Search code examples
c#asp.netwebformsldapdirectoryservices

Why does my LDAP redirect script fail with one user?

Here is my login script. I have two users 20002143, and 60000027 the first will authenticate and redirect as scripted the second will authenticate and stay on the same page. I cannot figure out why. I have inserted breakpoints all over this code and it tells me it authenticates but then why is the login page just reloading: 

public bool AuthenticateActiveDirectory(string Domain, string EmployeeID, string Password)
{
    try
    {
        DirectoryEntry entry = new DirectoryEntry("LDAP://" + Domain, EmployeeID, Password);
        object nativeObject = entry.NativeObject;
        return true;
    }
    catch
    {

        return false;
    }
}

protected void btnLogin_Click(object sender, EventArgs e)
{
    string Domain = "domain.local";
    string EmployeeID = txtUserID.Text;
    string Password = txtPassword.Text;
    string ADStatus = null;

    if (AuthenticateActiveDirectory(Domain, EmployeeID, Password) == true)
    {
        ADStatus = "Success";
        Session["SessionLoginStatus"] = ADStatus;
        Response.Redirect("Intro.aspx?redir=Success&userid=" + EmployeeID);
    }
    else
    {
        ADStatus = "Failure";
        Session["SessionLoginStatus"] = ADStatus;
        lblADError.Visible = true;
        lblADError.Text = "Please Check Your Password<br />";
    }           
}

Here is the other part of this. If I use the URL to login falsely with the second empID 

https://www.site.com/folder/intro.aspx?redir=Success&userid=60000027

it will redirect me back to the login but this makes no sense also since Intro.aspx login check is scripted like this. 

//checking to see if user logged in
if ((ADStatus == "Success") && (UserID.Length >= 8))
{

}
if ((ADStatus == null) || (UserID.Length < 8))
{
    ADStatus = "Failure";
    Session["SessionLoginStatus"] = ADStatus;
    Response.Redirect("https://www.site.com/folder/userlogin.aspx");
}
else if (ADStatus == "Failure")
{
    ADStatus = "Failure";
    Session["SessionLoginStatus"] = ADStatus;
    Response.Redirect("https://www.site.com/folder/userlogin.aspx");
}

What am I leaving out or doing wrong here?

Edited

The issue was caused by logic on the second page which tossed the user back to the login if the user's ID did not match a list of users defined in a SQL table.

Solution

  • In no way, shape or forum are you authenticating users on LDAP server. In fact, your authentication method will never return false because entry will never be null and the constructor for DirectoryEntry will never throw an exception.

    With that being said, check that you're typing in the credentials correctly (because I know you're not). Look at your in statement for the redirect. Since your authenticate method always returns true, it will try to redirect every and anyone however fail because you're using invalid credentials.

    So, how about you actually authenticate users using PrincipalContext. Here is a little explaining between the two with this DirectoryEntry question.

    By the way, you're going to want to use the bool returned by PrincipalContext.ValidateUser call.