I'd like to Authenticate Users without having to use a Membership Provider.
What's the easiest way to do this?
I'm looking at returning a DirectoryEntry.
I am trying to integrate authentication for a cloud-based application with an Active Directory forest behind my cilent's firewall.
I am a Python developer from the open-source world... needless to say, .NET is not my forte and I'm not familiar with authentication technologies provided by IIS/WIF/etc.
I have installed DotNetOpenAuth and gotten the sample MVC OpenID provider working with the included ReadOnlyXmlMembershipProvider.
I have scoured Google for a sample config/implementation or any documentation at all that describes the appropriate membership provider to use. The only thing I have found are hints - "It's included out of the box," or "create a .NET app that authenticates off of AD and expose OpenID."
How can I query off my client's AD? Is there a provider included with DNoA?
I have an application that does LDAP authentication. The authentication is done on the code behind page of my Login.aspx page. Once the user passes LDAP authentication, a cookie is set and I redirect:
FormsAuthentication.RedirectFromLoginPage(UserName.Text, False)
I would like to setup membership in my application and keep track of some user information. But due to company security requirements, I cannot store user passwords on my application. That must stay on the LDAP server only.Is there a way to store users but disable password storage on the aspnet_membership table?
I created one application, and I need to authenticate local user. This user is the user who is login to his/her Personal Computer.. Main thing his that he/she does not in any DOMAIN... I want NON-DOMAIN authentication.
View 4 RepliesI am a newbie on a LDAP, now we want to re-deploy a web application that will validate user name and password with AD in a login.aspx
I had success to check the user and password in VS 2008, but when I publish to server it don't work, (they can login even wrong username and password) I had enable the anonymous access and intergrated windows authentication on IIS. we using authentication mode = windows in our web.config
using something like the following to check the AD account
System.DirectoryServices.DirectoryEntry entry = null;
bool isOpened = false;
bool isSuccess = false;
try
{
string dom = System.Configuration.ConfigurationManager.AppSettings["domain"];
entry =
new System.DirectoryServices.DirectoryEntry("WinNT://" + dom, tb_username.Text.Trim(), tb_password.Text.Trim());
isOpened = true;
Object obj = entry.NativeObject;
but still no luck on IIS server. Would you mind to give me a hand to solve this issue, I had google for a week and still can't solve :(
How to authenticate an user against a particular OU in Active Directory. If the AD holds 50 OUs I don't want to look into all 50 OUs , instead it should look into a particular OU( for eg: OU=dotnet users) to authenticate the user.
View 1 RepliesI want to learn how to add/delete/update account (including adding mail boxes for new users). Can someone point to a good book where I can begin from. I want to start with some real basics and build from there.
View 1 Replieshave a probleme with my search filter, i want to list the users of an organizational unit result.filter =(& (objectClass= user)(ou=dep1)); ====> it didn't work for me
View 1 RepliesI need to list a group of users, their group name is (IRS Group) to a list group. how to do this. I'm very new to asp.net and dont have much knowlegde about acctive directory.
View 1 RepliesI am trying to build a security webservice that gets credentials from client application login Pages/forms and returns authorization and token(to manage session) information after authenticating using Membership provider. I am having a problem in Securing my webservice and using LDAP and Database together as an identity store distinguished based on a flag provided by clint applications.
View 4 RepliesI'm a complete beginner with Active Directory, never having done anything with it. So here's probably a basic question.
Can I run a simple query from within an application to get all enabled active directory users?
I need to get list of users reporting to a particular manager from the Active directory. In the active directory there is manager property with contains the data in the following way.
CN=Gegore Lid,OU=IT,OU=Sales,OU=XXXXX,OU=XXXX,DC=YYYY,DC=intra
[Code].....
I am following [URL] link to authenticate users against "actives directories" and i could successfully login using this method. how exactly can i get details of all the users displayed in my web site application when i am logged in as Administrator. I want to display user details when the user i.e.,Administrator clicks on link say "User Details"
View 3 RepliesI am trying to retrieve all the users from active directory into a sorted list, but for some reason it does not return all the users like myself for instance. It's on a client's ad and there is probably about 1500+ users in AD.
My code is as follows
[Code]....
What am I doing wrong?
This is the first time I am working with AD...
I'm looking at starting a new web app which needs to be secure (if for no other reason than that we'll need PCI (Payment Card Industry) accreditation at some point). From previous experience working with PCI (on a domain), the preferred method is to use integrated windows authentication which is then passed all the way through the app to the database using kerberos (so the NT user has permissions in the DB). This allows for better auditing as well as object-level permissions (ie an end user can't read the credit card table). There are advantages in that even if someone compromises the webserver, they won't be able to glean any/much additional information from the database. Also, the webserver isn't storing any database credentials (beyond perhaps a simple anonymous user with very few permissions for simple website config)
So, now I'm looking at the new web app which will be on the public internet. One suggestion is to have a Active Directory server and create windows accounts on the AD for each user of the site. These users will then be placed into the appropriate NT groups to decide which DB permissions they should have (and which pages they can access). ASP.Net already provides the AD membership provider and role provider so this should be fairly simple to implement. There are a number of questions around this - Scalability, reliability, etc... and I was wondering if there is anyone out there with experience of this approach or, even better, some good reasons why to do it / not to do it.
I m writing a web page to display user name and his contact number.
I m giving user a choice to enter user name once he enter the name i should be able to search in active directory and return all user starting with (inputed name).
DirectorySearcher deSearch = new DirectorySearcher(de);
//set the search filter
deSearch.SearchRoot = de;[CODE]....
Above code needs exact login name like adamjo which is not the purpose.i should be able to display all possible possibilities for example if user enters adam i should give him choice to select whether he want to see adam josef or adam john e.t.c.Is there any property to find first name from active directory?
I am trying to do something that i am sure has been done before. I have a asp.net pagethat changes a password , and it works fine if I use credentials of a user with rights to a OU that holds the users container. However i would like to have the users credentials
userEntry = new DirectoryEntry(adspath,userid,this.oldPasswordtb.Text.ToString(),AuthenticationTypes.Secure);
be used when executing
userEntry.Invoke("SetPassword", new Object[] {passwd});
currently I get System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) --- End of inner exception stack trace --- at System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[] args) at ASP.changepassword_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer) in c:usrhtmlexternalChangePasswordchangepassword.aspx:line 128any ideas why that wouldn't work users I assume have right to modify that attribute of their CN right?see code below
<%
string userid = System.Web.HttpContext.Current.User.Identity.Name.ToString();
userid = userid.ToLower();
[code]...
I need to get the list of domain usrs. The users not necessorily be on the domain where I am logged in. (e.g. I am logged in on domain "Dom111" but I need the list of users from the domain "Dom222")
I want this information on the basis of following -
1) Name of the Domain
2) A valid User name (of-course with Admin rights for the Target domain) and password
I am trying to use the following code -
DirectoryContext dc = new DirectoryContext(DirectoryContextType.Domain, "Dom222", "Administrator", "password");
Domain domain = Domain.GetDomain(dc);
DirectoryEntry de = domain.GetDirectoryEntry();
FillList(de);
Here is the FillList function
private void FillList(DirectoryEntry de)
{
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(objectClass=user)(objectCategory=person))";
SearchResultCollection results = deSearch.FindAll();
//checkedListBox1.Items.Clear();
foreach (SearchResult srUser in results)
{
DirectoryEntry deUser = srUser.GetDirectoryEntry();
checkedListBox1.Items.Add(deUser.Properties["sAMAccountName"].Value.ToString());
}
checkedListBox1.Sorted = true;
}
This works fine for the domain where I logged in (i.e. Dom111) but for the other domain (Dom222), while executing the statement - Domain domain = Domain.GetDomain(dc); I am getting the error saying "The specified domain does not exist or cannot be contacted."
Now, For creating the dc if I use following - DirectoryContext dcTemp = new DirectoryContext(DirectoryContextType.DirectoryServer, "Server_dom222", "administrator", "password");
Then everything works fine. But as you can see I need to pass the "Domain Controller (Server) Name"which I want to avoid.
I'm new to directoryServices and im trying to capture all users in the active directory and their organizational units but i'm having abit of trouble here, i've been reading through the forums and searching online but can't seem to find information that is viable to me.
Here is brief overview of what im trying to do. Im trying to create a datatable where i can insert all the usernames and their ou by capturing the values from the AD but i keep getting alot of duplicated usernames BUT in different organizationalUnits. I've checked the AD, and they do not belong so the following are my codes, but i can't seem to figure out what is wrong.
private static DataTable retrieveUsers(string domain, DataTable dt)
{
DirectoryEntry dEntry = new DirectoryEntry("LDAP://" + domain);
DirectorySearcher dSearch = new DirectorySearcher(dEntry);
SearchResultCollection sResultcol;
[Code]....
I need to look for an example of a web application, preferably ASP.NET but any otherweb language will do, that lets Mac and Windows users change their AD password.
Any technique, application, or source code will be great.
our Macs are not connected to AD and we also have Windows users.
I'm creating a list of departments as linkbuttons, when clicked these linkbuttons bring up a list of people in that department in a gridview and thanks to some other peoples help this is working great. The next step for me is to get the phone number to display in the column next to their name, it sounds like an easy thing to do as I've pulled phone numbers accross from AD before but just can't get it to work now!The end result
[code]...
I am pulling my hair on this one..
I have Active Directory Memebership Provider configured like this:
[code]....
The provider is instantiated correctly but when I call this:
var user = Membership.Providers["myDomain"].GetUser("myUser", false);
the call always returns null, except the case when I pass "Administrator" into the call... I have run out of ideas on how to make it work.
I want to use membership provider for Active Directory integration using the recommendations from Microsoft.[URL]1) I have few questions, if some one could help answering it The only thing i am trying to set the authentication based on what customer would be intend to have it could either be ADmembershipprovider or Sqlmembershipprovider. only changing the settings in web.config can i avoid login page.[URL]
View 1 RepliesI have an asp.net website that requires users to login using their Active Directory credentials. All users of the website have AD accounts. Some of the users are at remote locations and share a common computer login (I know this is not recommended but it is what it is, I have no say in that). Every so often a user will log into my website and click the Remember Passwod box which causes the next person that comes along to not be prompted to log in. All users are on IE 7. I have tried having them go into tools and deleting the cookies, saved passwords, etc but when they go to my website they are still not being prompted to log in. I have recently migrated to IIS 7 and I understand there is a way to have the user enter the site through a custom form but I have not gotten that far yet. How can I make sure the users password is removed from IE?
View 3 RepliesI have a lable that I want to show the logged in users e-mail address. Can someone show me the code-behind in C# for this?
lblEmail.Text = ....