private string CheckAuthenticated(string domain, string username, string passwd) { Logger.Info(_logMsg.Clear().SetPrefixMsg("Check Authenticated").Add("Domain", domain).Add("Username", username).ToInputLogString()); DirectorySearcher search = null; string domainAndUsername = domain + @"\" + username.ToLower().NullSafeTrim(); _entry = new DirectoryEntry(_path, domainAndUsername, passwd); // Check user lock string rootDomain = WebConfig.GetLdapDomain(); string rootUsername = WebConfig.GetLdapUsername(); string rootPassword = WebConfig.GetLdapPassword(); string rootDomainAndUsername = rootDomain + @"\" + rootUsername; try { // Bind to the native AdsObject to force authentication. //object obj = entry.NativeObject; // Find cn and userAccountControl filter by SAMAccountName search = new DirectorySearcher(_entry); search.Filter = string.Format("(SAMAccountName={0})", username); search.PropertiesToLoad.Add("cn"); search.PropertiesToLoad.Add("description"); search.PropertiesToLoad.Add("mail"); search.PropertiesToLoad.Add("userAccountControl"); SearchResult result = search.FindOne(); if (null == result) { return("NO_RESULT"); } // Update the new path to the user in the directory. _path = result.Path; _filterCn = (string)result.Properties["cn"][0]; // Check employeeId (in description parameter) if (result.Properties["description"].Count != 0) { _employeeId = (string)result.Properties["description"][0]; } else { _employeeId = string.Empty; } // Check email (in mail parameter) if (result.Properties["mail"].Count != 0) { _email = (string)result.Properties["mail"][0]; } else { _email = string.Empty; } Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Domain", domain).Add("Username", username) .Add("Path", _path).Add("CN", _filterCn).Add("EmployeeID", _employeeId).Add("Email", _email).ToSuccessLogString()); return("SUCCESS"); } catch (Exception ex) { Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Domain", domain) .Add("Username", username).Add("Error Message", ex.Message).ToFailLogString()); DirectorySearcher ds = null; DirectoryEntry rootEntry = null; try { rootEntry = new DirectoryEntry(_path, rootDomainAndUsername, rootPassword); ds = new DirectorySearcher(rootEntry); ds.SearchScope = SearchScope.Subtree; ds.Filter = String.Format("(&(objectCategory=person)(anr={0}))", username); Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication") .Add("ds.Filter", string.Format("(&(objectCategory=person)(anr={0}))", username)) .ToOutputLogString()); SearchResultCollection src = ds.FindAll(); Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Username", username) .Add("src.Count", src.Count).ToOutputLogString()); Int64 lockoutTime = 0; foreach (SearchResult sr in src) { if ((sr != null) && (sr.Properties["userAccountControl"].Count > 0)) { ResultPropertyValueCollection uacCollection = sr.Properties["userAccountControl"]; Int32 userAccountControl = (Int32)uacCollection[0]; Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Username", username) .Add("UserAccountControl", userAccountControl).ToOutputLogString()); if (sr.Properties["lockouttime"].Count > 0) { ResultPropertyValueCollection valueCollection = sr.Properties["lockouttime"]; lockoutTime = (Int64)valueCollection[0]; } Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Username", username) .Add("LockoutTime", lockoutTime).ToOutputLogString()); // Check userAccountControl bool enabledUser = true; IList <string> uacDisabled = StringHelpers.ConvertStringToList(WebConfig.GetLdapUacDisabled()); for (int i = 0; i < uacDisabled.Count; i++) { if (userAccountControl == Int32.Parse(uacDisabled[i])) { enabledUser = false; } } Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Username", username) .Add("AccountEnabled", enabledUser).ToOutputLogString()); if (!enabledUser) { return("ACCOUNTDISABLE"); } else if (lockoutTime > 0) { return("LOCKOUT"); } } } } catch (InvalidOperationException exc) { Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Username", username).Add("Error Message", exc.Message).ToFailLogString()); Logger.Error("InvalidOperationException occur:\n", ex); throw new CustomException(Resource.Msg_CannotConnectToAD); } catch (NotSupportedException exc) { Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Username", username).Add("Error Message", exc.Message).ToFailLogString()); Logger.Error("NotSupportedException occur:\n", ex); throw new CustomException(Resource.Msg_CannotConnectToAD); } catch (Exception exc) { Logger.Info(_logMsg.Clear().SetPrefixMsg("01:LdapAuthentication").Add("Username", username).Add("Error Message", exc.Message).ToFailLogString()); Logger.Error("Exception occur:\n", ex); throw new CustomException(Resource.Msg_CannotConnectToAD); } finally { if (ds != null) { ds.Dispose(); ds = null; } if (rootEntry != null) { rootEntry.Dispose(); rootEntry = null; } } return("FAILED"); } finally { if (search != null) { search.Dispose(); search = null; } } }