-
May 21st, 2008, 07:10 AM
#41
Re: Validate Login against Active Directory
Oh, and after checking by AD...the field is "manager", and not "managedBy"...How wrong could I have been. doh!
Sorry about that.
the AD property "managedBy" is on a group object, and not a user one.
Woka
Last edited by Wokawidget; May 22nd, 2008 at 04:22 AM.
-
Jul 14th, 2008, 06:47 PM
#42
New Member
Re: Validate Login against Active Directory
Hello guys,
I don't know if this post still is live but first of all I would like to thank you all as I didn't know this is simple to use LDAP like this.
My code working great but my problem is that if I use a wrong password for existing username the user get locked.
How can I prevent this then I can just validate the username and password in the Active Directory.
Is there any way?
Cheers,
-
Jul 14th, 2008, 06:49 PM
#43
New Member
Re: Validate Login against Active Directory
Just to let you know that I have used the first posted function in this section
cheers
-
Dec 26th, 2008, 11:18 AM
#44
New Member
Re: Validate Login against Active Directory
Thanks for this code. It got me pass the first part of my little app, but now I need to know how to pass the AD credentials to another form. My app simply allows an Admin to login to the app and then run programs as an Admin like "RunAs" for common apps. Any advice on how to achieve this would be helpful.
thanks!
-
Jan 12th, 2009, 11:02 AM
#45
Addicted Member
Re: Validate Login against Active Directory
I am trying to use the OP code to find AD username. However, the only info available to me is Domain and ComputerName.
I've been searching for hours. Any ideas.
-
Jan 12th, 2009, 12:21 PM
#46
Hyperactive Member
Re: Validate Login against Active Directory
I have a few questions regarding the code the Original Poster provided.
1) Will the code work for Framework 2.0 and 3.5?
2) Is this the best code to use if one just wants to verify that the user does exist in Active Directory? The App that I am making will have its own security but at the least, they must be valid Domain Users.
3) My app will be an ASP.net app so would I be correct in assuming that I can use the same code?
-
Jan 13th, 2009, 04:58 AM
#47
Re: Validate Login against Active Directory
Good morning,
1) Yes, the DirectoryServices code has not changed through the frameworks...each Framework does however add more functionality to DirectoryService.
2) Hmmmmm...not 100% sure. You could use The directory Searcher and just check if there is 1 result returned...or you can look into the DirectoryServices.AccountManagement namespace and play with the user object. http://msdn.microsoft.com/en-us/libr...anagement.aspx
3) This shouldn't be an issue...most of the AD coding I have done has been from an ASP.NET application.
Cheers,
Woka
-
Jan 13th, 2009, 05:04 AM
#48
Re: Validate Login against Active Directory
Originally Posted by CXXXV
I am trying to use the OP code to find AD username. However, the only info available to me is Domain and ComputerName.
I've been searching for hours. Any ideas.
I am not sure I follow. How can you search for a username that you don't know? :s
Woka
-
Jan 13th, 2009, 07:16 AM
#49
Hyperactive Member
Re: Validate Login against Active Directory
Woka thanks for responding.
I get an invalid login and password each time even when I modify some of the code.
I don't have access to the Active Directory Server but I bet I have to drill down more than just one level as I bet they have everyone in groups and then in the group you can access the username.
That is just a guess but I have decided to go ahead and have my application have its own security and forget about AD.
If I am not mistaken, it sends the Username and Password in clear text over the Internet as well.
Thanks for the code.
-
Jan 13th, 2009, 07:25 AM
#50
Addicted Member
Re: Validate Login against Active Directory
Originally Posted by Wokawidget
I am not sure I follow. How can you search for a username that you don't know? :s
Woka
I am able to obtain the computer name of the users of an .mdb via the JETSCHEMA built in to VB. However, what I need is to then search the AD using the computer name and return who is logged in to that computer.
