I am a novice programmer. I need write desktop application, where user enters the username and password. After clicked on button calls the method Start class Process. Unfortunately, appears in an error message System.ComponentModel.Win32Exception, username or password is incorrect.
My code:
//Download data
String user = this.textBoxUser.Text;
String pass = this.textBoxPassword.Text;
//Password
SecureString secret = SecureStringConverter.ConvertToSecureString(pass);
//Webbrowser
string file = "chrome.exe";
string domain = #"http://localhost:62074/";
//Process start
Process proc = new Process();
Microsoft.Win32.RegistryKey subKey = Microsoft.Win32.Registry.ClassesRoot.OpenSubKey(#"http\shell\open\command");
String DefaultBrowser = subKey.GetValue(null).ToString();
if (DefaultBrowser != null)
{
int startIndex = DefaultBrowser.IndexOf("\"") + 1;
int endIndex = DefaultBrowser.IndexOf("\"", startIndex);
string RegDefaultBrowserPath = DefaultBrowser.Substring(startIndex, endIndex - startIndex);
proc.StartInfo.FileName = RegDefaultBrowserPath;
proc.StartInfo.Arguments = domain;
proc.StartInfo.UseShellExecute = false;
proc.StartInfo.LoadUserProfile = false;
proc.StartInfo.UserName = user;
proc.StartInfo.Password = secret;
proc.Start();
}
And this method to convert string to SecureString
public static class SecureStringConverter
{
public static SecureString ConvertToSecureString(string password)
{
if (password == null)
throw new ArgumentNullException("password");
unsafe
{
fixed (char* passwordChars = password)
{
var securePassword = new SecureString(passwordChars, password.Length);
securePassword.MakeReadOnly();
return securePassword;
}
}
}
}
I don't think your approach will work. At least not as simple as you might expect it to happen. You may get it working by launching Internet Explorer with explicit credentials to authenticate against applications hosted in IIS, as they may be configured to use domain account for authentication. This scenario essentially is for Intranet web applications. With Crome it is a completely different story.
Merits of your approach are completely not obvious. It is expected that credentials of user logged in to Windows are used for authentication. With your idea, it sounds more like someone else signs in to Windows for me, and I use my own credentials to run web app, but still use remaining windows apps with someone else's credentials.
The following article should give you an idea that it will depend on infrastructure support, and specific sign in process, not just as simple as forwarding explicit credentials to get it working with external web applications who knows nothing about your domain:
https://support.google.com/a/answer/60224?hl=en
Related
How do I get the current username in .NET using C#?
string userName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
If you are in a network of users, then the username will be different:
Environment.UserName
- Will Display format : 'Username'
rather than
System.Security.Principal.WindowsIdentity.GetCurrent().Name
- Will Display format : 'NetworkName\Username'
Choose the format you want.
Try the property: Environment.UserName.
The documentation for Environment.UserName seems to be a bit conflicting:
Environment.UserName Property
On the same page it says:
Gets the user name of the person who is currently logged on to the Windows operating system.
AND
displays the user name of the person who started the current thread
If you test Environment.UserName using RunAs, it will give you the RunAs user account name, not the user originally logged on to Windows.
I totally second the other answers, but I would like to highlight one more method which says
String UserName = Request.LogonUserIdentity.Name;
The above method returned me the username in the format: DomainName\UserName. For example, EUROPE\UserName
Which is different from:
String UserName = Environment.UserName;
Which displayed in the format: UserName
And finally:
String UserName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
which gave: NT AUTHORITY\IUSR (while running the application on IIS server) and DomainName\UserName (while running the application on a local server).
Use:
System.Security.Principal.WindowsIdentity.GetCurrent().Name
That will be the logon name.
Just in case someone is looking for user Display Name as opposed to User Name, like me.
Here's the treat :
System.DirectoryServices.AccountManagement.UserPrincipal.Current.DisplayName
Add Reference to System.DirectoryServices.AccountManagement in your project.
String myUserName = Environment.UserName
This will give you output - your_user_name
You may also want to try using:
Environment.UserName;
Like this...:
string j = "Your WindowsXP Account Name is: " + Environment.UserName;
Hope this has been helpful.
I tried several combinations from existing answers, but they were giving me
DefaultAppPool
IIS APPPOOL
IIS APPPOOL\DefaultAppPool
I ended up using
string vUserName = User.Identity.Name;
Which gave me the actual users domain username only.
Use System.Windows.Forms.SystemInformation.UserName for the actually logged in user as Environment.UserName still returns the account being used by the current process.
I've tried all the previous answers and found the answer on MSDN after none of these worked for me. See 'UserName4' for the correct one for me.
