Validate Login against Active Directory

You need to add a reference to the System.DirectoryServices assembly

thanks its all working out now.

Just thought I'd add the following code change.
The Directory Service objects need to be disposed of:

vb Code:

Private Function ValidateActiveDirectoryLogin(ByVal domain As String, ByVal username As String, ByVal userPassword As String) As Boolean
        Dim success As Boolean = False
        Using rootEntry As New System.DirectoryServices.DirectoryEntry("LDAP://" & domain, username, userPassword)
            Using adSearcher As New System.DirectoryServices.DirectorySearcher(rootEntry)
                adSearcher.SearchScope = DirectoryServices.SearchScope.OneLevel
                Try
                        Dim searchResults As System.DirectoryServices.SearchResult = adSearcher.FindOne
                        success = Not (searchResults Is Nothing)
                Catch
                        success = False
                End Try
        End Using
    End Using
        return success
End Function

c# Code:

private bool ValidateActiveDirectoryLogin(string domain, string username, string userPassword)
{
        bool success = false;
        using(System.DirectoryServices.DirectoryEntry rootEntry = New System.DirectoryServices.DirectoryEntry("LDAP://" & Domain, Username, Password))
    {
            using(System.DirectoryServices.DirectorySearcher adSearcher = New System.DirectoryServices.DirectorySearcher(rootEntry))
        {
                adSearcher.SearchScope = DirectoryServices.SearchScope.OneLevel;
                try
            {
                        System.DirectoryServices.SearchResult searchResults = adSearcher.FindOne;
                        success = (searchResults != null);
            }
                catch
            {
                        success = false;
                }
        }
    }
    return success;
}

Hope that helps.

Cheers, woka

There isn't really a need for the Success variable, you could just do this (I would also recommend using the Secure binding as I have done in the code below)

vb Code:

Private Function ValidateActiveDirectoryLogin(ByVal domain As String, ByVal username As String, ByVal userPassword As String) As Boolean
   Using rootEntry As New System.DirectoryServices.DirectoryEntry("LDAP://" & domain, username, userPassword, DirectoryServices.AuthenticationTypes.Secure)
      Using adSearcher As New System.DirectoryServices.DirectorySearcher(rootEntry)
                adSearcher.SearchScope = DirectoryServices.SearchScope.OneLevel
                Try
                       Dim searchResults As System.DirectoryServices.SearchResult = adSearcher.FindOne
                       Return Not searchResults Is Nothing
                Catch
                       Return False
                End Try
        End Using
    End Using
End Function

Again though, anyone using .NET 3.5 or 4.0 should probably just use the built in methods in the Sytem.DirectoryServices.AccountManagement namespace to do this.

I agree with the secure binding.

The AccountManagement namespace contains objects like Group and UserPrincipal...these are just wrappers around the DirectoryEntry object.
I prefer having the flexibility of using the DirectoryServices namespace and writing app specific wrappers.

One thing I personally disagree with is multiple return exit points from a function. I would strongly discourage this. This can lead to complex and hard to read code execution and the managability of your code decreases.
You gain no benefit by removing the bool success flag, only negatives, yet if you keep it then you have the flexibility for future code modifications and easy of reading the code.

cheers,

Woka

One example of this would be if I wanted to log the failure.

c# Code:

private bool ValidateActiveDirectoryLogin(string domain, string username, string userPassword)
{
        bool success = false;
        using(System.DirectoryServices.DirectoryEntry rootEntry = New System.DirectoryServices.DirectoryEntry("LDAP://" & Domain, Username, Password))
    {
            using(System.DirectoryServices.DirectorySearcher adSearcher = New System.DirectoryServices.DirectorySearcher(rootEntry))
        {
                adSearcher.SearchScope = DirectoryServices.SearchScope.OneLevel;
                try
            {
                        System.DirectoryServices.SearchResult searchResults = adSearcher.FindOne;
                        success = (searchResults != null);
            }
                catch
            {
                        success = false;
                }
        }
    }
             if(!success)
             {
                          ErrorLogging.LogFailedLogin(username);
             }
    return success;
}

If you had multiple exit points then you would have to write more code, a few lines per exit point, which is why it can become unmanagable very quickly.

