How to authenticate against the Active Directory by using Forms Authentication

This code gives you the full detail about the authentication against AD using Forms authentication.

Follow these steps:

1. Add “System.DirectoryServices.dll” reference to the project.

2. Create a new class and name it as “LdapAuthentication.vb“

3. Paste the following code in that:

Imports

System

Imports

System.Text

Imports

System.Collections

Imports

System.DirectoryServices

Namespace

FormsAuthPublic Class LdapAuthenticationDim _path As StringDim _filterAttribute As StringPublic Sub New(ByVal path As String)

_path = path

End SubPublic Function IsAuthenticated(ByVal domain As String, ByVal username As String, ByVal pwd As String) As BooleanDim domainAndUsername As String = domain & "" & usernameDim entry As DirectoryEntry = New DirectoryEntry(_path, domainAndUsername, pwd)Try'Bind to the native AdsObject to force authentication. Dim obj As Object = entry.NativeObjectDim search As DirectorySearcher = New DirectorySearcher(entry)

search.Filter = "(SAMAccountName=" & username & ")"

search.PropertiesToLoad.Add("cn")

Dim result As SearchResult = search.FindOne()If (result Is Nothing) ThenReturn FalseEnd If'Update the new path to the user in the directory.

_path = result.Path

_filterAttribute =

CType(result.Properties("cn")(0), String)

Catch ex As ExceptionThrow New Exception("Error authenticating user. " & ex.Message)End TryReturn TrueEnd FunctionPublic Function GetGroups() As StringDim search As DirectorySearcher = New DirectorySearcher(_path)

search.Filter = "(cn=" & _filterAttribute & ")"

search.PropertiesToLoad.Add("memberOf")

Dim groupNames As StringBuilder = New StringBuilderTryDim result As SearchResult = search.FindOne()Dim propertyCount As Integer = result.Properties("memberOf").CountDim dn As StringDim equalsIndex, commaIndexDim propertyCounter As IntegerFor propertyCounter = 0 To propertyCount - 1

dn =

CType(result.Properties("memberOf")(propertyCounter), String)

equalsIndex = dn.IndexOf("=", 1)

commaIndex = dn.IndexOf(",", 1)

If (equalsIndex = -1) ThenReturn NothingEnd If

groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1))

groupNames.Append("|")

NextCatch ex As ExceptionThrow New Exception("Error obtaining group names. " & ex.Message)End TryReturn groupNames.ToString()End FunctionEnd Class

End

Namespace

4. Open global.asax file. Add the following lines at the top of the page

Imports

System.Web.Security

Imports

System.Security.Principal

5. Under  Application_AuthenticateRequest event. add the following code:

Dim

cookieName As String = FormsAuthentication.FormsCookieNameDim authCookie As HttpCookie = Context.Request.Cookies(cookieName)If (authCookie Is Nothing) Then'There is no authentication cookie.ReturnEnd IfDim authTicket As FormsAuthenticationTicket = NothingTry

authTicket = FormsAuthentication.Decrypt(authCookie.Value)

Catch ex As Exception'Write the exception to the Event Log.ReturnEnd TryIf (authTicket Is Nothing) Then'Cookie failed to decrypt.ReturnEnd If'When the ticket was created, the UserData property was assigned a'pipe-delimited string of group names.Dim groups As String() = authTicket.UserData.Split(New Char() {"|"})'Create an Identity.Dim id As GenericIdentity = New GenericIdentity(authTicket.Name, "LdapAuthentication")'This principal flows throughout the request.Dim principal As GenericPrincipal = New GenericPrincipal(id, groups)

Context.User = principal

6. Modify the web.config file with the following changes:

   
 
   
     
     
     
     
     
     
     
   
 
7.  Configure IIS for Anonymous AuthenticationTo configure IIS for anonymous authentication, follow these steps: In the Internet Information Services (IIS) management console, right-click the Virtual Directory node for "FormsAuthAd". Click the Properties, and then click the Directory Security Tab. Click Edit under Anonymous access and authentication control. Select the Anonymous Access check box. Make the anonymous account for the application an account that has permission to the Active Directory. Click to clear the Allow IIS To Control Password check box.8. Create a new page called “Logon.aspx” and add the following code. After that, change the “adPath “ value in the code with your appropriate LDAP values.<%@ Page language="vb" AutoEventWireup="true" %>
<%@ Import Namespace="FormsAuthAd.FormsAuth" %>

 
  
   Domain:
   

   Username:
   

   Password:
   

   

   

   
  
 

      'Create the ticket, and add the groups.
      Dim isCookiePersistent as boolean = chkPersist.Checked
      Dim authTicket as FormsAuthenticationTicket = new FormsAuthenticationTicket(1, _
           txtUsername.Text,DateTime.Now, DateTime.Now.AddMinutes(60), isCookiePersistent, groups)
 
      'Encrypt the ticket.
      Dim encryptedTicket as String = FormsAuthentication.Encrypt(authTicket)
  
      'Create a cookie, and then add the encrypted ticket to the cookie as data.
      Dim authCookie as HttpCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)      if(isCookiePersistent = true) then
  authCookie.Expires = authTicket.Expiration
      end if    
      'Add the cookie to the outgoing cookies collection.
      Response.Cookies.Add(authCookie)       'You can redirect now.
      Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, false))
   
    else
      errorLabel.Text = "Authentication did not succeed. Check user name and password."
    end if
 
  catch ex as Exception
    errorLabel.Text = "Error authenticating. " & ex.Message
  end try
end sub

You can customize this (logon.aspx) page for testing your results.