Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

LDAP with AD/LDS

Status
Not open for further replies.

BuilderSpec

Programmer
Dec 24, 2003
383
0
0
GB
Hi

I have some C# code that connects to an AD / LDS store. I can use Directory Search successfully to find and add members. The issue I am having is that I cannot authenticate a user name and password successfully. I have followed various internet suggestions and come up with the following code.

The line to validate the username and password is the context.ValidateCredentials one. IF the user happens to be a Windows user then it works i.e. it successfully validates it , however the users I need to add will be purely AD users only and it will not authenticate them even if I use the right password etc.

Has anyone had similar issues ? You can download tools to authenticate the user and they work i.e. it validates the user credentials but my code still does not. Anyone have any suggestions ? Is there an alternative to ValidateCredentials ?

any help appreciated

My code is :

using (PrincipalContext context = new PrincipalContext(ContextType.ApplicationDirectory, _LDAPServer, "cn=DDUsers," + _LDAPOU , _LDAPUser, _LDAPPassword))
{
if (context == null)
return 8;

UserPrincipal User = UserPrincipal.FindByIdentity(context, Username);

if (User != null)
{
bool locked = User.IsAccountLockedOut();
if (locked)
return 2;
else
{
string userPath = "cn=" + Username + ",OU=DD_Users," + _LDAPOU;
userPath = User.DistinguishedName;

/*

var du = User.GetUnderlyingObject() as DirectoryEntry;
var prop = du.Properties["displayName"];
prop.Value = "sysadmin@fgh-uk.com";

prop = du.Properties["accountExpires"];
prop.Value = "31/12/2017";

prop = du.Properties["accountExpires"];
prop.Value = "31/12/2017";


du.CommitChanges();

User.Enabled = true;
User.Save();
*/



bool pass = false;
if (User.LastPasswordSet == null)
{
var deUser = User.GetUnderlyingObject() as DirectoryEntry;
var property = deUser.Properties["pwdLastSet"];
property.Value = -1;
deUser.CommitChanges();
pass = context.ValidateCredentials(userPath, Password);
property.Value = 0;
deUser.CommitChanges();
}
else
{
pass = context.ValidateCredentials(Username,Password );

pass = context.ValidateCredentials(userPath, Password);
// pass = context.ValidateCredentials("hstd092", "Dor1s");
// pass = context.ValidateCredentials("doris-dev\\hstd092", "Dor1s");

}
return (pass) ? 0 : 1;



Hope this helps!

Regards

BuilderSpec
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top