-
Jan 26th, 2009, 07:09 AM
#51
Re: Validate Login against Active Directory
Originally Posted by CXXXV
I am able to obtain the computer name of the users of an .mdb via the JETSCHEMA built in to VB. However, what I need is to then search the AD using the computer name and return who is logged in to that computer.
AD cannot tell you who is logged on to a computer. WMI can however
Here's an example vbscript:
Code:
strRemoteComputer = inputbox("Remote computer name:","Enter PC Name...")
if strRemoteComputer = "" then
wscript.echo "Click OK to close."
wscript.quit
end if
set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!//" & strRemoteComputer & "")
set colWin32 = objWMI.ExecQuery("Select * from Win32_ComputerSystem")
For Each objItem In colWin32
if strUsers <> "" then
strUser = strUser & ", " & objItem.UserName
else
strUser = objItem.UserName
End If
Next
if strUser = "" then
wscript.echo "Could not retrieve users from " & strRemoteComputer & ". Check that the machine is powered on and can access the network"
Else
wscript.echo strUser & " is logged on to " & strRemoteComputer
end if
Hope that helps
Originally Posted by maikeru-sama
If I am not mistaken, it sends the Username and Password in clear text over the Internet as well.
Thanks for the code.
Not if you use the Secure authentication type it doesnt (DirectoryServices.AuthenticationTypes.Secure)
Last edited by chris128; Jan 26th, 2009 at 07:12 AM.
-
Feb 6th, 2009, 08:40 AM
#52
New Member
Re: Validate Login against Active Directory
This post has been great! Thank you all for your time. I have a small issue. Here is my code:
This is my Auth.vb:
Code:
Imports System.DirectoryServices
Imports System.Net.Mail
Public Class Auth
Public Function AuthNow(ByVal userName As String, ByVal userPassword As String, ByVal groupname As String) As Boolean
Dim isValidated As Boolean = False
Dim domainName As String = "XXX.org"
Try
Dim ldapPath As String = "LDAP://" & domainName
Dim dirEntry As New DirectoryEntry(ldapPath, userName, userPassword, AuthenticationTypes.Secure)
Dim dirSearcher As New DirectorySearcher(dirEntry)
dirSearcher.Filter = "(SAMAccountName=" & userName & ")"
dirSearcher.PropertiesToLoad.Add("memberOf")
dirSearcher.PropertiesToLoad.Add("givenname")
dirSearcher.PropertiesToLoad.Add("managedBy")
Dim result As SearchResult = dirSearcher.FindOne()
Dim managerPath As String = String.Empty
If (result.Properties("managedBy").Count = 1) Then
Dim managerDN As String = result.Properties("managedBy").Item(0).ToString
managerPath = String.Format("LDAP://{0}", managerDN)
End If
If (managerPath.Length > 0) Then
Dim managerObject As DirectoryEntry = New DirectoryEntry(managerPath)
Dim managerUPN As String = managerObject.Properties("userPrincipalName").Value.ToString()
Dim managerDisplayName As String = managerUPN
If (managerObject.Properties("displayName").Count = 1) Then
managerDisplayName = managerObject.Properties("displayName").Value.ToString()
End If
End If
If Not result Is Nothing Then
If groupname.Length = 0 Then
isValidated = True
Else
Dim groupCount As Integer = result.Properties("memberOf").Count
Dim isInGroup As Boolean = False
For index As Integer = 0 To groupCount - 1
Dim groupDN As String = result.Properties("memberOf").Item(index)
Dim equalsIndex As Integer = groupDN.IndexOf("=")
Dim commaIndex As Integer = groupDN.IndexOf(",")
Dim group As String = groupDN.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1).ToLower
If group.Equals(groupname.ToLower) Then
isInGroup = True
Exit For
End If
Next index
isValidated = isInGroup
End If
End If
Catch ex As Exception
MsgBox("Bad Username or Password")
End Try
Return isValidated
End Function
End Class
Here is my default.vb:
Code:
Imports Auth
Partial Class _Default
Inherits System.Web.UI.Page
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim isauthenticated As Boolean = AuthenticateUser()
Dim managerDisplayName As String =
If isauthenticated Then
MsgBox("You have logged In!")
