LDAP authentication with VB.NET

LDAP, or Lightweight Directory Access Protocol, is a convenient, central repository for a system’s personnel information. LDAP (and other Active Directory services) are widely-used by organizations big and small to consolidate user credentials and identification data. For instance: a reporting services application, a webmail client, and a database administration suite can all read from the same Directory, with no need for replicating user information. John Doe only has to remember one password for all systems. When he changes it, those changes cascade across the board.

Update: As this continues to be the most searched-for article on my site, I will be posting a C# version in the near future. Stay tuned! The article is live! For an example in C#, see the other post: LDAP authentication with C#

Using VB.NET, you can easily implement LDAP queries and authentication in your applications and websites. In this example, I will be creating a simple web application that verifies a user’s password–effectively “logging them in” to the system:

ASP.NET 2.0 Code:

<%@ Page Language="VB"
    AutoEventWireup="false"
	CodeFile="Default.aspx.vb"
	Inherits="ldapLogin"
%>
<!DOCTYPE html PUBLIC
    "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
	<title>LDAP Login</title>
</head>
<body>
    <form id="form1" runat="server">
		<div id="loginForm" runat="server" visible="false">
			Username:
			<br />
			<asp:TextBox ID="txtUsername" runat="server" />
			<p />
			Password:
			<br />
			<asp:TextBox TextMode="Password" ID="txtPassword" runat="server" />
			<p />
			<asp:Button ID="btnLogin" runat="server" Text="Login" />
		</div>
    </form>
</body>
</html>

The code-behind file for this page attempts to connect to the Active Directory server using the supplied user credentials, and responds with a respective message:

VB.NET 3.5 Code:

Imports System.DirectoryServices


Partial Class ldapLogin
    Inherits System.Web.UI.Page


    ' "login" button clicked
    Protected Sub btnLogin_Click( _
		ByVal sender As Object, _
		ByVal e As System.EventArgs) _
    Handles btnLogin.Click
        ' build UID string
        Dim uid As String = "uid=" & txtUsername.Text & _
            ",ou=people,dc=example,dc=com"
        ' assign password
        Dim password As String = txtPassword.Text
        ' define LDAP connection
        Dim root As DirectoryEntry = New DirectoryEntry( _
            "LDAP://directory.example.com", uid, password, _
            AuthenticationTypes.None)


        Try
            ' attempt to use LDAP connection
            Dim connected As Object = root.NativeObject
            ' no exception, login successful
            Response.Write( _
                "<span style=""color:green;"">Login successful.</span>")
        Catch ex As Exception
            ' exception thrown, login failed
            Response.Write( _
                "<span style=""color:red;"">Login failed.</span>")
        End Try


        Response.Write("<p />")
    End Sub


    ' page load event
    Protected Sub Page_Load( _
		ByVal sender As Object, _
		ByVal e As System.EventArgs) _
    Handles Me.Load
        If Page.IsPostBack Then
            ' form submitted, hide login form
            loginForm.Visible = False
        Else
            ' first page load, show login form
            loginForm.Visible = True
        End If
    End Sub
End Class

The code makes a connection to the LDAP server using the supplied user credentials and domain information. The actual test for authentication happens on line 26, where the NativeObject member of the DirectoryEntry object is assigned to connected. If this assignment fails, the login was not authenticated, and the program will react accordingly.

Obviously, the uid and connection strings will have to be custom-tailored to your particular LDAP server. Also, the AuthenticationType property may need to be assigned a different value, depending on… can you guess? That’s right; the authentication method used by your LDAP server.