SimpleBind Authentication against Active Directory

0
votes

I'm trying to authenticate login credentials against Active Directory (AD DS) using the following code:

using (var context = new PrincipalContext(ContextType.Domain, ipAddress))
{
    Console.WriteLine("Connected to {0}:", context.ConnectedServer);
    context.ValidateCredentials(username, password);
}

Where ipAddress is the address of the primary domain controller. However this gives the following error when attempting to read context.ConnectedServer:

System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): The username or password is incorrect.

In addition to this issue I have the following constraints:

  • The production environment may or may not be on the domain.

  • The clients do not want to enter any privileged credentials to query the directory.

Due to this second constraint I have tried to execute a SimpleBind, but without much luck:

using (var context = new PrincipalContext(ContextType.Domain, 
                                          ipAddress, 
                                          null, 
                                          ContextOptions.SimpleBind, 
                                          usernameToValidate, 
                                          password))

Based on these constraints, how can I authenticate against Active Directory?

1
c#asp.netauthenticationactive-directoryldap
What sort of format are you getting the username in?X3074861X
sAMAccountName only. Prefixing with the domain name works if I call ValidateCredentials with SimpleBind. What is the difference between setting SimpleBind on the call as opposed to the context?Brett Postin

1 Answers

2
votes

I was able to authenticate using the following code:

using (var context = new PrincipalContext(ContextType.Domain, ipAddress))
{
    // NOTE! Username must be of the format domain\username
    return context.ValidateCredentials("domain\someuser", password, ContextOptions.SimpleBind);
}

The key part was to prefix the username with the short domain name. Once I did that, and specified SimpleBind in the call to ValidateCredentials instead of in the context constructor, it worked fine.