Authenticating to LDAP in ASP.Net 3.5 Application

Posted on 2009-02-17
Last Modified: 2013-12-24

We're building an ASP.Net 3.5 application for a client that requires LDAP authentication of the user.  I have a half-page of LDAP documentation from the client (it's a school), and a web full of examples on how to authenticate to LDAP.  I've build something resembling this:, which runs in our network.

I cannot get any examples to run in the client's network.  I think the problem is in correctly building the Bind DN.  Depending on how I code the authentication method, I either get "Inappropriate Authentication" or "Invalid Bind DN" back from LDAP.  

Here is the advice from the client's IT documentation:

"Use 128 bit or better transport layer authentication when authenticating"
"Connect to"
"The bind DN is: 'uid=myID,ou=people,dc=clientdomain,dc=edu'"

My main confusion is in building the "_path" string, as called for in Microsoft's code.  I've seen many different styles on the web:

- with or without LDAP:// in front, or LDAPS://
- a basic url, like
- a basic url plus a DN-style string, like,dc=com

I also don't understand how the authentication works.  I've seen examples in many places that call for modifying the anonymous web user to be a user with AD query rights, and using Identity Impersonate to adopt that identity for the application.  Does that mean that I first have to authenticate to LDAP as a system user, then re-authenticate with my web user's credentials?  Two round trips??  Or can I combine them into one?  Or just use the web user's credentials, and skip the anonymous user?

All we want to do is verify that the user has domain credentials before using our app.  We don't want to pull any information back from LDAP other than a "yes" or "no".

Am I the only one who finds this confusing?  :-(

Thanks in advance for any help!

Question by:roblinx
    LVL 41

    Accepted Solution

    Just a pointer if it helps:

    Also can you paste the variations you tried and the corresponding errors you get.

    Author Comment

    Here's the testbed I'm trying.  I'll put in commented out lines with the various connection strings I've tried.  Note that I'm just trying to authenticate my own login.  I've been told that we'll use each user's login to both bind and authenticate, so this model should be what we end up using in production, more or less.

    I can't debug locally (I'm offsite, and only have remote console access), so I'm not getting useful errors from this code, other than a general exception.

    I'm able to use LDP.EXE to look at LDAP interactively, and can give more information from that, if it's helpful.
    // have also tried the below with port 636...
    //                DirectoryEntry entry = new DirectoryEntry(",ou=people,dc=schooldomain,dc=edu", "myLogin", "myPassword", AuthenticationTypes.Secure);
    //                DirectoryEntry entry = new DirectoryEntry("ldap://,ou=people,dc=schooldomain,dc=edu", "myLogin", "myPassword", AuthenticationTypes.Secure);
    //                DirectoryEntry entry = new DirectoryEntry("", "myLogin", "myPassword", AuthenticationTypes.Secure);
    //                DirectoryEntry entry = new DirectoryEntry("ldap://,ou=people,dc=schooldomain,dc=edu", "myLogin", "myPassword", AuthenticationTypes.Secure);
                    DirectoryEntry entry = new DirectoryEntry(",ou=people,dc=schooldomain,dc=edu", "myLogin", "myPassword", AuthenticationTypes.Secure);
                    // Bind to the native AdsObject to force authentication.
                    Object obj = entry.NativeObject;
                    DirectorySearcher search = new DirectorySearcher(entry);
                    search.Filter = "(UID=myLogin)";
                    SearchResult result = search.FindOne();
                    if (null == result)
                        Console.WriteLine("Not Found");
                        Console.WriteLine("Found ");
                    // Update the new path to the user in the directory
                    _path = result.Path;
                    Console.WriteLine("Path: " + _path);
                    _filterAttribute = (String)result.Properties["cn"][0];
                    Console.WriteLine("Filter: " + _filterAttribute);

    Open in new window


    Author Closing Comment

    Thank you for your help.  LDAP is not an easy protocol to use: so many variations in implementation, and variations in methods of integration and access!  We have a solution that works, but I'm not satisfied that it's the best.  I am closing the question and awarding points because I appreciate the participation and help.  

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    This article describes some very basic things about SQL Server filegroups.
    SQL Command Tool comes with APEX under SQL Workshop. It helps us to make changes on the database directly using a graphical user interface. This helps us writing any SQL/ PLSQL queries and execute it on the database and we can create any database ob…
    Video by: Steve
    Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now