below.

My question is as follows:

I want to authenticate the SBSUsers in my ASP.NET web application. I cannot figure out what my active directory path needs to be in order to get it to work...

When I set it as follows, it fails to authenticate (I assume because my users are not under that path)... but it doesn't give me an error:

string adPath = "LDAP://ac-dc01.demo.local:389/CN=Configuration,DC=demo,DC=local";
string domainAndUsername = domain + @"\" + username;
DirectoryEntry entry = new DirectoryEntry(adPath, domainAndUsername, pwd);
// Bind to the native AdsObject to force authentication.
Object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (null == result)
{
    return false;
}
// Update the new path to the user in the directory
adPath = result.Path;
_filterAttribute = (String)result.Properties["cn"][0];

When I set it to what I think it should be, it errors on the entry.NativeObject line.

string adPath = "ldap://ac-dc01.demo.local:389/OU=SBSUsers,OU=Users,OU=MyBusiness,DC=demo,DC=local";

Any ideas? Do I need to open it up for "global" access somehow? If so, how would I go about doing that?

I was able to successfully connect using another piece of software...

Answer 1

This is how we connect to our AD and it works great:

<yourConfig>LDAP://ADServerName/OU=GROUPNAME,DC=domainName,DC=com</YourConfig>

And here is a sample code on how you can validate a user:

using (PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain,
                                                            ENTER YOUR DOMAIN NAME,
                                                            This is where the config that I mentioned above comes in,
                                                            ContextOptions.Negotiate,
                                                            ENTER YOUR AD SERVICE NAME,
                                                            ENTER YOUR AD PASSWORD))
            {
                UserPrincipal oUser = UserPrincipal.FindByIdentity(oPrincipalContext, THE USERNAME THAT YOU WANT TO VALIDATE);
                if (oUser != null)
                {
                    oADAcct = new CUserADAcct();
                    oADAcct.dumpAcctAttrs(oUser);
                }
            }

Answer 2

this is what you can try.. also are you sure that your DC=Demo and DC=Local those look like OU's to me

const string Domain = "ServerAddress:389";
const string constrParts = @"OU=Users,DC=domain,DC=com";
const string Username = @"someusername";
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, Domain, constrParts);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext,  username);