Active Directory authentication from web.config and default Login

Question

Currently I have a method to check if a user is authenticated, but I want my ASP.net application to implement ActiveDirectory authentication with the default login.

My current method:

public bool IsAuthenticated(string user, string pass)
        {
            bool authenticated = false;
            string path = "LDAP://my path here";
            DirectoryEntry adsEntry = new DirectoryEntry(path);
            adsEntry.AuthenticationType = AuthenticationTypes.Secure;
            adsEntry.Username = user;
            adsEntry.Password = pass;
            DirectorySearcher adsSearcher = new DirectorySearcher(adsEntry);
            adsSearcher.Filter = "(sAMAccountName=" + user + ")";

            try
            {
                SearchResult adsSearchResult = adsSearcher.FindOne();
                authenticated = true;
                adsEntry.Close();
            }
            catch (Exception ex)
            {
                // Failed to authenticate. Most likely it is caused by unknown user
                // id or bad strPassword.
                //strError = ex.Message;
                adsEntry.Close();
            }

            return authenticated;

Trying to implement the login functionality in the web.config I wrote the following:

    <membership defaultProvider="MembershipADProvider">
      <providers>
        <add
          name="MembershipADProvider"
          type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, 
            Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                    connectionStringName="ADConnectionString"
                    />

      </providers>
    </membership>

It appears to be connecting to the LDAP server, as it throws a Bad username or password valdiation error . On the other side, I'm not sure if it's even connecting to the server because this server blocks the user on other every application after 3 incorrect authentication tries, and this is not happening. I'm not sure if I even have to add the attributes connectionUsername and connectionPassword to the web.config or let the Login command fill them up with each username/password at login. Any help would be appreciated.

Answer 1

I am using the same type of setup and the only difference I can see from your code in the config is I have the attributeMapUsername attribute added to mine.

<membership defaultProvider="MembershipADProvider">
  <providers>
    <add name="MembershipADProvider"
         type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
         connectionStringName="ADConnectionString"
         attributeMapUsername="sAMAccountName"
    />
  </providers>
</membership>

On the code behind I just check for validation through the membership provider like below.

// Connect to the proper membership provider based on the domain name entered by the user.
MembershipProvider provider = Membership.Providers["MembershipADProvider"];

// Check if the domain provider exists.
if ( provider != null )
{
    // Validate the user based on the credentials they entered.
    if ( provider.ValidateUser( username, password ) )
    {
        // Authenticate the user and redirect them to the return URL.
        FormsAuthentication.SetAuthCookie( username, false );
        Response.Redirect( returnUrl );
    }
}