Hi,

I am using the following codel. But it is always returning 'False'. Even though i gave correct values..

Plz help...

PrincipalContext adContext = new PrincipalContext(ContextType.Domain, "xxx.xxx.0.15", "Administrator", "Password");
            using (adContext)
            {
                return adContext.ValidateCredentials(userName, passWord, ContextOptions.Signing);
            }

I tried the this one also..

DirectoryEntry de = new DirectoryEntry("LDAP://serverIpAddress/CN=myusername,CN=Users,DC=domain,DC=com" + "domain.com\\", userName, passWord);

This erros is coming
Unknown error (0x80005000)

Edited 5 Years Ago by ~s.o.s~: Fixed code tags, learn to use them.

Hi there, this link might help you out :)

Also this line DirectoryEntry de = new DirectoryEntry("LDAP://serverIpAddress/CN=myusername,CN=Users,DC=domain,DC=com" + "domain.com\\", userName, passWord); The first argument will read: "LDAP://serverIpAddress/CN=myusername,CN=Users,DC=domain,DC=comdomain.com\\" I'm not sure that's a correct formation.

Edited 5 Years Ago by Ketsuekiame: n/a

Hi there, this link might help you out :)

Also this line DirectoryEntry de = new DirectoryEntry("LDAP://serverIpAddress/CN=myusername,CN=Users,DC=domain,DC=com" + "domain.com\\", userName, passWord); The first argument will read: "LDAP://serverIpAddress/CN=myusername,CN=Users,DC=domain,DC=comdomain.com\\" I'm not sure that's a correct formation.

Thanks for the reply...

I tried the things in the link before did not worked for me..i saw in some site..we have to impersonate the user in wcf. I am still not able to implement 'impersonate' ....


If the format is wrong, plz tell me which is the correct format. I am new to WCF...

Well you have DC in there twice, and the DC is set the second time to comdomain.com\

I think you might need to check the address of your domain controller and try again. You shouldn't have to impersonate a user in order to query log on credentials. Impersonation is all about making the software pretend it's someone else, which you shouldn't have to do in order to query the AD.

Well you have DC in there twice, and the DC is set the second time to comdomain.com\

I think you might need to check the address of your domain controller and try again. You shouldn't have to impersonate a user in order to query log on credentials. Impersonation is all about making the software pretend it's someone else, which you shouldn't have to do in order to query the AD.

Ok..now removed the duplicate text....

DirectoryEntry de = new DirectoryEntry("LDAP://Serveripaddress/DC=mydomain,DC=com", userName, passWord);

But i am getting this error.

Logon failure: unknown user name or bad password.


I am not running the service with the Admin credentials. My user is also the member of the Active directory users. I am passing my user credentials to the service to validate whether it is valid AD user or not. The service is deployed in my machine.
My doubt is for creating the Directory entry, shall I need to pass the AD Administrator credentials??
If that is the case, I am not able to authenticate the users in combination of the 'User name ' and 'password'. I can only validate the username.

Edited 5 Years Ago by sudheer2250: n/a

Unfortunately I'm not an expert with LDAP as I use other methods to authenticate with WCF, however, I did some digging and it appears something like this should work:

public bool AuthenticateAndGetUserDataFromAD(string strusername, string strDomain, string strPassword)
        {
            string strRootDN = string.Empty;
            DirectoryEntry objDseSearchRoot = null, objDseUserEntry = null;
            DirectorySearcher objDseSearcher = null;
            SearchResultCollection objResults = null;
            string strLDAPPath = string.Empty;
            try
            {
                /* Give LDAP Server IP along with OU
                 * e.g : LDAP://29.29.29.29:389/DC=YourDomain,DC=com"
                 */
                strLDAPPath = "Your LDAP ServerPath";
                string strDomainname = strDomain;
                objDseSearchRoot = new DirectoryEntry(strLDAPPath, strDomainname + "\\" + strusername, strPassword, AuthenticationTypes.None);
                strRootDN = objDseSearchRoot.Properties["defaultNamingContext"].Value as string;
                objDseSearcher = new DirectorySearcher(objDseSearchRoot);
                objDseSearcher.CacheResults = false;
                objResults = objDseSearcher.FindAll();
                if (objResults.Count > 0)
                {
                    objDseUserEntry = objResults[0].GetDirectoryEntry();
                }

                if (objDseUserEntry == null)
                {
               
                    return false;
                }
            }

            catch (Exception e)
            {
              
                return false; ;
            }
            finally
            {
               //Dipose Object Over Here
            }
         
            return true;
        }

Code taken from: Here

Getting the same error
Logon failure: unknown user name or bad password.
at

strRootDN = objDseSearchRoot.Properties["defaultNamingContext"].Value as string;

Edited 5 Years Ago by ~s.o.s~: Fixed code tags, learn to use them.

Did you change the text defaultNamingContext to the actual context you want to use?

If you still get the error, it means it can't find the username and password you're giving it.

Hi,

I tried the following code for getting the 'ContextName'.

DirectorySearcher ds = new DirectorySearcher(objDseSearchRoot);
                ds.SearchScope = System.DirectoryServices.SearchScope.Base;
                ds.PropertiesToLoad.Add("namingContexts");
                SearchResult searchResult = ds.FindOne();
                //SearchResultCollection results = ds.FindAll();

                String namingContexts = searchResult.Properties["namingContexts"].Count.ToString();

But i am getting the count as zero. Any way, when i give the Administrator credentials of the AD, i am able to get the "objResults.Count" as 375.

But for the users other than Administration if the AD, still getting the Bad User name or password.

Edited 5 Years Ago by ~s.o.s~: Added code tags, learn to use them.

I honestly can't tell you anymore. I'm at the limit of my knowledge, sorry. ^^ Hopefully, someone else here who works with the AD more than I will be able to help you =)

It's ok Ketsuekiame. Thank you very much for ur help. I will try other options.

This article has been dead for over six months. Start a new discussion instead.