I wish did fix the issue. There's nothing wrong with catching the exception. You don't control the code inside DirectorySearcher, so you can't help that it throws an exception if something is wrong. However, you might want to differentiate the type of exceptions thrown, so you can tell the difference between bad credentials and a network error, for example. Note that, if the credentials are bad, the exception will be thrown by searcher.FindOne(), since you are using the user's credentials to connect to AD.
DirectorySearcher searcher = new DirectorySearcher(root, "(sAMAccountName=" + txtUsername.Value + ")");
result = searcher.FindOne();
will be helpful for those in need For our particular situation, because both the client and the web service are running on our company Intranet, a solution that may work for us is to handle the Authentication on the client end using the Integrated Windows NTLM authentication, and then then just have the client supply the credentials to the Web Service. Here is the client code:
public void AddRole(string roleName)
webSvc.Credentials = CredentialCache.DefaultCredentials;
// Invoke the WebMethod
public ResultObj AddRole(string roleToAdd)
IIdentity identity = Thread.CurrentPrincipal.Identity;
throw new UnauthorizedAccessException(
// Remaining code to add role....
Validate user in Azure Active Directory; Not using SSO but using username and password
hope this fix your issue What you are asking for is not technically possible with Azure Active Directory today. That scenario could possibly be supported in the future, so check back from time to time. We really encourage developers to rely on the in browser sign in experience. The reason is that because the browser allows the server to define the experience, it allows for much greater flexibility with respect to the kinds of credentials that can be employed. For instance, if you code your app to use only username and password, then it may need to be updated in order to take advantage of two factor authentication. If you rely on the browser based experience then your app can be totally agnostic to whether 2FA is being employed, or any other kind of authentication dance.
How to access a user's folder on Active Directory with his username and password?
it should still fix some issue You can read out the user's name, and his home directory, from Active Directory - but you CANNOT read the user's password, so you cannot impersonate that user to get access to his home directory. You do have two options, however:
Validate username and password without authenticating the user
wish helps you If you have created/defined a UserManager (see here) in your project you can try to find your user by his/her username and, if found, call VerifyHashedPassword method using the PasswordHasher member.
string userName = "my-user-name";
string password = "my-password";
var user = await ApplicationUserManager.FindByNameAsync(userName);
if (user != null)
PasswordVerificationResult result = ApplicationUserManager.PasswordHasher.VerifyHashedPassword(user.PasswordHash, password);
Authenticating the username and password returns user as none during logn
wish of those help The problem is not with the call to authenticate, but probably with how you are implementing the custom user model. Using a custom user model is totally fine, and is very useful, but if you want to keep things easy for yourself, let Django handle the password part.