Creating Active Directory of usernames for LDAP access

Question

I am a newbie to LDAP and Active Directories.

I need to build a active directory of users who are eligible to access a particular conputer. When the user enters the username and password in a web interface(created in C#) it is sent to the active directory via LDAP query to the active directory. AD will return users email address if the login is successful.

Is it possible to setup a Active Directory to achieve the above scenario locally? I am using Windows 7 Ultimate. I have installed ADAM for LDAP access.

Regards,

John.

Answer 1

Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

Managing Directory Security Principals in the .NET Framework 3.5

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// validate username/password combo
if (ctx.ValidateCredentials(username, password))
{
   // if valid - find user
   UserPrincipal user = UserPrincipal.FindByIdentity(ctx, username);

   if (user != null)
   {
                return user.EmailAddress;
   }
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!

For ADAM (or AD LDS as it's called today), you could use

PrincipalContext ctx = new PrincipalContext(ContextType.ApplicationDirectory);

to establish a context with your ADAM directory - not sure, but you probably have to supply some form of additional information to know what Application directory to use (I've never played with this on ADAM). And also: I'm not sure if you can validate credentials against an ADAM store .... you'll just have to see and try!