Total Online Users: 4228
 Best ASP.NET 2.0 and .NET 3.0 Hosting Providers
  Blue Theme Orange Theme Green Theme Red Theme
 
DevExpress Free UI Controls
Home | Forums | Videos | Photos | Blogs | Beginners | Advertise with Us
 | Consulting  
Submit an Article Submit a Blog 
 Jump to
Skip Navigation Links
TechnologyExpand Technology
WebsiteExpand Website
Sponsored by
6 Months Free & No Setup Fees ASP.NET Hosting!
Become a Sponsor
Search :       Advanced Search »
Home » VB.NET » Authenticate a user against the Active Directory

Authenticate a user against the Active Directory

By  Anand Thakur November 17, 2006

This article serves as a guide to using System.DirectoryServices (SDS) ADSI to access user and group in the Windows Active Directory. Authenticate a user against the Active Directory using the user ID and password.
Page Views : 51095
Downloads : 0
Rating :
 Rate it
Level : Intermediate
   Print Read/Post comments Post a comment  Similar Articles  
   Email to a friend  Bookmark  Author's other articles  
 
Sponsored by
6 Months Free & No Setup Fees ASP.NET Hosting!
Become a Sponsor
Sponsored by
Become a Sponsor
 Tag Cloud
 Latest Jobs
More ... 
 Latest Interview Questions
More ... 

This article serves as a guide to using System.DirectoryServices (SDS) ADSI to access user and group in the Windows Active Directory. Authenticate a user against the Active Directory using the user ID and password.

LDAP, ADSI and SDS

Lightweight Directory Access Protocol (LDAP) is an industry standard directory access protocol (basically set of protocols) for accessing information directories. In Windows, LDAP is the primary way the Operating System accesses the Active Directory database. Active Directory is the information hub of the Windows Server operating system and index all the data in their entries, and "filters" may be used to select just the person or group you want, and return just the information you want. Active Directory enables centralized, secure management of an entire network and promises to support a single unified view of all objects (such as user accounts, groups, computers and sites) on a network and locating and managing resources faster and easier.

Active Directory Service Interfaces (ADSI) is a COM-based programmatic interface for Microsoft Windows Active Directory that allows you to create custom scripts to administer Active Directory. ADSI-enabled scripts are capable of performing a wide range of administrative tasks involving Active Directory. Active Directory administration involves managing the life cycle of directory objects from initial creation, modification, searching to deletion.

In the .NET Framework, System.DirectoryServices (SDS) is a namespace that provides simple programming access to LDAP directories such as Active Directory from managed code. System.DirectoryServices is built on the Active Directory Service Interfaces (ADSI) API.

User's login using SDS (ADSI) and Database

Authenticate a user against the Active Directory using the user ID and password. When a user wants to login to your software, he can login using network user/pass provided to him by network administrator. You need not implement and maintain the custom implementation for user/pass using database table. You can simply check for windows users using SDS (ADSI) and validate the entered user/pass against the windows domain. You can even set the permission that user should also belong to particular group in order to access the software.

In the example shown here both types of login are used, one using the simple database table to maintain username/password and second, using Windows domain user by SDS ADSI.

 

Login Using Active Directory Services (SDS)

In order to use SDS, first we have to set properties of LDAP server. Here database ADSI_PARAMETER table is used to set the LDAP properties.

CREATE TABLE [dbo].[ADSI_PARAMETER] (
 [ParameterName] [varchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
 [ParameterValue] [varchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL
) ON [PRIMARY]
GO

Enter following data to table in ParameterName and ParameterValue fields

Parameter Name ParameterValue
ServerName WindowsDomainServer
BaseDN DC=DomainName,DC=COM
UserDN OU=Users
GroupName CN=Operater, OU=Groups
AccountFilter sAMAccountName

Where ServerName is your domain server machine name. BaseDN is your domain name, most of the time it is company name. UserDN is organizational unit where user should exist. GroupName is organizational unit, to which user should belong in order to access your software. AccountFilter is filter for account name; mostly it is sAMAccountName in windows.

Now we have set the parameter for LDAP server, when the user submit the user/pass from login dialog box with ADSI option. We will pick up the LDAP parameters from database and search the data against parameters and user/pass.

Code for submit button click event. Declare a form level variable int i=0.

Private Sub btnSubmit_Click(sender As Object, e As EventArgs)

      If txtUserName.Text.Trim().Equals("") OrElse txtPassword.Text.Trim().Equals("") Then

         MessageBox.Show("Please Enter UserName/Password...")

         txtPassword.Text = ""

         txtUserName.Text = ""

      Else

         'if ADSI radio box is selected call ADSI Login else call simple database login

         If rdoADSI.Checked = True Then

            GetADSILogin()

         Else

            GetDatabaseLogin()

         End If

      End If

End Sub 'btnSubmit_Click

Code for GetADSILogin function. You need to set reference to System.DirectoryService through add reference dialog box in order to use SDS.

