7

Given a username and a password for a domain user, what would be the best way to authenticate that user programatically?

Gonçalo Peres
  • 11,752
  • 3
  • 54
  • 83
John Christensen
  • 5,020
  • 1
  • 28
  • 26

2 Answers2

17

It appears that .NET 3.5 added a new namespace to deal with this issue - System.DirectoryServices.AccountManagement. Code sample is below:

Private Function ValidateExternalUser(ByVal username As String, ByVal password As String) As Boolean
    Using context As PrincipalContext = New PrincipalContext(ContextType.Domain, _defaultDomain)
        Return context.ValidateCredentials(username, password, ContextOptions.Negotiate)
    End Using
End Function

The namespace also seems to provide a lot of methods for manipulating a domain account (changing passwords, expiring passwords, etc).

John Christensen
  • 5,020
  • 1
  • 28
  • 26
9

You can use some hacks to authenticate only.

Try
    Dim directoryEntry as New DirectoryEntry("LDAP://DomainController:389/dc=domain,dc=suffix", "username", "password")
    Dim temp as Object = directoryEntry.NativeObject
    return true
Catch
    return false
End Try

If the user is not valid, the directory entry NativeObject cannot be accessed and throws an exception. While this isn't the most efficient way (exceptions are evil, blah blah blah), it's quick and painless. This also has the super-cool advantage of working with all LDAP servers, not just AD.

David J. Sokol
  • 3,456
  • 3
  • 31
  • 25
  • 2
    you should never catch ALL exceptions like that... COMException is what will be thrown when you can't access the LDAP server so that is what you would be catching. – Pauli Østerø Jan 06 '11 at 04:29