Else
MsgBox("You have not yet logged in!")
End If
End Sub
Private Function AuthenticateUser() As Boolean
Dim username As String = txtUsername.Text
Dim password As String = txtPassword.Text
Dim groupname As String = "IS"
Dim AuthSend As New Auth
Dim isAuthenticated As Boolean = AuthSend.AuthNow(username, password, groupname)
Return isAuthenticated
End Function
End Class
My question is ... how do I get the manager's name to appear on default.vb?
Thanks,
Richard
-
Feb 6th, 2009, 09:17 AM
#53
Re: Validate Login against Active Directory
Well if you want to use the user object that you got from the manager part of the AuthNow function then you would have to return that user object (or just the name if thats all you are after) instead of just returning a boolean. Alternatively, you could just use a separate function to return the manager's name but only if the AuthNow function returns true.
If you want any further help then the best thing to do would be to create a new thread in the VB.NET part of these forums and put all the details in there, as the codebank threads such as this one arent really meant to be used for people just asking questions like yours
-
Feb 9th, 2009, 03:21 AM
#54
Re: Validate Login against Active Directory
Chris is right. That question is not really related to AD code at all, and more geared towards general .NET code design.
Your AuthNow function needs to return the users AD object.
So in your code you would do:
Code:
DirectoryEntry authUser = AuthSend.AuthNow(username, password, groupname);
if(authUser != null)
{
//Authenticated
string managedBy = string.empty;
if(authUser.Properties["managedBy"].Value != null)
{
managedBy = authUser.Properties["managedBy"].Value.ToString();
}
}
else
{
//user failed authentication, do something here
}
You may want to create your own user class to return from this function, which holds properties of a user, instead of throwing AD DirectoryEntry objects around, that will lead to "cleaner" code.
Woka
-
May 1st, 2009, 09:26 AM
#55
New Member
Re: Validate Login against Active Directory
Can this code be used in classic ASP? I've been asked to authenticate against AD in a classic ASP-coded page.
-
Feb 8th, 2010, 10:46 AM
#56
New Member
Re: Validate Login against Active Directory
Just a note on the original code. If you use that code in any kind of loop the AD objects need to be disposed of because you'll leak lots of memory otherwise (speaking from personal experience):
Code:
Public Shared Function ValidateLogin(ByVal domain As String, ByVal username As String, ByVal password As String) As Boolean
Dim success As Boolean = False
Dim entry As New System.DirectoryServices.DirectoryEntry("LDAP://" & domain, username, password)
Dim searcher As New System.DirectoryServices.DirectorySearcher(entry)
searcher.SearchScope = DirectoryServices.SearchScope.OneLevel
Try
Dim results As System.DirectoryServices.SearchResult = searcher.FindOne
success = Not (results Is Nothing)
Catch ex As Exception
success = False
Finally
entry.Close() : entry.Dispose()
searcher.Dispose()
End Try
Return success
End Function
-
Feb 8th, 2010, 11:24 AM
#57
Re: Validate Login against Active Directory
Originally Posted by jinx101
Just a note on the original code. If you use that code in any kind of loop the AD objects need to be disposed of because you'll leak lots of memory otherwise (speaking from personal experience):
Code:
Public Shared Function ValidateLogin(ByVal domain As String, ByVal username As String, ByVal password As String) As Boolean
Dim success As Boolean = False
Dim entry As New System.DirectoryServices.DirectoryEntry("LDAP://" & domain, username, password)
Dim searcher As New System.DirectoryServices.DirectorySearcher(entry)
searcher.SearchScope = DirectoryServices.SearchScope.OneLevel
Try
Dim results As System.DirectoryServices.SearchResult = searcher.FindOne
success = Not (results Is Nothing)
Catch ex As Exception
success = False
Finally
entry.Close() : entry.Dispose()
searcher.Dispose()
End Try
Return success
End Function
That is a good point but one minor comment - you don't need to call Close and Dispose on the DirectoryEntry object because they both do pretty much exactly the same thing. The Close method just calls an internal method named Unbind (which frees up the resources that were used) and the Dispose method calls the same Unbind method but then also calls MyBase.Dispose. So I would just go with Dispose on its own and not bother with Close
-
Sep 3rd, 2010, 02:09 PM
#58
New Member
Re: Validate Login against Active Directory
Hi guys. sorry to reawaken the thread...im using vb.net 2010 and i could really have good use for this code. im making an local domain chat application and the users should login with there domain acc/pw stored in the AD. so if someone could convert this code it would be appreciated.
