Search code examples
vb.netactive-directoryactive-directory-group

checking login credentials to see if they are valid in Active Directory AND check to see if they are apart of a specific group in AD

below is a method used to check to see if the Creds entered are good. i also would like to add on to this to see if they are part of group "XXX".

    Private Function ValidateActiveDirectoryLogin(ByVal Domain As String, ByVal Username As String, ByVal Password As String) As Boolean
    Dim Success As Boolean = False
    Dim Entry As New System.DirectoryServices.DirectoryEntry("LDAP://" + Domain, Username, Password)
    Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry)
    Searcher.SearchScope = DirectoryServices.SearchScope.OneLevel
    Try
        Dim Results As System.DirectoryServices.SearchResult = Searcher.FindOne
        Success = Not (Results Is Nothing)
    Catch ex As Exception
        Success = False
    End Try
    Return Success

End Function

and below i tried to play around with stuff i found on stack but im not having much luck. how can i use existing method and add to it in order to get my results?

Public Function IsInGroup(ByVal UserName As String) As Boolean
    'Dim MyIdentity As System.Security.Principal.WindowsIdentity = New WindowsPrincipal(New WindowsIdentity(UserName)) ' System.Security.Principal.WindowsIdentity.GetCurrent()
    'Dim userPrincipal = New WindowsPrincipal(New WindowsIdentity(Username))
    Dim MyPrincipal As System.Security.Principal.WindowsPrincipal = New WindowsPrincipal(New WindowsIdentity(UserName)) 'New System.Security.Principal.WindowsPrincipal(userPrincipal)
    Return MyPrincipal.IsInRole("XXX_YYY")
End Function

Also Tried to do something like this but getting the error i screenshotted.

Public Function IsInGroup(ByVal UserName As String) As Boolean
    Dim Result As Boolean
    Dim de As New DirectoryEntry("LDAP://AD")
    Dim MemberSearcher As New DirectorySearcher

    With MemberSearcher
        .SearchRoot = de
        .Filter = "(&(ObjectClass=Group)(CN=VAL_ITS))"
        .PropertiesToLoad.Add("Member")
    End With

    Dim mySearchResults As SearchResult = MemberSearcher.FindOne()

    For Each User In mySearchResults.Properties("Member")

        If User = UserName Then
            Result = True
        Else
            Result = False
        End If
    Next

    Return Result
End Function

enter image description here

Solution 
  • 'Project > Add Reference > System.DirectoryServices.AccountManagement & System.DirectoryServices

    Validate using the System.DirectoryServices.AccountManagement namespace

        Imports System.DirectoryServices.AccountManagement

    Public function validate(username as string, password as string, domain as string)

        Dim valid As Boolean = False

        Using context As New PrincipalContext(ContextType.Domain, domain)
            valid = context.ValidateCredentials(username, password)
        End Using

        return valid

    End Function

    Public function checkgroup(domain as string, username as string, groupname as string)

      Dim isMember as boolean = false
      Dim ctx As New PrincipalContext(ContextType.Domain, domain)
      Dim user As UserPrincipal = UserPrincipal.FindByIdentity(ctx, username)
      Dim group As GroupPrincipal = GroupPrincipal.FindByIdentity(ctx, groupname)

      If user IsNot Nothing Then
        If user.IsMemberOf(group) Then
          isMember = True
        End If
      End If

      return isMember

    End Function