I'm after the Logged in User, as displayed by:
<asp:LoginName ID="LoginName1" runat="server" />
Here's a little function I wrote to try them all. My result is in the comments after each row.
protected string GetLoggedInUsername()
{
string UserName = System.Security.Principal.WindowsIdentity.GetCurrent().Name; // Gives NT AUTHORITY\SYSTEM
String UserName2 = Request.LogonUserIdentity.Name; // Gives NT AUTHORITY\SYSTEM
String UserName3 = Environment.UserName; // Gives SYSTEM
string UserName4 = HttpContext.Current.User.Identity.Name; // Gives actual user logged on (as seen in <ASP:Login />)
string UserName5 = System.Windows.Forms.SystemInformation.UserName; // Gives SYSTEM
return UserName4;
}
Calling this function returns the logged in username by return.
Update: I would like to point out that running this code on my Local server instance shows me that Username4 returns "" (an empty string), but UserName3 and UserName5 return the logged in User. Just something to beware of.
try this
ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT UserName FROM Win32_ComputerSystem");
ManagementObjectCollection collection = searcher.Get();
string username = (string)collection.Cast<ManagementBaseObject>().First()["UserName"];
now it looks better
Here is the code (but not in C#):
Private m_CurUser As String
Public ReadOnly Property CurrentUser As String
Get
If String.IsNullOrEmpty(m_CurUser) Then
Dim who As System.Security.Principal.IIdentity = System.Security.Principal.WindowsIdentity.GetCurrent()
If who Is Nothing Then
m_CurUser = Environment.UserDomainName & "\" & Environment.UserName
Else
m_CurUser = who.Name
End If
End If
Return m_CurUser
End Get
End Property
Here is the code (now also in C#):
private string m_CurUser;
public string CurrentUser
{
get
{
if(string.IsNullOrEmpty(m_CurUser))
{
var who = System.Security.Principal.WindowsIdentity.GetCurrent();
if (who == null)
m_CurUser = System.Environment.UserDomainName + #"\" + System.Environment.UserName;
else
m_CurUser = who.Name;
}
return m_CurUser;
}
}
For a Windows Forms app that was to be distributed to several users, many of which log in over vpn, I had tried several ways which all worked for my local machine testing but not for others. I came across a Microsoft article that I adapted and works.
using System;
using System.Security.Principal;
namespace ManageExclusion
{
public static class UserIdentity
{
// concept borrowed from
// https://msdn.microsoft.com/en-us/library/system.security.principal.windowsidentity(v=vs.110).aspx
public static string GetUser()
{
IntPtr accountToken = WindowsIdentity.GetCurrent().Token;
WindowsIdentity windowsIdentity = new WindowsIdentity(accountToken);
return windowsIdentity.Name;
}
}
}
Get the current Windows username:
using System;
class Sample
{
public static void Main()
{
Console.WriteLine();
// <-- Keep this information secure! -->
Console.WriteLine("UserName: {0}", Environment.UserName);
}
}
I went over most of the answers here and none of them gave me the right user name.
In my case I wanted to get the logged in user name, while running my app from a different user, like when shift+right click on a file and "Run as a different user".
The answers I tried gave me the 'other' username.
This blog post supplies a way to get the logged in user name, which works even in my scenario:
https://smbadiwe.github.io/post/track-activities-windows-service/
It uses Wtsapi
Edit: the essential code from the blog post, in case it ever disappears, is
Add this code to a class inheriting from ServiceBase
[DllImport("Wtsapi32.dll")]
private static extern bool WTSQuerySessionInformation(IntPtr hServer, int sessionId, WtsInfoClass wtsInfoClass, out IntPtr ppBuffer, out int pBytesReturned);
[DllImport("Wtsapi32.dll")]
private static extern void WTSFreeMemory(IntPtr pointer);
private enum WtsInfoClass
{
WTSUserName = 5,
WTSDomainName = 7,
}
private static string GetUsername(int sessionId, bool prependDomain = true)
{
IntPtr buffer;
int strLen;
string username = "SYSTEM";
if (WTSQuerySessionInformation(IntPtr.Zero, sessionId, WtsInfoClass.WTSUserName, out buffer, out strLen) && strLen > 1)
{
username = Marshal.PtrToStringAnsi(buffer);
WTSFreeMemory(buffer);
if (prependDomain)
{
if (WTSQuerySessionInformation(IntPtr.Zero, sessionId, WtsInfoClass.WTSDomainName, out buffer, out strLen) && strLen > 1)
{
username = Marshal.PtrToStringAnsi(buffer) + "\\" + username;
WTSFreeMemory(buffer);
}
}
}
return username;
}
If you don't have one already, add a constructor to the class; and add this line to it:
CanHandleSessionChangeEvent = true;
EDIT:
Per comments requests, here's how I get the session ID - which is the active console session ID:
[DllImport("kernel32.dll")]
private static extern uint WTSGetActiveConsoleSessionId();
var activeSessionId = WTSGetActiveConsoleSessionId();
if (activeSessionId == INVALID_SESSION_ID) //failed
{
logger.WriteLog("No session attached to console!");
}
In case it's helpful to others, when I upgraded an app from c#.net 3.5 app to Visual Studio 2017 this line of code User.Identity.Name.Substring(4); threw this error "startIndex cannot be larger than length of string" (it didn't baulk before).
