I'm using the following code on Windows Vista Ultimate SP1 to query our active directory server to check the user name and password of a user on a domain.
public Object IsAuthenticated()
{
String domainAndUsername = strDomain + "\\" + strUser;
DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, strPass);
SearchResult result;
try
{
//Bind to the native AdsObject to force authentication.
DirectorySearcher search = new DirectorySearcher(entry) { Filter = ("(SAMAccountName=" + strUser + ")") };
search.PropertiesToLoad.Add("givenName"); // First Name
search.PropertiesToLoad.Add("sn"); // Last Name
search.PropertiesToLoad.Add("cn"); // Last Name
result = search.FindOne();
if (null == result)
{
return null;
}
//Update the new path to the user in the directory.
_path = result.Path;
_filterAttribute = (String)result.Properties["cn"][0];
}
catch (Exception ex)
{
return new Exception("Error authenticating user. " + ex.Message);
}
return user;
}
the target is using .NET 3.5, and compiled with VS 2008 standard
I'm logged in under a domain account that is a domain admin where the application is running.
The code works perfectly on windows XP; but i get the following exception when running it on Vista:
System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): Logon failure: unknown user name or bad password.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at Chain_Of_Custody.Classes.Authentication.LdapAuthentication.IsAuthenticated()
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
at Chain_Of_Custody.Classes.Authentication.LdapAuthentication.IsAuthenticated()
I've tried changing the authentication types, I'm not sure what's going on.
See also: Validate a username and password against Active Directory?