Home/ Questions/Q 900437
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T15:23:14+00:00

I have a website which requires users to enter their corporate network username and

  • 0

I have a website which requires users to enter their corporate network username and password. It then looks for that account in Active Directory and gets a list of any email addresses associated with that account.

The problem I am having is that ONE incorrect password is locking out an account. Our domain policy is that an account will lock out after three incorrect entries, so I am assuming that I am doing something wrong in my code. I am not very knowledgeable about Active Directory or .NET DirectoryServices in general, which may be apparent from my code. Here it is:

public ArrayList AuthenticateActiveDirectory(string Domain, string UserName, string Password)
{
    // An error occurs if the username/password combo does not exist.
    // That is how we know it is not a valid entry.
    try
    {
        DirectoryEntry entry = new DirectoryEntry("LDAP://" + Domain, UserName, Password);
        object nativeObject = entry.NativeObject;
        ArrayList emails = new ArrayList();
        DirectorySearcher ds = new DirectorySearcher(entry);
        ds.Filter = "samaccountname=" + UserName;
        ds.PropertiesToLoad.Add("mail");
        SearchResult sr = ds.FindOne();
        if (sr.Properties["mail"] != null)
        {
            for (int email = 0; email < sr.Properties["mail"].Count; email++)
            {
                emails.Add(sr.Properties["mail"][email]);
            }
        }
        return emails;
    }
    catch (DirectoryServicesCOMException) { throw; }
    catch (Exception) { throw; }
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I did some searching and found some code (thanks to Ayende Rahien for the solution) to use that just authenticates and doesn’t search for emails or anything else. I am using this prior to the other function, and it seems to be working fine. I am guessing that my other code is hitting AD more than once – at least 3 times – which is resulting in the lockout. Here is the code I am using now to just authenticate:

        private bool Authenticate(string domain, string user, string password)
{
    try
    {
        using (DirectoryEntry de = new DirectoryEntry("LDAP://" + domain,
                                              user, password))
        {
            return de.NativeObject != null;
        }
    }
    catch
    {
        return false;
    }
}
    • 0