I want to validate a user/password against active directory. I found solution using .NET code (System.DirectoryServices.AccountManagement), but I can't find the call made to the windows api. I know LogonUser in WinApi, but it validates the username/password on the specific host running the code. I want to validate a user against the active directory directly. Any idea ?
I tried LogonUser, but it doesn't work in all cases. Like it is specified in the help, You cannot use LogonUser to log on to a remote computer. I had a case where a user could log in on a specific host only. So if my service is running on a different host, the LogonUser will give me an error even if the user exists on my active directory and the credential were good.
I'm looking ldap protocol. The thing that I don't understand is how to get the "DN" parameters. I tries on my domain, where I already know that my path is "cn=Administrator,cn=Users,dc=domain,dc=local", but what if I don't know the active directory structure ? It exists ldap_search so I tried to find the user before trying to do a bind, but I got an error saying that I have to do a bind before doing a search (and it probably makes sense because you don't want anybody search in your AD).