B
Benjamin de Waal
Hi all,
I am writing a program that needs to take a login name and password,
and then try to authenticate against an AD server. Sounds simple
enough so far...
The name and password may be entered by a user (real human being),
however it also may be generated by another application (actually, a
hardware device that my application is communicating with) that I have
no real control over. This other application always generates the
"account name" for Active Directory users (so, if the user is First
Name = "Ben", Last Name = "de Waal", Display Name = "Ben de Waal", but
login name = "bdw123", then the value that is passed is "bdw123").
Using:
DirectoryEntry("LDAP://" + adServer, userName, userPass, authType)
, it seems the userName should be "Ben de Waal" (from the above
example) to be accepted - if I try "bdw123", it fails to authenticate.
I was considering simply iterating through the user list and then
getting the "Ben de Waal" value from the "bdw123" user, however it was
pointed out to me (quite rightly) that you could have two users named
"Ben de Waal", but with different account names. This would mean that
the login attempt may then try the incorrect one, which would be very
bad.
Can anyone point me in the right direction for checking the "account
name"/password against AD rather than the "user name"/password?
Best regards,
Ben de Waal
I am writing a program that needs to take a login name and password,
and then try to authenticate against an AD server. Sounds simple
enough so far...
The name and password may be entered by a user (real human being),
however it also may be generated by another application (actually, a
hardware device that my application is communicating with) that I have
no real control over. This other application always generates the
"account name" for Active Directory users (so, if the user is First
Name = "Ben", Last Name = "de Waal", Display Name = "Ben de Waal", but
login name = "bdw123", then the value that is passed is "bdw123").
Using:
DirectoryEntry("LDAP://" + adServer, userName, userPass, authType)
, it seems the userName should be "Ben de Waal" (from the above
example) to be accepted - if I try "bdw123", it fails to authenticate.
I was considering simply iterating through the user list and then
getting the "Ben de Waal" value from the "bdw123" user, however it was
pointed out to me (quite rightly) that you could have two users named
"Ben de Waal", but with different account names. This would mean that
the login attempt may then try the incorrect one, which would be very
bad.
Can anyone point me in the right direction for checking the "account
name"/password against AD rather than the "user name"/password?
Best regards,
Ben de Waal