Currently I have a method to check if a user is authenticated, but I want my ASP.net application to implement ActiveDirectory authentication with the default login.
My current method:
public bool IsAuthenticated(string user, string pass)
{
bool authenticated = false;
string path = "LDAP://my path here";
DirectoryEntry adsEntry = new DirectoryEntry(path);
adsEntry.AuthenticationType = AuthenticationTypes.Secure;
adsEntry.Username = user;
adsEntry.Password = pass;
DirectorySearcher adsSearcher = new DirectorySearcher(adsEntry);
adsSearcher.Filter = "(sAMAccountName=" + user + ")";
try
{
SearchResult adsSearchResult = adsSearcher.FindOne();
authenticated = true;
adsEntry.Close();
}
catch (Exception ex)
{
// Failed to authenticate. Most likely it is caused by unknown user
// id or bad strPassword.
//strError = ex.Message;
adsEntry.Close();
}
return authenticated;
Trying to implement the login functionality in the web.config I wrote the following:
<membership defaultProvider="MembershipADProvider">
<providers>
<add
name="MembershipADProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
/>
</providers>
</membership>
It appears to be connecting to the LDAP server, as it throws a Bad username or password valdiation error
. On the other side, I'm not sure if it's even connecting to the server because this server blocks the user on other every application after 3 incorrect authentication tries, and this is not happening. I'm not sure if I even have to add the attributes connectionUsername
and connectionPassword
to the web.config or let the Login
command fill them up with each username/password at login. Any help would be appreciated.
I am using the same type of setup and the only difference I can see from your code in the config is I have the attributeMapUsername attribute added to mine.
<membership defaultProvider="MembershipADProvider">
<providers>
<add name="MembershipADProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
attributeMapUsername="sAMAccountName"
/>
</providers>
</membership>
On the code behind I just check for validation through the membership provider like below.
// Connect to the proper membership provider based on the domain name entered by the user.
MembershipProvider provider = Membership.Providers["MembershipADProvider"];
// Check if the domain provider exists.
if ( provider != null )
{
// Validate the user based on the credentials they entered.
if ( provider.ValidateUser( username, password ) )
{
// Authenticate the user and redirect them to the return URL.
FormsAuthentication.SetAuthCookie( username, false );
Response.Redirect( returnUrl );
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.