Public Sub GetADSILogin()

      Try

         Dim strServerName As String = ""

         Dim strBaseDN As String = ""

         Dim strUserDN As String = ""

         Dim strGroupName As String = ""

         Dim strAccountFilter As String = ""

         'Port no for LDAP Default is 389

         Dim strPortNo As String = "389"

         Dim blnGroupUser As [Boolean] = False

         'Data source string

         Dim [source] As String = "Data Source=ATHAKUR;Initial Catalog=Times;user=sa;password=sa"

        

         'SQL statement that will be issued

         Dim [select] As String = "SELECT * from ADSI_PARAMETER"        

         'SQL Connection

         Dim conn As New SqlConnection([source])        

         ' Open the database connection

         conn.Open()        

         ' Create the SQL command...

         Dim cmd As New SqlCommand([select], conn)        

         'Execute Data reader

         Dim myReader As SqlDataReader = cmd.ExecuteReader()        

         'Check if any rows return against user/pass

         If myReader.HasRows Then

            While myReader.Read()

               'Store the parameter's data in variables

               Dim strParameterName As String = myReader.GetString(0).Trim()

               Dim strParameterValue As String = myReader.GetString(1).Trim()

               If strParameterName.ToUpper().Equals("SERVERNAME") Then

                  strServerName = strParameterValue

               End If

               If strParameterName.ToUpper().Equals("BASEDN") Then

                  strBaseDN = strParameterValue

               End If

               If strParameterName.ToUpper().Equals("USERDN") Then

                  strUserDN = strParameterValue

               End If

               If strParameterName.ToUpper().Equals("GROUPNAME") Then

                  strGroupName = strParameterValue

               End If

               If strParameterName.ToUpper().Equals("ACCOUNTFILTER") Then

                  strAccountFilter = strParameterValue

               End If

            End While

         End If 'Search for user

         Dim deSystem As New DirectoryEntry("LDAP://" + strServerName + "/" + strUserDN + "," + strBaseDN)

         deSystem.AuthenticationType = AuthenticationTypes.Secure

         deSystem.Username = txtUserName.Text

         deSystem.Password = txtPassword.Text

         'Search for account name

         Dim strSearch As String = strAccountFilter + "=" + txtUserName.Text

         Dim dsSystem As New DirectorySearcher(deSystem, strSearch)

         'Search subtree of UserDN

         dsSystem.SearchScope = SearchScope.Subtree

         'Find the user data

         Dim srSystem As SearchResult = dsSystem.FindOne()

         'Pick up the user group belong to

         Dim valcol As ResultPropertyValueCollection = srSystem.Properties("memberOf")

         If valcol.Count > 0 Then

            Dim o As Object

            For Each o In  valcol

               'check user exist in Group we are searching for

               If o.ToString().Equals((strGroupName + "," + strBaseDN)) Then

                  blnGroupUser = True

                  Exit ForEach

               End If

            Next o

         End If

         If blnGroupUser = True Then

            MessageBox.Show("Login Sucessfull...")

         Else

            MessageBox.Show("User Does Not Belong to Specified ADSI Group")

         End If

      Catch ex As Exception

         MessageBox.Show(ex.Message)

      End Try

      i = i + 1

      If i = 5 Then

         MessageBox.Show("Login failed for 5 times. Quiting...")

         Me.Close()

      End If

   End Sub 'GetADSILogin

If everything works fine then you will get the message "Login Successful". If user does not belong to group specified in LDAP properties then will the message "User Does Not Belong to Specified ADSI Group". If you enter wrong user/pass, you will get Logon failure message.

Login Using Simple Database Table

You can also give the permission to the user, who are not domains user and wants to use your software. For this we can simply use traditional database LOGIN table.

CREATE TABLE [dbo].[LOGIN] (
 [USERNAME] [varchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ,
 [PASSWORD] [varchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL
) ON [PRIMARY]
GO

And admin can enter the username/password in table. And when user selects simple database login option from Login dialog, we can simply check against LOGIN table.

Code for GeDatabaseLogin function.

Public Sub GetDatabaseLogin()

      'Data source string

      Dim [source] As String = "Data Source=ATHAKUR;Initial Catalog=Times;user=sa;password=sa"

      'SQL statement that will be issued

      Dim [select] As String = "SELECT * from LOGIN where USERNAME='" + txtUserName.Text + "'And PASSWORD "

      Dim Latin1_General_CS_AS As COLLATE = ControlChars.Quote + txtPassword.Text + "'" '

      'SQL Connection

      Dim conn As New SqlConnection([source])

      ' Open the database connection

      conn.Open()

      ' Create the SQL command...