-
Sep 3rd, 2010, 03:09 PM
#59
Re: Validate Login against Active Directory
There is no conversion required - this code works in .NET 2.0 so it will work in .NET 4.0 (which is what VS 2010 will target by default but you can just set it to target 2.0 if you want anyway).
Also, for anyone using .NET 3.5 or 4.0, you might want to look at the AccountManagement namespace which is new in .NET 3.5 - see here for more info and examples: http://msdn.microsoft.com/en-us/maga...135979.aspx#S9
Last edited by chris128; Sep 3rd, 2010 at 03:14 PM.
-
Sep 5th, 2010, 02:17 PM
#60
New Member
Re: Validate Login against Active Directory
this code:
vb Code:
Private Function ValidateActiveDirectoryLogin(ByVal Domain As String, ByVal Username As String, ByVal Password As String) As Boolean Dim Success As Boolean = False Dim Entry As New System.DirectoryServices.DirectoryEntry("LDAP://" & Domain, Username, Password) Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry) Searcher.SearchScope = DirectoryServices.SearchScope.OneLevel Try Dim Results As System.DirectoryServices.SearchResult = Searcher.FindOne Success = Not (Results Is Nothing) Catch Success = False End Try Return Success End Function
gives this error list:
Error 1 Type 'System.DirectoryServices.DirectoryEntry' is not defined. C:\Users\karhol02\AppData\Local\Temporary Projects\IP chat with login\Login.vb 5 26 IP chat with login
Error 2 Type 'System.DirectoryServices.DirectorySearcher' is not defined. C:\Users\karhol02\AppData\Local\Temporary Projects\IP chat with login\Login.vb 6 29 IP chat with login
Error 3 'DirectoryServices' is not declared. It may be inaccessible due to its protection level. C:\Users\karhol02\AppData\Local\Temporary Projects\IP chat with login\Login.vb 7 32 IP chat with login
Error 4 Type 'System.DirectoryServices.SearchResult' is not defined. C:\Users\karhol02\AppData\Local\Temporary Projects\IP chat with login\Login.vb 9 28 IP chat with login
-
Sep 6th, 2010, 02:57 AM
#61
Re: Validate Login against Active Directory
You need to add a reference to the System.DirectoryServices assembly
-
Sep 6th, 2010, 10:27 AM
#62
New Member
Re: Validate Login against Active Directory
thanks its all working out now.
-
Sep 11th, 2010, 08:14 AM
#63
Re: Validate Login against Active Directory
Just thought I'd add the following code change.
The Directory Service objects need to be disposed of:
vb Code:
Private Function ValidateActiveDirectoryLogin(ByVal domain As String, ByVal username As String, ByVal userPassword As String) As Boolean
Dim success As Boolean = False
Using rootEntry As New System.DirectoryServices.DirectoryEntry("LDAP://" & domain, username, userPassword)
Using adSearcher As New System.DirectoryServices.DirectorySearcher(rootEntry)
adSearcher.SearchScope = DirectoryServices.SearchScope.OneLevel
Try
Dim searchResults As System.DirectoryServices.SearchResult = adSearcher.FindOne
success = Not (searchResults Is Nothing)
Catch
success = False
End Try
End Using
End Using
return success
End Function
c# Code:
private bool ValidateActiveDirectoryLogin(string domain, string username, string userPassword)
{
bool success = false;
using(System.DirectoryServices.DirectoryEntry rootEntry = New System.DirectoryServices.DirectoryEntry("LDAP://" & Domain, Username, Password))
{
using(System.DirectoryServices.DirectorySearcher adSearcher = New System.DirectoryServices.DirectorySearcher(rootEntry))
{
adSearcher.SearchScope = DirectoryServices.SearchScope.OneLevel;
try
{
System.DirectoryServices.SearchResult searchResults = adSearcher.FindOne;
success = (searchResults != null);
}
catch
{
success = false;
}
}
}
return success;
}
Hope that helps.
