I have an application built in ASP.Net 3.0 and upgraded to 4.7 .Net Framework and deployed on a web server. In the Login page of the application I am validating user credential through LDAP via WebAPI.
Everyone is able to login to the application but authentication to the LDAP is getting failed only for one user. That user is able to connect to LDAP via other applications. He is able to access those applications which are also authenticating him via same LDAP Domain.
When we checked this with AD team they are not able to find any log for that user, so suspect LDAP server itself is not getting hit for that user.
We are using below code to connect to LDAP server.
public static bool IsActiveDirectoryLoginValid(string username, string password, out string errorMessage)
{
bool authenticated = false;
string _activeDirectoryDomain = "domain controller name";
try
{
directoryEntry = new DirectoryEntry(string.Format("LDAP://{0}", _activeDirectoryDomain), username, password);
DirectorySearcher ds = new DirectorySearcher(directoryEntry);
ds.FindOne();
authenticated = directoryEntry.NativeObject != null;
errorMessage = !authenticated ? "Unable to authenticate user with provided username and password!" : null;
}
catch(Exception ex)
{
Logger.Error("ActiveDirectoryAuthenticationHelper : IsActiveDirectoryLoginValid " + username, ex);
errorMessage = ex.Message;
authenticated = false; // most commonly user name/ password incorrect
}
return authenticated;
}
Password was getting truncated which sending from MVC to WebAPI if it was having '#' symbol in the password. We corrected it and issue got resolved.
Also, As Fredrik suggested NativeObject is checks if the user is authorized to read active directory information. I removed the NativeObject and used FindOne() method to search.