The Process is goes like this
Login ---> Authenticate with active directory users --> Authenticate with Form based authentication with database.-->
Application main page
Active Directory : Active Directory is an implementation of LDAP directory services by Microsoft for use in Windows
environments. Active Directory allows administrators to assign enterprise-wide policies, deploy programs to many computers,
and apply critical updates to an entire organization. An Active Directory stores information and settings relating to an
organization in a central, organized, accessible database. Active Directory networks can vary from a small installation with
a few hundred objects, to a large installation with millions of objects.
please ckeck this for more information about the
Now i am giving you the step by step process of authentication.
sTEP 1:Configure IIS for anonymous authentication
In the IIS Manager (in Administrative Tools) or the MMC snap-in for IIS, right-click the Web site for which you want to
configure authentication, and then click Properties.
Click the Directory Security tab, and then under Authentication and access control, click Edit.
Select the Anonymous Authentication check box (labeled Enable anonymous access in Windows Server 2003).
Make the anonymous account for the application an account that has permission to Active Directory.
Clear the Allow IIS To Control Password check box, if it is present. The default IUSR_
have permission to the Active Directory.
step 2 :
Add a reference of System.DirectoryServices.To Add reference right click project then select add reference than Visual Studio
opens a dialouge box then select the System.DirectoryServices after selecting check your web config it will shows you this
< add assembly="System.DirectoryServices, Version=220.127.116.11, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
it assures that the reference has been added to your application.
Come to your login page's code behind file then import System.DirectoryServices
Step 3 :Write code in Web Config file for Form authentication
< authentication mode="Forms">
< forms path="/" loginUrl="login.aspx" protection="All" timeout="30">
To cope with active directory put this after above code
< identity impersonate="true"/>
Step 4: Write a Funtion to authenticate the active directory users. This funtion accepts the user name and password and
authenticate with Active Directory users.
Public Function IsAuthenticated(ByVal domain As String, ByVal username As String, ByVal pwd As String) As Boolean
Dim domainAndUsername As String = ""
domainAndUsername = domain & "\" & username
Dim entry As New DirectoryEntry("LDAP://DC=ABC,DC=local", domainAndUsername, pwd)
Dim obj As Object
obj = entry.NativeObject
Dim search As New DirectorySearcher(entry)
Dim result As SearchResult
search.Filter = "(SAMAccountName=" + username + ")"
result = search.FindOne()
If result Is Nothing Then
Catch ex As Exception
for more information about LDAP click here
step 5 :
Write Function for form authentication with database user.
Function ValidateUsers(ByVal UserName As String, ByVal PassWord As String) As Boolean
'Write your database logic here and authenticate with database users
'In This User name and password will authenticate with your respective database table
STEP 6 :
Call both functions
If ValidateUsers(DBusername, DBpassword) And IsAuthenticated("ABC.local", "activeDirectoryUser", "Userpassword") Then
lblError.Text = ""
lblError.Text = "Invalid User Name , Password or Division"
I hope this article will helps you to create more secure web applications