public bool IsAuthenticated(string domain, string username, string password) { string domainAndUsername = domain + @"\" + username; DirectoryEntry entry = new DirectoryEntry(path, domainAndUsername, password); using (HostingEnvironment.Impersonate()) // Provides application-management functions and application services to a managed application within its application domain. Impersonates the user represented by the application identity. { try { DirectorySearcher search = new DirectorySearcher(entry); search.Filter = "(SAMAccountName=" + username + ")"; search.PropertiesToLoad.Add("cn"); // we were having issues with search.FindAll() method listed below and it takes 15 seconds to load // below is the error message that is displayed // ExtendedErrorMessage = "8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1" // possible solution reference : https://social.technet.microsoft.com/Forums/windowsserver/en-US/2786da89-3dc7-43d9-8a75-3db54825ff36/solved-ldap-authentication-error-code-49-80090308-comment-acceptsecuritycontext-error-data?forum=winserverDS // solution implemented: create an exception for local users not found in active directory // reference: https://docs.microsoft.com/en-us/dotnet/csharp/programming-guide/exceptions/creating-and-throwing-exceptions if (username.ToLower().Equals("malb")) { throw new SystemException("user is not found in active directory"); } foreach (SearchResult result in search.FindAll()) { if (null != result) { path = result.Path; filterAttribute = (string)result.Properties["cn"][0]; // Picks up the display name from Active Directory break; } } } catch (Exception ex) { RunStoredProcedure rsp = new RunStoredProcedure(); // check if username exists bool userExist = rsp.UserExist(username); if (userExist) // write an if statement to check whether the username exist in the database { string userPassword = rsp.GetPassword(username); string decryptedPassword = rsp.DecryptPassword(userPassword); if (string.Equals(decryptedPassword, password)) // if it is, check if there is any password stored and match if exist return true { return(true); } else { return(false); } } else // else throw the exception { throw new Exception("Error authenticating user. " + ex.Message); } } return(true); } }