Using C# to authenticate user against LDAP

Question

I\'m using DirectorySearcher to search for a user entry in LDAP server.

DirectoryEntry de = new DirectoryEntry();
de.Path = \"LDAP://myserver/OU=People,O=m         


        

Answer 1

This username, password within this line:

DirectoryEntry("LDAP://myserver/OU=People,O=mycompany", username, password);

should be for an account that has permission for directory lookup. It could be a service account or testing purpose try with your own. This shouldn't be the user/pass of someone who you are trying to authenticate.

If you want to authenticate, you can use following steps using PrincipalContext:

using(var context = new PrincipalContext(ContextType.Domain, "mydomain", "mydomain\serviceAcct", "serviceAcctPass")) {
 //Username and password for authentication.
 return context.ValidateCredentials(username, password); 
}

"serviceAcct" = an account within domain users that has permission for directory lookup. "serviceAcctPass" = password for that service account. As I said, for testing you can try with your own user/pass context.

Also, make sure supplied username has either "domain\username" or "username@domain" formatting.

Answer 2

Here we are getting the active directory user details and we can use DomainName and UserRole from web.config file

bool isAdmin = false;
        RegisterInput model = new RegisterInput();
        NewUserInput usr = new NewUserInput();
        SearchResultCollection results;
        string mobileNumber = string.Empty;
        using (DirectoryEntry domainEntry = new DirectoryEntry("LDAP://" + AppSettings.DomainName))
        {
            using (DirectorySearcher searcher = new DirectorySearcher(domainEntry, "userPrincipalName=" + userName + "@" + AppSettings.DomainName) { Filter = string.Format("(&(objectClass=user)(samaccountname={0}))", userName) })
            {
               results = searcher.FindAll();

                if (results.Count > 0)
                {
                    usr.FirstName = results[0].GetDirectoryEntry().Properties["givenName"].Value.ToString();
                    usr.LastName = results[0].GetDirectoryEntry().Properties["sn"].Value?.ToString();
                    usr.EmailAddress = results[0].GetDirectoryEntry().Properties["mail"].Value?.ToString();
                    mobileNumber = results[0].GetDirectoryEntry().Properties["mobile"]?.Value?.ToString();
                    dynamic userRoleList = results[0].GetDirectoryEntry().Properties["memberOf"];

                    if (userRoleList != null)
                    {
                        foreach (var role in userRoleList)
                        {
                            string[] split = role.ToString().Split(new string[] { "," }, StringSplitOptions.RemoveEmptyEntries);
                            bool result = split.Any(x => x.ToLowerInvariant() == AppSettings.UserRole.ToLowerInvariant());
                            if (result)
                            {
                                isAdmin = true;
                                break;
                            }
                        }
                    }
                }
            }
        }

        model.NewUser = usr;