Validate a username and password against Active Directory?

#1

I want to validate a user/password against active directory. I found solution using .NET code (System.DirectoryServices.AccountManagement), but I can’t find the call made to the windows api. I know LogonUser in WinApi, but it validates the username/password on the specific host running the code. I want to validate a user against the active directory directly. Any idea ?

Thanks

#2

This should help How to validate user credentials on Microsoft operating systems. In short, use winapi LogonUser function with LogonType = LOGON32_LOGON_NETWORK.

Another way is to use winldap API.

Look at ldap_init, ldap_connect, ldap_simple_bind function.

#3

I tried LogonUser, but it doesn’t work in all cases. Like it is specified in the help, You cannot use LogonUser to log on to a remote computer. I had a case where a user could log in on a specific host only. So if my service is running on a different host, the LogonUser will give me an error even if the user exists on my active directory and the credential were good.

I’m looking ldap protocol. The thing that I don’t understand is how to get the “DN” parameters. I tries on my domain, where I already know that my path is “cn=Administrator,cn=Users,dc=domain,dc=local”, but what if I don’t know the active directory structure ? It exists ldap_search so I tried to find the user before trying to do a bind, but I got an error saying that I have to do a bind before doing a search (and it probably makes sense because you don’t want anybody search in your AD).

Thanks for your reply