Windows Login

[joe_pool_is]

Some of our apps need passwords to access parts that should only be available to management.

We could develop our own and require management to remember yet another password that we would have to take care of resetting whenever they forget, lock themselves out, or whatever...

But, what if we could tap into the Windows Login? Can that be done?

Here's what I'm thinking:

Call a login box (ours or Windows') and have them enter their username and password. If the username/password combination matches, we activate features if they are in management.

I don't really need to know how the Windows Login works - I would just like to call it and get the results.

Can that be done? If so, how? If not, what is another solution (besides reinventing the wheel)?

 

[Nate Bross]

Are all target machiens in an active directory domain?

Making a query to LDAP is very simple, heres how you can authenticate to LDAP (active directory)

public static Boolean Authenticate(string userName, string password, string domain)
        {
            Boolean authentic = false;
            try
            {
                DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain,
                    userName, password);
                object nativeObject = entry.NativeObject;
                authentic = true;
            }
            catch (Exception)
            {
                authentic = false;
            }
            return authentic;
        }

Now, if you are using active directory and your IT department keeps all your managers as members of a security group, you can check if the user is a member of said group like this.

public static Boolean IsManagement(String uid)
            {
                try
                {
                    DirectoryEntry entry = new DirectoryEntry("LDAP://CN=ManagementSecurityGroup,ou=Users,DC=company,DC=com");
                    entry.RefreshCache();

                    foreach (String s in entry.Properties["member"])
                    {
                        DirectoryEntry entry2 = new DirectoryEntry("LDAP://" + s);
                        if (entry2.Properties["sAMAccountName"].Value.ToString().ToLower().Contains(uid.ToLower()) == true)
                        {
                            if (entry2.Properties["sAMAccountName"].Value.ToString().ToLower() == uid.ToLower())
                                return true;
                        }
                    }
                    return false;
                }
                catch (Exception ex)
                {
                    //LogError(ex);
                    return false;
                }
            }

You'll need to add a reference to System.DirectoryServices, then import that namespace.

HTH

 

[PlausiblyDamp]

If you are into LinQ as part of the newer 3.5 framework then http://www.codeplex.com/LINQtoAD is well worth a look.

 

[joe_pool_is]

Thanks Plausibly, but we are stuck in the middle ages (.Net Framework 2.0, VS2005, and XP). I suppose I'll have to wait before I get to learn LinQ. At least we are moving out of the stone age! (VB6)

Nate: We do have AD here, though I've never done anything with it. Let me give your code a quick test and I'll get back with you!

 

[joe_pool_is]

Nate - your query of Active Directory worked! Cool. I've never made a query to Active Directory before. Thanks!

 

[Nate Bross]

Glad it helped -- I can't take complete credit for it, I found it on the internet somewhere and customized it to work for me. I think it was originally from the code project.

Anyway, glad it helped.