How to Authenticate Active directory users in my machine in WCF

Question

sudheer2250 0 Light Poster

13 Years Ago

Hi,

I am using the following codel. But it is always returning 'False'. Even though i gave correct values..

Plz help...

PrincipalContext adContext = new PrincipalContext(ContextType.Domain, "xxx.xxx.0.15", "Administrator", "Password");
            using (adContext)
            {
                return adContext.ValidateCredentials(userName, passWord, ContextOptions.Signing);
            }

I tried the this one also..

DirectoryEntry de = new DirectoryEntry("LDAP://serverIpAddress/CN=myusername,CN=Users,DC=domain,DC=com" + "domain.com\\", userName, passWord);

This erros is coming
Unknown error (0x80005000)

Edited 13 Years Ago by ~s.o.s~ because: Fixed code tags, learn to use them.

2 Contributors
10 Replies
986 Views
10 Hours Discussion Span
Latest Post 13 Years Ago Latest Post by sudheer2250

Ketsuekiame 860 Master Poster

13 Years Ago

Hi there, this link might help you out :)

Also this line DirectoryEntry de = new DirectoryEntry("LDAP://serverIpAddress/CN=myusername,CN=Users,DC=domain,DC=com" + "domain.com\\", userName, passWord); The first argument will read: "LDAP://serverIpAddress/CN=myusername,CN=Users,DC=domain,DC=comdomain.com\\" I'm not sure that's a correct formation.

Edited 13 Years Ago by Ketsuekiame because: n/a

Ketsuekiame 860 Master Poster

13 Years Ago

Well you have DC in there twice, and the DC is set the second time to comdomain.com\

I think you might need to check the address of your domain controller and try again. You shouldn't have to impersonate a user in order to query log on credentials. Impersonation is all about making the software pretend it's someone else, which you shouldn't have to do in order to query the AD.

Ketsuekiame 860 Master Poster

13 Years Ago

Unfortunately I'm not an expert with LDAP as I use other methods to authenticate with WCF, however, I did some digging and it appears something like this should work:

public bool AuthenticateAndGetUserDataFromAD(string strusername, string strDomain, string strPassword)
        {
            string strRootDN = string.Empty;
            DirectoryEntry objDseSearchRoot = null, objDseUserEntry = null;
            DirectorySearcher objDseSearcher = null;
            SearchResultCollection objResults = null;
            string strLDAPPath = string.Empty;
            try
            {
                /* Give LDAP Server IP along with OU
                 * e.g : LDAP://29.29.29.29:389/DC=YourDomain,DC=com"
                 */
                strLDAPPath = "Your LDAP ServerPath";
                string strDomainname = strDomain;
                objDseSearchRoot = new DirectoryEntry(strLDAPPath, strDomainname + "\\" + strusername, strPassword, AuthenticationTypes.None);
                strRootDN = objDseSearchRoot.Properties["defaultNamingContext"].Value as string;
                objDseSearcher = new DirectorySearcher(objDseSearchRoot);
                objDseSearcher.CacheResults = false;
                objResults = objDseSearcher.FindAll();
                if (objResults.Count > 0)
                {
                    objDseUserEntry = objResults[0].GetDirectoryEntry();
                }

                if (objDseUserEntry == null)
                {
               
                    return false;
                }
            }

            catch (Exception e)
            {
              
                return false; ;
            }
            finally
            {
               //Dipose Object Over Here
            }
         
            return true;
        }

Code taken from: Here

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

sudheer2250 0 Light Poster · Answer 1 · 2011-09-12T16:23:50+00:00

Hi there, this link might help you out :)
Also this line DirectoryEntry de = new DirectoryEntry("LDAP://serverIpAddress/CN=myusername,CN=Users,DC=domain,DC=com" + "domain.com\\", userName, passWord); The first argument will read: "LDAP://serverIpAddress/CN=myusername,CN=Users,DC=domain,DC=comdomain.com\\" I'm not sure that's a correct formation.

Thanks for the reply...

I tried the things in the link before did not worked for me..i saw in some site..we have to impersonate the user in wcf. I am still not able to implement 'impersonate' ....

If the format is wrong, plz tell me which is the correct format. I am new to WCF...

sudheer2250 0 Light Poster · Answer 2 · 2011-09-12T17:31:39+00:00

Well you have DC in there twice, and the DC is set the second time to comdomain.com\
I think you might need to check the address of your domain controller and try again. You shouldn't have to impersonate a user in order to query log on credentials. Impersonation is all about making the software pretend it's someone else, which you shouldn't have to do in order to query the AD.

Ok..now removed the duplicate text....

DirectoryEntry de = new DirectoryEntry("LDAP://Serveripaddress/DC=mydomain,DC=com", userName, passWord);

But i am getting this error.

Logon failure: unknown user name or bad password.

I am not running the service with the Admin credentials. My user is also the member of the Active directory users. I am passing my user credentials to the service to validate whether it is valid AD user or not. The service is deployed in my machine.
My doubt is for creating the Directory entry, shall I need to pass the AD Administrator credentials??
If that is the case, I am not able to authenticate the users in combination of the 'User name ' and 'password'. I can only validate the username.

sudheer2250 0 Light Poster · Answer 3 · 2011-09-12T18:36:29+00:00

Getting the same error
Logon failure: unknown user name or bad password.
at

strRootDN = objDseSearchRoot.Properties["defaultNamingContext"].Value as string;

Ketsuekiame 860 Master Poster Featured Poster · Answer 4 · 2011-09-12T18:47:47+00:00

Did you change the text defaultNamingContext to the actual context you want to use?

If you still get the error, it means it can't find the username and password you're giving it.

sudheer2250 0 Light Poster · Answer 5 · 2011-09-12T19:08:24+00:00

Hi,

I tried the following code for getting the 'ContextName'.

DirectorySearcher ds = new DirectorySearcher(objDseSearchRoot);
                ds.SearchScope = System.DirectoryServices.SearchScope.Base;
                ds.PropertiesToLoad.Add("namingContexts");
                SearchResult searchResult = ds.FindOne();
                //SearchResultCollection results = ds.FindAll();

                String namingContexts = searchResult.Properties["namingContexts"].Count.ToString();

But i am getting the count as zero. Any way, when i give the Administrator credentials of the AD, i am able to get the "objResults.Count" as 375.

But for the users other than Administration if the AD, still getting the Bad User name or password.

Ketsuekiame 860 Master Poster Featured Poster · Answer 6 · 2011-09-12T19:59:35+00:00

I honestly can't tell you anymore. I'm at the limit of my knowledge, sorry. ^^ Hopefully, someone else here who works with the AD more than I will be able to help you =)

sudheer2250 0 Light Poster · Answer 7 · 2011-09-12T20:21:14+00:00

It's ok Ketsuekiame. Thank you very much for ur help. I will try other options.