Here is my singin.ascx.vb file that uses AD for authentication. This function returns a 1 if the user is a valid AD user. I'm also working on getting the portal to use all of the groups from AD as well for security. Just replace the "Your Domain Here" with your domain, or add it to the submitting form and replace it with the form value.

*******Code for sigin.ascx.vb*******************
Imports System.Web.Security
Imports System
Imports System.Runtime.InteropServices
Imports System.Security.Principal
Imports System.Security.Permissions

Namespace ASPNetPortal

Public MustInherit Class Signin
Inherits ASPNetPortal.PortalModuleControl

Protected WithEvents email As System.Web.UI.WebControls.TextBox
Protected WithEvents password As System.Web.UI.WebControls.TextBox
Protected WithEvents RememberCheckbox As System.Web.UI.WebControls.CheckBox
Protected WithEvents SigninBtn As System.Web.UI.WebControls.ImageButton
Protected WithEvents Message As System.Web.UI.WebControls.Label

#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()

End Sub

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub

#End Region
<DllImport("advapi32.dll")> _
Public Shared Function LogonUser(ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, ByRef phToken As Integer) As Integer
End Function
Private Sub LoginBtn_Click(ByVal sender As Object, ByVal e As ImageClickEventArgs) Handles SigninBtn.Click

'New Authentication against Active Directory
'The Windows NT user token.
Dim intUserToken As Integer

'Get the user token for the specified user, machine, and password using the unmanaged LogonUser method.

'The parameters for LogonUser are the user name, computer name, password,
'Logon type (LOGON32_LOGON_NETWORK_CLEARTEXT), Logon provider (LOGON32_PROVIDER_DEFAULT),
'and user token.
Dim loggedOn As Integer = LogonUser(email.Text, "Your Domain Here", password.Text, 3, 0, intUserToken)

If loggedOn = 1 Then
FormsAuthentication.SetAuthCookie(email.Text, RememberCheckbox.Checked)
Response.Redirect(Request.ApplicationPath)
Else

Message.Text = "<" & "br" & ">Login Failed!" & "<" & "br" & ">"

End If

End Sub

End Class

End Namespace
**********************End of Code****************************

Enjoy,
Chris

I was able to use your example code (http://www.ibuyspy.com/Forums/ShowPost.aspx?tabindex=1&PostID=151708) in my Intranet portal, which allows users to authenticate to the Active Directory logging in via Forms authentication. However, my only problem now is that I can not access the Admin tab...

You had said that you were also working on getting the portal to use all of the groups from AD as well for security. Did you ever accomplish this? I can't seem to find the solution for this anywhere. I have established a security group for my portal administrators called PortalAdmin and have added members to this group. I realize somewhere I want to query the Domain\PortalAdmin but I can't figure out where to do this so that it works properly.

HELP PLEASE!!!

Thanks!
~Jill
:)

Jill,

I hope this helps in C#:

FileName: Authentication.cs

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.DirectoryServices;
using System.Web;
using System.Security.Cryptography;
using System.Text;
using System.Text.RegularExpressions;
using System.Security.Principal;
using System.Web.Security;
using Microsoft.ApplicationBlocks.ExceptionManagement;

public static bool AdAuthenticate(string username, string password,string path)
{
bool isAuthenticated = false;


DirectoryEntry userEntry = new DirectoryEntry(path,username,password);

try
{
DirectorySearcher dirSearcher = new DirectorySearcher(userEntry);

dirSearcher.Filter = "(SAMAccount=" + username + ")";
dirSearcher.PropertiesToLoad.Add("cn");
SearchResult searchResult = dirSearcher.FindOne();

isAuthenticated = true;

}
catch (Exception ex)
{
isAuthenticated = false;

// ignore logon failures do to incorrect password
// publish all other errors to the event log
if (ex.Message.Trim() != "Logon failure: unknown user name or bad password")
{

ExceptionManager.Publish(ex);
}
}

return isAuthenticated;
}


Now change the Signin.aspx.cs
Filename: Signin.aspx.cs

Change the LoginBtn_Click method:

....

private void LoginBtn_Click(Object sender, ImageClickEventArgs e) {

// Attempt to Validate User Credentials using UsersDB
UsersDB accountSystem = new UsersDB();
// Adding Active Directory Connectivity
string userId = "";

if (email.Text.ToLower() == "guest" || email.Text.ToLower() == "admin")
{
userId = accountSystem.Login(email.Text, password.Text);
}
else
{
userId = accountSystem.Login(email.Text,password.Text,true);
}

if ((userId != null) && (userId != "")) {

// Use security system to set the UserID within a client-side Cookie
FormsAuthentication.SetAuthCookie(email.Text, RememberCheckbox.Checked);

// Redirect browser back to originating page
Response.Redirect(Request.ApplicationPath);
}
else {
Message.Text = "<" + "br" + ">Login Failed!" + "<" + "br" + ">";
}
}

Note: I allow the guest and admin account to authenticate through the standard portal forms authentication.

You will also need the Microsoft Application Blocks Exception Management Patterns and Practices reference from their site to use ExceptionManager.Publish(ex).

Ryan Lee
[email protected]

I have posted the following question in the PSK forum and didnt get any response:

One of my Portal Starter Kit users (administrator) has asked me if the portal can use the windows active directory as the users backend authentication source, instead (or as base for) the sqlserver users table. His valid reason is that he doesnt want to maintain two users databases (active directory and the portal users table). This organisation uses the portal as an extranet (meaning I need uesrs from both within the domain as well as from outside, such as remote offices and mobile users access the extranet)

If I change the security setting in the web.config to Windows authentication instead of Forms authentication I get that effect, but then I lose the role based authorisation, which is essential for the portal.

Is there a way to use Windows authentication without losing the role based authorisation for accessing resources(tabs, and modules management level - view, edit etc)?
If the answer is yes, then how.

/////

It seems according to your solutions that you will be losing the possibility to create various roles dynamically in the portal because their role will not be reflected in the AD.
May I suggest another option: If we kept using the DB to authenticate users as well as assign their role, but used some kind of module (either in asp.net, script, or DTS (Data Transformation Services package through SQLServer)) that will periodically synchronise between the AD and the Users DB without dropping the roles for existing users (perhaps just automate copying of new accounts created in AD into the DB, assigning them default role. Optionally it could also, depending on the Administrator need, overwrite password changes in the AD into the DB).

I am happy to take role in this but I couldnt figure out how to communicate with the AD.

Using the code in my post prior to this you can access the AD by using a correct path:

LDAP://mail.<yourcompany>.com

WinNT://<computername>

read the microsoft article:

DirectoryEntry.Path Property