Forms Authentication against Active Directory - LDAP Protocol

I need to create a web page that authenticates users against an existing active directory. The domain is actually a cloud computing configuration where there is a domain controller and multiple other servers on the stack.

I understand that objects from the System.DirectoryServices namespace can be used. However, I cant seem to path the code to the active directory through the LDAP://domain.com address. There doesnt seem to be any communication going on. I suspect there is some initial configuration necessary or s开发者_Go百科ecurity measures blocking the communication.

I am working with this example from MSDN: http://msdn.microsoft.com/en-us/library/ms180890(v=vs.80).aspx.

I get an error that says the server is not operational.

Take a look at this link (replaced old one with web.archive.org):

http://www.codeproject.com/KB/system/everythingInAD.aspx#35

This is how to get the default entry:

try
{
    System.DirectoryServices.DirectoryEntry AdRootDSE = new System.DirectoryServices.DirectoryEntry("LDAP://rootDSE");
    string rootdse = System.Convert.ToString(AdRootDSE.Properties["defaultNamingContext"].Value);

    if (!rootdse.StartsWith("LDAP://", StringComparison.OrdinalIgnoreCase) && !rootdse.StartsWith("LDAPS://", StringComparison.OrdinalIgnoreCase))
    {
        rootdse = "LDAP://" + rootdse;
    }

    return rootdse;
}
catch (Exception ex)
{
}

To get the rootDSE for a non-default domain:

DirectoryEntry("LDAP://yourcompany.local/RootDSE");
DirectoryEntry("LDAP://example.com/RootDSE");

or let .NET negotiate the protocol:

DirectoryEntry("yourcompany.local/RootDSE");
DirectoryEntry("example.com/RootDSE");

LDAP://domain

can be used when the server is joined to said domain; it should then be able to resolve a domain controller, given correct DNS configuration.

Otherwise, if you have the fqdn or ip address of a domain controller, you can use

LDAP://fqdn.of.domaincontroller /* or */ LDAP://100.10.100.10

Doing this means that you're tied to that one DC, so if that machine goes down or is removed, you won't be able to authenticate.

It´s been a while but I think I achieve exactly what this question is about.

I tested against this magnificent free to test LDAP server

var path = "LDAP://ldap.forumsys.com:389/dc=example,dc=com";
var user = $@"uid={username},dc=example,dc=com";
var pass = "password";

var directoryEntry = new DirectoryEntry(path, user, pass, AuthenticationTypes.None);

var searcher = new DirectorySearcher(directoryEntry);
searcher.PropertiesToLoad.Add("*");
var searchResult = searcher.FindOne();

I don´t understand exactly what all of this lines does, however, and lookign for a solution I found some recommendations.

on the path the "LDAP://" string should be on block mayus.

in the user, sometimes you need to use "cn=username-admin" for validating admins, be sure to also set Authentication type to ServerBind.