Hope that helps.

WOka

lol surely if you wanted to log the failure you would log it in the Catch block so that you could actually get the exception details?

Anyway, I definitely agree that you get a lot more power and flexibility if you use the DirectoryEntry class etc but as this thread is purely about authenticating a user against AD I think it makes sense to suggest using classes/methods that are there purely to do this kind of thing.

Quote:

---

One thing I personally disagree with is multiple return exit points from a function. I would strongly discourage this. This can lead to complex and hard to read code execution and the managability of your code decreases.

---

Fine, this then:

vb Code:

Private Function ValidateActiveDirectoryLogin(ByVal domain As String, ByVal username As String, ByVal userPassword As String) As Boolean
   Using rootEntry As New System.DirectoryServices.DirectoryEntry("LDAP://" & domain, username, userPassword, DirectoryServices.AuthenticationTypes.Secure)
      Using adSearcher As New System.DirectoryServices.DirectorySearcher(rootEntry)
                adSearcher.SearchScope = DirectoryServices.SearchScope.OneLevel
                Dim searchResults As System.DirectoryServices.SearchResult
                Try
                       searchResults = adSearcher.FindOne
                Catch
                       searchResults = Nothing
                End Try
                Return Not searchResults Is Nothing
        End Using
    End Using
End Function

I just dont see the point declaring an extra variable when there is no real need for it :)

Quote:

---

Originally Posted by chris128

Anyway, I definitely agree that you get a lot more power and flexibility if you use the DirectoryEntry class etc but as this thread is purely about authenticating a user against AD I think it makes sense to suggest using classes/methods that are there purely to do this kind of thing.

---

Framework 3.5 wasn't out when I 1st created this thread ;)

Quote:

---

Originally Posted by chris128

I just dont see the point declaring an extra variable when there is no real need for it :)

---

Some examples of function that could return success or any other variable will not always have a try catch block.
I refer back to my last post about maintainability of multiple exit points.
I think there is a definate need for it.

Anyways, that's symantecs of coding, and should be taken up in another thread. Lets not get off track here :)

Woka

Sorry if this is a double post

Hey I would appreciate some help. I have implemented your active directory connect which works perfectly but I am trying to connect to a server and download or open a file for viewing. How can this be completed?

Doman: MyCompany.com
Server: ServerOne.MyCompany.com
path: \home\etc
file: Test.pdf

I have been using things like TransferFile but this option does not work when the site is deployed so I am thinking I am not using System.DirectoryServices correctly. Any tips, pointers, examples would be greatly appreciated.

Many Thanks

I have a web app using this Validate Login and it works great on an interal server. Now I need to move this to an external web server that allows AD authentication. Both of these servers are on Windows Server 2003 SP 2.

When I try to login to the external server it never authenticates. Besides changing the ldap domain for the exteranl server do I need to change anything else?

In the web.config on the internal server it has:
<authentication mode="Windows"></authentication>
<authorization>
<deny users="?"/>
</authorization>

On the external server I changed it to forms mode.

Thanks in advance.

Hi VbForums,

I am very happy to have found your site and this article dealing with what i am looking for a long time ... but for VBA.
Because I use Excel.

I have tried first to understand and adapt the code of all of your functions ... but without success.

Would it be possible for you to give me instructions to do that.
I need to give access to 10 of my colleagues to a workbook in which i have built one sheet for each of them.
We are ALL Authenticated users against our main AD Domain.
I want to display a userform in which each of them could enter its Username / Current AD Password ...
then ... send query to Validate these credentials and finally activate HIS PRIVATE SHEET ... each sheet name is username of my colleague.

Thanks in advance
Regards from PARIS.
Philou75

You need to start a thread on this topic in the Office Development forum. This thread hasn't been active for nine years, and is about working with a language that is radically different from VBA. Nothing in here is likely to be all that meaningful to the problem you have, but there are folks in Office Development who may well be able to answer the question you have.