      Dim cmd As New SqlCommand([select], conn)

      'Execute Data reader

      Dim myReader As SqlDataReader = cmd.ExecuteReader()

      'Check if any rows return against user/pass

      If myReader.HasRows Then

         MessageBox.Show("Login Sucessfull")

      Else

         MessageBox.Show("Login Failed")

      End If 'Close datareader and connection

      myReader.Close()

      conn.Close()

      'check for % attempts

      i = i + 1

      If i = 5 Then

         MessageBox.Show("Login failed for 5 times. Quiting...")

         Me.Close()

      End If

   End Sub 'GetDatabaseLogin

 

If user/pass does exist in database then you will get the message "Login successful", otherwise "Login failed" message will be displayed.

Conclusion

We have seen here, how System.DirectoryServices searches the LDAP directory for a user object and validate that against groups. One single domain login user/pass can be used to access the your software. And how SDS manages resources under Windows Active Directory Services.

Aah! Another bug! Well, it's the life.

NOTE: THIS ARTICLE IS CONVERTED FROM C# TO VB.NET USING A CONVERSION TOOL. ORIGINAL ARTICLE CAN BE FOUND ON C# CORNER (http://www.c-sharpcorner.com/). 
Comment Request!
Thank you for reading this post. Please post your feedback, question, or comments about this post Here.
Login to add your contents and source code to this article
 [Top] Rate this article
 
 About the author
 
Anand Thakur

 
Looking for C# Consulting?
C# Consulting is founded in 2002 by the founders of C# Corner. Unlike a traditional consulting company, our consultants are well-known experts in .NET and many of them are MVPs, authors, and trainers. We specialize in Microsoft .NET development and utilize Agile Development and Extreme Programming practices to provide fast pace quick turnaround results. Our software development model is a mix of Agile Development, traditional SDLC, and Waterfall models.
Click here to learn more about C# Consulting.
 
Introducing MaxV - one click. infinite control. Hyper-V Hosting from MaximumASP.
Finally – a virtual platform that delivers next-generation Windows Server 2008 Hyper-V virtualization technology from a managed hosting partner you can truly depend on. Visit www.maximumasp.com/max for a FREE 30 day trial. Hurry offer ends soon. Climb aboard the MaxV platform and take advantage of High Availability, Intelligent Monitoring, Recurrent Backups, and Scalability – with no hassle or hidden fees. As a managed hosting partner focused solely on Microsoft technologies since 2000, MaximumASP is uniquely qualified to provide the superior support that our business is built on. Unparalleled expertise with Microsoft technologies lead to working directly with Microsoft as first to offer IIS 7 and SQL 2008 betas in a hosted environment; partnering in the Go Live Program for Hyper-V; and product co-launches built on WS 2008 with Hyper-V technology.
Dynamic PDF
ceTE software specializes in components for dynamic PDF generation and manipulation. The DynamicPDF™ product line allows you to dynamically generate PDF documents, merge PDF documents and new content to existing PDF documents from within your applications.
Discover the top 5 tips for understanding .NET
Ricky Leeks presents the top 5 tips for understanding .NET Interoperability. Learn more.
Nevron Chart for .NET 2010.1 Now Available
The leading .NET charting control now features PDF, Flash and Silverlight export, visualization of large datasets and more. Deliver true charting functionality to your BI, Scorecard, Presentation or Scientific apps. Download evaluation now.
ASP.NET 4 Hosting
Get 2 Months Free of ASP.NET Hosting for Only $4.95/month! Receive FREE MS SQL and MySQL Databases Including ASP.NET 4/3.5, MVC 3.0, Silverlight 4, Windows 2008/IIS 7.0 Plus FREE IIS 7 Modules. Host UNLIMITED ASP.NET Web Sites – Click Here!
 
 Post a Feedback, Comment, or Question about this article
Subject:
Comment:
Sponsored by
Mindcracker MVP Summit 2012
Become a Sponsor
 Comments
Access 2003 by Adrian On July 30, 2007
Can this be implemented using VBA and Access 2003? I mean, can I make calls to the LDAP from Visual Basic for Applications? Thanks for your attention.
Reply | Email | Modify 
Hi from Italy... by luca On February 11, 2008
Have a similar soltion in VB calssic? tks.
Reply | Email | Modify 
Hi from Italy... by luca On February 11, 2008
Have a similar soltion in VB calssic? tks.
Reply | Email | Modify 
Question by Luis On March 17, 2008
This line, Dim valcol As ResultPropertyValueCollection = srSystem.Properties("memberOf"), it does not work, why?
Reply | Email | Modify 
thank by autorun On December 15, 2011
thank
Reply | Email | Modify 
DevExpress Free UI Controls
 © 2012  contents copyright of their authors. Rest everything copyright Mindcracker. All rights reserved.