Search code examples

Active Directory - Check username / password

I'm using the following code on Windows Vista Ultimate SP1 to query our active directory server to check the user name and password of a user on a domain.

public Object IsAuthenticated()
    String domainAndUsername = strDomain + "\\" + strUser;
    DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, strPass);
    SearchResult result;
        //Bind to the native AdsObject to force authentication.         

        DirectorySearcher search = new DirectorySearcher(entry) { Filter = ("(SAMAccountName=" + strUser + ")") };

        search.PropertiesToLoad.Add("givenName"); // First Name                
        search.PropertiesToLoad.Add("sn"); // Last Name
        search.PropertiesToLoad.Add("cn"); // Last Name

        result = search.FindOne();

        if (null == result)
            return null;

        //Update the new path to the user in the directory.
        _path = result.Path;
        _filterAttribute = (String)result.Properties["cn"][0];
    catch (Exception ex)
        return new Exception("Error authenticating user. " + ex.Message);
    return user;

the target is using .NET 3.5, and compiled with VS 2008 standard

I'm logged in under a domain account that is a domain admin where the application is running.

The code works perfectly on windows XP; but i get the following exception when running it on Vista:

System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): Logon failure: unknown user name or bad password.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
   at System.DirectoryServices.DirectorySearcher.FindOne()
   at Chain_Of_Custody.Classes.Authentication.LdapAuthentication.IsAuthenticated()
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
   at System.DirectoryServices.DirectorySearcher.FindOne()
   at Chain_Of_Custody.Classes.Authentication.LdapAuthentication.IsAuthenticated()

I've tried changing the authentication types, I'm not sure what's going on.

See also: Validate a username and password against Active Directory?


  • If you're using .net 3.5 use this code instead.

    To authenticate a user:

    PrincipalContext adContext = new PrincipalContext(ContextType.Domain);
    using (adContext)
         return adContext.ValidateCredentials(UserName, Password);

    If you need to find the user to R/W attributes to the object do this:

    PrincipalContext context = new PrincipalContext(ContextType.Domain);
    UserPrincipal foundUser = 
        UserPrincipal.FindByIdentity(context, "jdoe");

    This is using the System.DirectoryServices.AccountManagement namespace so you'll need to add it to your using statements.

    If you need to convert a UserPrincipal object to a DirectoryEntry object to work with legacy code you can do this:

    DirectoryEntry userDE = (DirectoryEntry)foundUser.GetUnderlyingObject();