Active Directory Authentication with Form Based Authentication with

In this Article , I am trying to explain the concept of Form authentication with Active Directory.


The Process is goes like this

Login ---> Authenticate with active directory users --> Authenticate with Form based authentication with database.-->

Application main page

Active Directory : Active Directory is an implementation of LDAP directory services by Microsoft for use in Windows

environments. Active Directory allows administrators to assign enterprise-wide policies, deploy programs to many computers,

and apply critical updates to an entire organization. An Active Directory stores information and settings relating to an

organization in a central, organized, accessible database. Active Directory networks can vary from a small installation with

a few hundred objects, to a large installation with millions of objects.

please ckeck this for more information about the

active directory.

Now i am giving you the step by step process of authentication.

sTEP 1:Configure IIS for anonymous authentication


In the IIS Manager (in Administrative Tools) or the MMC snap-in for IIS, right-click the Web site for which you want to

configure authentication, and then click Properties.

Click the Directory Security tab, and then under Authentication and access control, click Edit.

Select the Anonymous Authentication check box (labeled Enable anonymous access in Windows Server 2003).

Make the anonymous account for the application an account that has permission to Active Directory.

Clear the Allow IIS To Control Password check box, if it is present. The default IUSR_ account does not

have permission to the Active Directory.

step 2 :

Add a reference of System.DirectoryServices.To Add reference right click project then select add reference than Visual Studio

opens a dialouge box then select the System.DirectoryServices after selecting check your web config it will shows you this

 < add assembly="System.DirectoryServices, Version=, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/> 

under the .

it assures that the reference has been added to your application.

Come to your login page's code behind file then import System.DirectoryServices

 Imports System.DirectoryServices

Step 3 :Write code in Web Config file for Form authentication

< authentication mode="Forms">
< forms path="/" loginUrl="login.aspx" protection="All" timeout="30">
< /forms>
< /authentication>

To cope with active directory put this after above code
< identity impersonate="true"/>

Step 4: Write a Funtion to authenticate the active directory users. This funtion accepts the user name and password and

authenticate with Active Directory users.

Public Function IsAuthenticated(ByVal domain As String, ByVal username As String, ByVal pwd As String) As Boolean

Dim domainAndUsername As String = ""
domainAndUsername = domain & "\" & username
Dim entry As New DirectoryEntry("LDAP://DC=ABC,DC=local", domainAndUsername, pwd)
Dim obj As Object
obj = entry.NativeObject
Dim search As New DirectorySearcher(entry)
Dim result As SearchResult
search.Filter = "(SAMAccountName=" + username + ")"
result = search.FindOne()
If result Is Nothing Then
Return False
End If
Catch ex As Exception

Return False
End Try

Return True
End Function

for more information about LDAP click here

step 5 :

Write Function for form authentication with database user.

Function ValidateUsers(ByVal UserName As String, ByVal PassWord As String) As Boolean
'Write your database logic here and authenticate with database users
'In This User name and password will authenticate with your respective database table
End function

STEP 6 :

Call both functions

If ValidateUsers(DBusername, DBpassword) And IsAuthenticated("ABC.local", "activeDirectoryUser", "Userpassword") Then

FormsAuthentication.RedirectFromLoginPage(name, False)
lblError.Text = ""

lblError.Text = "Invalid User Name , Password or Division"
End If


I hope this article will helps you to create more secure web applications
Gaurav Sharma


  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name: