Just curious, but why wouldn't you want to use IIS security? If you are already going over HTTPS why not turn on Basic Authentication and let IIS do the dirty work, handing ASP.NET the Users Windows Principal.
-----Original Message----- From: dotnet discussion [mailto:[EMAIL PROTECTED]] On Behalf Of Alex Henderson Sent: Thursday, May 09, 2002 4:23 PM To: [EMAIL PROTECTED] Subject: [DOTNET] Authenticating against an Active Directory in .Net I have users coming into my system remotely (to a web page) - I would like to authenticate them using a username/password etc. passed over an HTTPS connection against accounts in an Active Directory. I don't want to use IIS security but wish to perform the authentication manually. Here's an example of an authenticator I hacked together from some MS examples - my big concern is that this wont work with users in an active directory, could someone confirm or deny this? If it wont work for AD users, then how can this be achieved? [assembly:SecurityPermissionAttribute(SecurityAction.RequestMinimum, UnmanagedCode=true)] namespace SecurityTest { public class WindowsAuthenticator { [DllImport("C:\\WINDOWS\\System32\\advapi32.dll")] public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, out int phToken); [DllImport("C:\\WINDOWS\\System32\\Kernel32.dll")] public static extern int GetLastError(); public enum LogonTypes {LOGON32_LOGON_INTERACTIVE = 2, LOGON32_LOGON_NETWORK = 3, LOGON32_LOGON_BATCH = 4, LOGON32_LOGON_SERVICE = 5, LOGON32_LOGON_UNLOCK = 7, LOGON32_LOGON_NETWORK_CLEARTEXT = 8, LOGON32_LOGON_NEW_CREDENTIALS = 9} public enum LogonProviders {LOGON32_PROVIDER_DEFAULT = 0, LOGON32_PROVIDER_WINNT35 = 1, LOGON32_PROVIDER_WINNT40 = 2, LOGON32_PROVIDER_WINNT50 = 3} public WindowsAuthenticator() { } public WindowsIdentity AuthenticateUser(string userName, string password, string domain, LogonTypes logonType , LogonProviders logonProvider) { int userToken; bool loggedOn = LogonUser(userName,domain,password,(int)logonType,(int)logonProvider,out userToken); int ret = GetLastError(); if (ret != 0) { throw new AuthenticationFailureException("AuthenticateUser failed after LogonUser(...) with GetLastError() code of #" + ret); } if (loggedOn == false) { throw new AuthenticationFailureException("Authentication of user '" + userName + "' failed, no extended error information is available"); } IntPtr userTokenPointer = new IntPtr(userToken); WindowsIdentity authenticatedUser = new WindowsIdentity(userTokenPointer,"NTLM",WindowsAccountType.Normal,true); return authenticatedUser; } public WindowsIdentity AuthenticateUser(string userName, string password, string domain) { return AuthenticateUser(userName,password,domain,LogonTypes.LOGON32_LOGON_NETWO RK_C LEARTEXT,LogonProviders.LOGON32_PROVIDER_DEFAULT); } } } You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com. You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
