ADAM authentication - howto?

Question

ADAM authentication - howto?

I am trying to authenticate a user with ADAM using a user created in ADAM. However, regardless of the password used (correct or incorrect), my search returns with a valid DirectoryEntry object. I would suggest that if the password is not valid then the search will return with a null object. Are my assumptions wrong or is there a flaw in the code below?

DirectoryEntry de = new DirectoryEntry("LDAP://localhost:389/cn=Groups,cn=XXX,cn=YYY,dc=ZZZ");
DirectorySearcher deSearch = new DirectorySearcher();
deSearch.SearchRoot = de;
deSearch.Filter = "(&(objectClass=user) (cn=" + userId + "))";
SearchResultCollection results = deSearch.FindAll();
if (results.Count > 0)
{
    DirectoryEntry d = new DirectoryEntry(results[0].Path, userId, password);
        if (d != null)
        DoSomething();

}

+1

authentication c # active-directory adam

user26218 19 nov. '08 at 0:57

source to share

1 answer

tvanfosson · Accepted Answer · 2008-11-19T01:06:39+0000

You need to access the DirectoryEntry property to determine if it is valid. I usually check if the Guid is null or not.

bool valid = false;
using (DirectoryEntry entry = new DirectoryEntry( results[0].Path, userId, password ))
{
     try
     {
         if (entry.Guid != null)
         {
            valid = true;
         }
     }
     catch (NullReferenceException) {}
}

Note. You will also want to wrap your search and search engine root entry in statements, using

or explicitly get rid of them when you're done so that you don't leave resources in use.

PS I'm not sure what kind of exception is thrown when trying to access invalid properties of directory entries. Probably a little experimenting to figure out what kind of exception can be caught. You don't want to catch all exceptions, as there are other issues (for example, the directory server is unavailable) that you can handle differently than a failed authentication.

ADAM authentication - howto?

More articles: