Home All Groups Group Topic Archive Search About

.Net LDAP Authentication Problem (ADAM)

microsoft.public.dotnet.framework
Author
12 Dec 2006 11:24 PM
steve_ager
Hi

I am trying to test LDAP authentication with ADAM from .NET v1.1

I am using the System.DirectoryServices objects as per an example that
is available on the microsoft support site (VB) and MSDN (C#).

http://support.microsoft.com/kb/326340
and
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT02.asp

My domain user account is a registered ADAM administrator account.  The
web site is using impersonation and IIS is configured to use my domain
name and password.  I am able to connect to ADAM when using my default
credentials, i.e. I do not specify a username and password in the
DirectoryEntry constructor.

What I want to know is how do I authenticate an ADAM account. i.e. One
that was created in ADAM and is not an active directory account.

The examples always use domain\username in the DirectoryEntry
constructor.

This is my code:

DirectoryEntry entry = new
DirectoryEntry("LDAP://localhost:389/O=ColtGeo,C=CA"
                           , "CN=Mary Baker,OU=ADAM
Users,o=ColtGeo,c=CA"
                                                              ,
"maryb");

try
{
    object o = entry.NativeObject;
    DirectorySearcher search = new DirectorySearcher(entry);
    search.Filter = string.Format("(SAMAccountName={0})", username);
    search.PropertiesToLoad.Add("cn");
    SearchResult result = search.FindOne();

...............
......

The code throws an exception of "Logon failure: unknown user name or
bad password"

I can connect to ADAM using the LDP tool using a SIMPLE BIND using
"CN=Mary Baker,OU=ADAM Users,o=ColtGeo,c=CA" so I know the credentials
are valid.

What am I doing wrong?

Thanks

Author
13 Dec 2006 6:44 PM
steve_ager
I think I have figured out how to do it since it is now authenticating
correctly.  I used the fastbind Authentication Type as below.

DirectoryEntry entry = new
DirectoryEntry(strPath,testname,password,AuthenticationTypes.FastBind);

I have tested this and it works.  I have disabled the account and it
does not authenticate.  I have tried an invalid password and it does
not authenticate.  Looks good to me.

It is worth mentioning that the user account must have permissions to
access the Directory Partition otherwise the search fails.  I added the
test user to the Readers role and it is ok.

AddThis Social Bookmark Button

Post Other interesting topics
Convertin Double value to DateTime
Randomize problem
Could not load type 'System.Web.Security.AccessRoleProvider'
how to install .NET Framework 2.0 unattended using VS.NET Setup Project Template
ERROR: The state information is invalid for this page and might be corrupted