I am a newbie to LDAP and Active Directories.
I need to build a active directory of users who are eligible to access a particular conputer. When the user enters the username and password in a web interface(created in C#) it is sent to the active directory via LDAP query to the active directory. AD will return users email address if the login is successful.
Is it possible to setup a Active Directory to achieve the above scenario locally? I am using Windows 7 Ultimate. I have installed ADAM for LDAP access.
Regards,
John.
Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:
Managing Directory Security Principals in the .NET Framework 3.5
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// validate username/password combo
if (ctx.ValidateCredentials(username, password))
{
// if valid - find user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, username);
if (user != null)
{
return user.EmailAddress;
}
}
The new S.DS.AM makes it really easy to play around with users and groups in AD!
For ADAM (or AD LDS as it's called today), you could use
PrincipalContext ctx = new PrincipalContext(ContextType.ApplicationDirectory);
to establish a context with your ADAM directory - not sure, but you probably have to supply some form of additional information to know what Application directory to use (I've never played with this on ADAM). And also: I'm not sure if you can validate credentials against an ADAM store .... you'll just have to see and try!