Cheers, woka
-
Sep 11th, 2010, 11:53 AM
#64
Re: Validate Login against Active Directory
There isn't really a need for the Success variable, you could just do this (I would also recommend using the Secure binding as I have done in the code below)
vb Code:
Private Function ValidateActiveDirectoryLogin(ByVal domain As String, ByVal username As String, ByVal userPassword As String) As Boolean
Using rootEntry As New System.DirectoryServices.DirectoryEntry("LDAP://" & domain, username, userPassword, DirectoryServices.AuthenticationTypes.Secure)
Using adSearcher As New System.DirectoryServices.DirectorySearcher(rootEntry)
adSearcher.SearchScope = DirectoryServices.SearchScope.OneLevel
Try
Dim searchResults As System.DirectoryServices.SearchResult = adSearcher.FindOne
Return Not searchResults Is Nothing
Catch
Return False
End Try
End Using
End Using
End Function
Again though, anyone using .NET 3.5 or 4.0 should probably just use the built in methods in the Sytem.DirectoryServices.AccountManagement namespace to do this.
-
Sep 11th, 2010, 12:33 PM
#65
Re: Validate Login against Active Directory
I agree with the secure binding.
The AccountManagement namespace contains objects like Group and UserPrincipal...these are just wrappers around the DirectoryEntry object.
I prefer having the flexibility of using the DirectoryServices namespace and writing app specific wrappers.
One thing I personally disagree with is multiple return exit points from a function. I would strongly discourage this. This can lead to complex and hard to read code execution and the managability of your code decreases.
You gain no benefit by removing the bool success flag, only negatives, yet if you keep it then you have the flexibility for future code modifications and easy of reading the code.
cheers,
Woka
-
Sep 11th, 2010, 12:40 PM
#66
Re: Validate Login against Active Directory
One example of this would be if I wanted to log the failure.
c# Code:
private bool ValidateActiveDirectoryLogin(string domain, string username, string userPassword)
{
bool success = false;
using(System.DirectoryServices.DirectoryEntry rootEntry = New System.DirectoryServices.DirectoryEntry("LDAP://" & Domain, Username, Password))
{
using(System.DirectoryServices.DirectorySearcher adSearcher = New System.DirectoryServices.DirectorySearcher(rootEntry))
{
adSearcher.SearchScope = DirectoryServices.SearchScope.OneLevel;
try
{
System.DirectoryServices.SearchResult searchResults = adSearcher.FindOne;
success = (searchResults != null);
}
catch
{
success = false;
}
}
}
if(!success)
{
ErrorLogging.LogFailedLogin(username);
}
return success;
}
If you had multiple exit points then you would have to write more code, a few lines per exit point, which is why it can become unmanagable very quickly.
Hope that helps.
WOka
-
Sep 11th, 2010, 03:20 PM
#67
Re: Validate Login against Active Directory
lol surely if you wanted to log the failure you would log it in the Catch block so that you could actually get the exception details?
Anyway, I definitely agree that you get a lot more power and flexibility if you use the DirectoryEntry class etc but as this thread is purely about authenticating a user against AD I think it makes sense to suggest using classes/methods that are there purely to do this kind of thing.
One thing I personally disagree with is multiple return exit points from a function. I would strongly discourage this. This can lead to complex and hard to read code execution and the managability of your code decreases.
