1

I am quite new to c# and LDAP, I'm doing this project so that I could learn about them in a more hands on approach.

What I'm trying to create is a Log in form that has a log in click event that would authenticate the username and password after the user enters them through the active directory using LDAP.

I have read Managing Directory Security Principals in the .NET Framework 3.5 to be able to understand this subject better and I have also gone through similar topics here this one dealing with the validation in itself (c# - Validate a username and password against Active Directory?) and this one authenticating a username (c# against Active Directory over LDAP)

From the first linked topic I had learned that the following code should do the trick in authenticating a username and password:

  using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "LDAP://example.string.com/OU=Users, Dc=example, Dc= string, DC=com"))
        {
            bool isValid = pc.ValidateCredentials(User, Password);
        }

So my approach to incorporate this to a click event was as follows:

using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "LDAP://example.string.com/OU=Users, Dc=example, Dc= string, DC=com"))

            bool isValid = pc.ValidateCredentials(User, Password);

             if(isValid)
             {
                 Main m = new Main();
                 this.Close();
                 m.Show();
             }
             else
             {
                 MessageBox.Show("Invalid Username and/or Password","Error!");
                 textBox1.Clear();
                 textBox2.Clear();
                 textBox1.Focus();

             }

Which is giving me a bool error of Embedded Statement. I tried the other approach I had read from the second post which was to use this code which authenticates only Username: 

         PrincipalContext pc = new PrincipalContext(ContextType.Domain, "LDAP://example.com/OU=Computers,OU=Users,dc=example,dc=com");

        UserPrincipal user = UserPrincipal.FindByIdentity(pc, "username");


        bool userExists = (user != null);

But I found that I wont be able to authenticate a password using this method as UserPrincipal.FindByPassword does not exist.

I have also tried it this way but again .Password does not exist:

 PrincipalContext pc = new PrincipalContext(ContextType.Domain,"LDAP://....");

        UserPrincipal qbeUser = new UserPrincipal(pc);
        qbeUser.EmployeeId = User;

        //.Password does not exist
        UserPrincipal qbePassword = new UserPrincipal(pc);
        qbePassword.Password = Password;

        // create your principal searcher passing in the QBE principal    
        PrincipalSearcher srchUser = new PrincipalSearcher(qbeUser);
         PrincipalSearcher srchPass = new PrincipalSearcher(qbePassword);
        // try to find that user and password
        UserPrincipal founduser = srchUser.FindOne() as UserPrincipal;
        UserPrincipal foundpass = srchPass.FindOne() as UserPrincipal;

        if (founduser != null)
        {
            if (foundpass != null)
            {
                Main m = new Main();
                this.Close();
                m.Show();
            }
            else
            {
                MessageBox.Show("Password Not Valid.");
                textBox2.Clear();
                textBox2.Focus();
            }
        }

        else
        {
            MessageBox.Show("Username Not Valid.");
            textBox1.Clear();
            textBox1.Focus();
        }

Can someone kindly please instruct me as how one should correctly approach this.

Thank you in advance.

Community
  • 1
  • 1
Gooseman Bossman
  • 33
  • 5
  • what do you mean by "Which is giving me a bool error of Embedded Statement" below your first solution? In general that approach should work, maybe your problem isn't the authentication in general. – Dirk Trilsbeek Jan 10 '13 at 09:05
  • Yes, there was a minor syntax error in my first approach, that's causing the bool error. I've already corrected it and will test it now and see if it works. Thank you. – Gooseman Bossman Jan 10 '13 at 09:23

1 Answers1

0

I have done this but not with PrincipalContext. Instead I have found many people struggling using that object.

My implemenatation was a winforms form and the submit button calls a method executing the 4 las lines of the code below.

I tested against this magnificent free to test LDAP server

var path = "LDAP://ldap.forumsys.com:389/dc=example,dc=com";
var user = $@"uid={username},dc=example,dc=com";
var pass = "password";

var directoryEntry = new DirectoryEntry(path, user, pass, AuthenticationTypes.None);

var searcher = new DirectorySearcher(directoryEntry);
searcher.PropertiesToLoad.Add("*");
var searchResult = searcher.FindOne();

I don´t understand exactly what all of this lines does.

Important tips

On the path the "LDAP://" string should be on block mayus.

In the user, according to the test server you use "cn=username-admin" for validating admins, be sure to also set Authentication type to ServerBind.

Ricker Silva
  • 1,137
  • 4
  • 17
  • 37