0
votes

I want to do the user authentication using LDAP(Lightweight Directory Access Protocol).I dont have any knowledge about this.still I have managed to write some code for this,but the problem is that when i am signing with the Username and Password present at my Databse i.e User table I ma not able to login.But when I am using LDAP's Username and password i am able to login into the application My code goes as follows:

public ActionResult Login(APPUser model, string returnUrl)
  {
    try
      {
       using (PrincipalContext pc = new PrincipalContext(ContextType.Domain,"10.0.0.100"))
             {
               if (pc.ValidateCredentials(model.UserID, model.Password))
                  {
                     FormsAuthentication.SetAuthCookie(model.UserID, false);
                     return RedirectToAction("Index", "Home");
                   }
              }
              if (Membership.ValidateUser(model.UserID, model.Password))
                {
                  FormsAuthentication.SetAuthCookie(model.UserID, false);
                        if (Url.IsLocalUrl(returnUrl))
                        {
                            return Redirect(returnUrl);
                        }
                        else
                        {
                            return RedirectToAction("Index", "Home");
                        }
                }
                 else
                    {
                        ModelState.AddModelError("", "Login failed");
                    }
                }
     catch
        {
        }
          //GetErrorsFromModelState();
                return View(model);

}

and Web.Config

    <connectionStrings>
        <add name="ADConnectionString" connectionString="LDAP://"XXXXXXX":389/DC=XXXX,DC=XXX" />
</connectionStrings>
    <system.web>
        <authentication mode="Forms">
          <forms name=".ADAuthCookie" loginUrl="~/Auth/Login" timeout="2880"/>
        </authentication>
 <membership defaultProvider="ADMembershipProvider">
    <providers>
       <clear />
         <add name="ADMembershipProvider" 
                 type="System.Web.Security.ActiveDirectoryMembershipProvider,System.Web, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
                 connectionStringName="ADConnectionString"
                  connectionProtection="Secure"
                  connectionUsername="admin"
                  connectionPassword="admin234"
                  attributeMapUsername="sAMAccountName"
                  enableSearchMethods="false" />
          </providers>
</membership>

Please try to help me out.

1
I am confused here. You are saying that you are trying to authenticate with LDAP. Which you later say is working! So what exactly is the problem you are having?Gaz Winter
Actually I dont know the process how does this LDAP works?If I explain u I do have a table called as User that has username and password and I do have a Active directory Username and password.If I am entering the Username and Password from the User table it does not allow to login and if I use Active directory's Username and password I am able to loginSantyEssac
In my knowledge the Active directory Username and password that i am having it must be used for accessing the AD(Active directory) and the username and password that I want to put in from User Table that must be Authenticated using LDAP.SantyEssac
try to help me out as I am very new to this approachSantyEssac
I used something similar in the past. If you are using LDAP it doesnt need to access your Database at all to Authenticate as it uses the Active Directory. So you do not need to store the username and passwords at all.Gaz Winter

1 Answers

4
votes

AD (Active Directory) is a directory service provider (a system that provides authentication, directory, policy, and other services in a Windows environment).

LDAP (Lightweight Directory Access Protocol) is a protocol designed for directory service providers for querying and modifying items in directory service providers like AD, which supports a form of LDAP.

In other words, you use LDAP for retrieving information from AD.

Now, if you need to implement an authentication of intranet users against Windows domain (AD) then you need to read about Integrated Windows Authentication. To enable it typically you need

  • setup IIS for integrated windows authentication
  • setup asp.net application

and optionally enable integrated windows authentication in IE. Read more here

Once done, user will be automatically logged in without entering his login name or password. You will be able to get his identity (User.Identity.Name) and other properties from AD.

This is a secure form of authentication which you can see when using SharePoint, Outlook Web Access or similar intranet applications.