User authentication using ASP.NET and Active Directory Services


New member
Jul 1, 2008
Programming Experience

I'm using Windows XP Professional with IIS. I developed Login page that authenticated user in Active Directory Services.

Here's some code,
Public Function IsAuthenticated(ByVal domain As String, ByVal username As String, ByVal pwd As String) As Boolean
    Dim domainAndUsername As String = domain + "\" + username
    Dim entry As New DirectoryEntry(_path, domainAndUsername, pwd)
        ' Bind to the native AdsObject to force authentication.
        Dim obj As Object = entry.NativeObject
        Dim search As New DirectorySearcher(entry)
        search.Filter = "(SAMAccountName=" + username + ")"
        Dim result As SearchResult = search.FindOne()
        If result Is Nothing Then
            Return False
        End If
        ' Update the new path to the user in the directory
        _path = result.Path
        _filterAttribute = DirectCast(result.Properties("cn")(0), String)
    Catch ex As Exception

        '----------error log
        ' Get current date and time
        Dim dt As DateTime = DateTime.Now
        Dim logFile As String = "C:\jai_logfiles\ADServicesClass.txt"
        Dim logWriter As StreamWriter
        'logFile = ConfigurationSettings.AppSettings["LogFilePath"];
        If File.Exists(logFile) Then
            logWriter = File.AppendText(logFile)
            logWriter = File.CreateText(logFile)
        End If
        logWriter.Write(dt.ToString("dd MMM yyyy HH:mm:ss").ToString() + " - Error at IsAuthenticated-->" + ex.Message)

        Return False
    End Try
    Return True
End Function

My domain is: GW_ASIAPACIFIC
LDAP Path is: LDAP://,dc=com

Below is my web.config files
<?xml version="1.0"?>
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
		<add key="ConnectionString" value="Data Source=KUAWLFLOAT002;Initial Catalog=Crp_JAI;Integrated Security=SSPI;"/>
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.

            Visual Basic options:
            Set strict="true" to disallow all data type conversions 
            where data loss can occur. 
            Set explicit="true" to force declaration of all variables.
		<compilation debug="true" strict="false" explicit="true">
				<add assembly="System.DirectoryServices, Version=, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
				<add namespace="System"/>
				<add namespace="System.Collections"/>
				<add namespace="System.Collections.Generic"/>
				<add namespace="System.Collections.Specialized"/>
				<add namespace="System.Configuration"/>
				<add namespace="System.Text"/>
				<add namespace="System.Text.RegularExpressions"/>
				<add namespace="System.Web"/>
				<add namespace="System.Web.Caching"/>
				<add namespace="System.Web.SessionState"/>
				<add namespace="System.Web.Security"/>
				<add namespace="System.Web.Profile"/>
				<add namespace="System.Web.UI"/>
				<add namespace="System.Web.UI.WebControls"/>
				<add namespace="System.Web.UI.WebControls.WebParts"/>
				<add namespace="System.Web.UI.HtmlControls"/>
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
		<authentication mode="Forms">
			<!--forms loginUrl="login.aspx" protection="All" timeout="30" name=".ASPXAUTH" path="/" slidingExpiration="true"/-->
      <forms loginUrl="login.aspx" name=".ASPXAUTH" timeout="60" path="/"> </forms>
      <deny users="?" />
      <allow users="*" />
    <identity impersonate="true"/>
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
	<!-- Set up Authorization using location tag. -->
	<location path="graphic">
				<allow users="*"/>
	<location path="js">
				<allow users="*"/>
	<!--location path="secured">
        <allow users="*"/>


I'm setup my IIS with
1. Under Anonymous access and authentication control - i clicked Edit...
2. Authentication Methods Dialog will diplayed.
3. I checked Anonymous access, then I set as follow,
Account used for anonymous access:
User: jai
Password: jai123
I'm unchecked Allow IIS to control password
Then, i clicked OK and OK again to close the property dialog.

When run the web application, i got error in my logfiles it shown
The requested authentication method is not supported by the server.

My question is,
1. What did i miss my code, web.config and IIS setting etc?
2. Did i need do something with configuration and setting at directory server to make sure requested authentication method is supported?

I'm really-really stuck.
Last edited by a moderator: