ASP.Net (C#) Forms Authentication to a Domain without impersonation

You would think that making an ASP.Net web application that authenticates to an active directory domain should be fairly straight-forward. Unfortunately it is not for users of Microsoft .Net 1.1. (Microsoft.Net 2.0 has the ActiveDirectoryMembershipProvider class).

The regular way for ASP.Net applications to query ActiveDirectory is by changing the user that the web application runs under. This seems a little bit bizarre.

So I've made a simple web application that uses several DLL calls to do what Microsoft should have done a long time ago.

The DLL calls that are needed are both found in advapi32.dll:

• LogonUser
• GetTokenInformation

Unfortunately calling these functions from managed .Net functions was far-from-simple. But I ended up getting it to work.

Download my ASP.Net (C#) Forms Authentication to a Domain without impersonation Web Application