Fine, this then:
vb Code:
Private Function ValidateActiveDirectoryLogin(ByVal domain As String, ByVal username As String, ByVal userPassword As String) As Boolean
Using rootEntry As New System.DirectoryServices.DirectoryEntry("LDAP://" & domain, username, userPassword, DirectoryServices.AuthenticationTypes.Secure)
Using adSearcher As New System.DirectoryServices.DirectorySearcher(rootEntry)
adSearcher.SearchScope = DirectoryServices.SearchScope.OneLevel
Dim searchResults As System.DirectoryServices.SearchResult
Try
searchResults = adSearcher.FindOne
Catch
searchResults = Nothing
End Try
Return Not searchResults Is Nothing
End Using
End Using
End Function
I just dont see the point declaring an extra variable when there is no real need for it
-
Sep 11th, 2010, 06:08 PM
#68
Re: Validate Login against Active Directory
Originally Posted by chris128
Anyway, I definitely agree that you get a lot more power and flexibility if you use the DirectoryEntry class etc but as this thread is purely about authenticating a user against AD I think it makes sense to suggest using classes/methods that are there purely to do this kind of thing.
Framework 3.5 wasn't out when I 1st created this thread
-
Sep 11th, 2010, 06:13 PM
#69
Re: Validate Login against Active Directory
Originally Posted by chris128
I just dont see the point declaring an extra variable when there is no real need for it
Some examples of function that could return success or any other variable will not always have a try catch block.
I refer back to my last post about maintainability of multiple exit points.
I think there is a definate need for it.
Anyways, that's symantecs of coding, and should be taken up in another thread. Lets not get off track here
Woka
-
Mar 3rd, 2011, 01:36 PM
#70
New Member
Re: Validate Login against Active Directory
Sorry if this is a double post
Hey I would appreciate some help. I have implemented your active directory connect which works perfectly but I am trying to connect to a server and download or open a file for viewing. How can this be completed?
Doman: MyCompany.com
Server: ServerOne.MyCompany.com
path: \home\etc
file: Test.pdf
I have been using things like TransferFile but this option does not work when the site is deployed so I am thinking I am not using System.DirectoryServices correctly. Any tips, pointers, examples would be greatly appreciated.
Many Thanks
-
Apr 7th, 2011, 12:18 PM
#71
New Member
Re: Validate Login against Active Directory
I have a web app using this Validate Login and it works great on an interal server. Now I need to move this to an external web server that allows AD authentication. Both of these servers are on Windows Server 2003 SP 2.
When I try to login to the external server it never authenticates. Besides changing the ldap domain for the exteranl server do I need to change anything else?
In the web.config on the internal server it has:
<authentication mode="Windows"></authentication>
<authorization>
<deny users="?"/>
</authorization>
On the external server I changed it to forms mode.
Thanks in advance.
-
Aug 20th, 2020, 12:04 PM
#72
New Member
Re: Validate Login against Active Directory
Hi VbForums,
I am very happy to have found your site and this article dealing with what i am looking for a long time ... but for VBA.
Because I use Excel.
I have tried first to understand and adapt the code of all of your functions ... but without success.
Would it be possible for you to give me instructions to do that.
I need to give access to 10 of my colleagues to a workbook in which i have built one sheet for each of them.
We are ALL Authenticated users against our main AD Domain.
I want to display a userform in which each of them could enter its Username / Current AD Password ...
then ... send query to Validate these credentials and finally activate HIS PRIVATE SHEET ... each sheet name is username of my colleague.
Thanks in advance
Regards from PARIS.
Philou75
-
Aug 20th, 2020, 02:01 PM
#73
Re: Validate Login against Active Directory
You need to start a thread on this topic in the Office Development forum. This thread hasn't been active for nine years, and is about working with a language that is radically different from VBA. Nothing in here is likely to be all that meaningful to the problem you have, but there are folks in Office Development who may well be able to answer the question you have.
My usual boring signature: Nothing
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|