It was happy when I changed it to System.Security.Principal.WindowsIdentity.GetCurrent().Name however I ended up using Environment.UserName; to get the logged in Windows user and without the domain portion.
I have a VMWare machine with Windows Server 2012 and Active Directory installed. The domain name is "cpx.local" and I have created a new user "testad".
I have a C# Winform application so I can test the connection to the LDAP server and then get all the users or groups in the Active Directory.
This is the code that works fine:
string server = "192.168.238.129";
string port = "389";
System.DirectoryServices.Protocols.LdapConnection ldapConnection =
new System.DirectoryServices.Protocols.LdapConnection(new LdapDirectoryIdentifier(server + ":" + port));
TimeSpan mytimeout = new TimeSpan(0, 0, 0, 1);
try
{
ldapConnection.AuthType = AuthType.Anonymous;
ldapConnection.AutoBind = false;
ldapConnection.Timeout = mytimeout;
ldapConnection.Bind();
Console.WriteLine(("Successfully authenticated to ldap server "));
ldapConnection.Dispose();
}
catch (LdapException ex)
{
Console.WriteLine(("Error with ldap server "));
Console.WriteLine((ex.GetType().ToString() + (":" + ex.Message)));
}
The problem is that if I want to authenticate with the new user "testad" it doesn't work.
I change the AuthType to be Basic and set the credentials.
ldapConnection.AuthType = AuthType.Basic;
ldapConnection.Credential = new NetworkCredential(#"cpx\testad", "test#D12345", "cpx.local");
ldapConnection.AutoBind = false;
ldapConnection.Timeout = mytimeout;
ldapConnection.Bind();
I get the following error:
I have tried to Login the Windows Server 2012 with this user and I can login perfect.
The interesting thing is that the following code is working fine:
var dirEntry = new DirectoryEntry(string.Format("LDAP://{0}/{1}", "192.168.238.129:389", "DC=cpx,DC=local"), "testad", "test#D12345");
var searcher = new DirectorySearcher(dirEntry)
{
Filter = "(&(&(objectClass=user)(objectClass=person)))"
};
var resultCollection = searcher.FindAll();
Am I doing something wrong with the NetworkCredentials?
maybe doubleccheck credentials.in NetworkCredential support username without 'cpx/' in front. as domain is provided
ldapConnection.Credential = new NetworkCredential(#"testad", "test#D12345", "cpx.local");
If you set the AuthType to Negotiate, does it work ?
AuthType details here
change:
ldapConnection.AuthType = AuthType.Basic;
to:
ldapConnection.AuthType = AuthType.Negotiate;
Regarding the domain name - cpx vs cpx.local - you can take a look at this article about some recommended practices
http://www.mdmarra.com/2012/11/why-you-shouldnt-use-local-in-your.html
The correct way to name an Active Directory domain is to create a subdomain that is the delegation of a parent domain that you have registered and have control over. As an example, if I ever started a consulting business and used the Internet-facing website mdmarra.com as my company's site, I should name my Active Directory domain ad.mdmarra.com or internal.mdmarra.com, or something similar. You want to avoid making up a TLD like .local and you also want to avoid the headache of using mdmarra.com for the Internet-facing zone and the internal zone.
Change: ldapConnection.AutoBind= false;
to: ldapConnection.AuthType = true;
I have a .NET c# application,
the business flow (short and to the point) is:
Users make a call to my app which authenticates them by windows authentication.
If the user is a "special user" (business logic part, E.g. some account admin), I impersonate to a "Master Account" in the active directory which has read / write permissions to a shared folder.
I then create folders and files with the impersonated user context --> This works.
But when I try to start a process (bcp.exe for those who care), I can't get it to work!
After many failing attempts , getting many error messages such as "access denied",
and trying to use almost all of the Process.ProcessStartInfo() attributes which should assist me to run a process as a different user, I decided to Post this as a question.
I've read many blogs suggesting the only way to do this is to use the win32 dll and call CreateProcessAsUser() method, but it's just to damn complicated, and I couldn't find any working sample of it.
bottom line question:
How can I start a Process (Process.Start) from a c# app while in impersonation context as the impersonated user?
My code:
private void ExecuteCommand(string backupSource, string backupFilename, string formatFilename)
{
// This works --> Here I'm under impersonated user context
// with read write permissions to the shared folder
if (!Directory.Exists(OutputPath))
{
Directory.CreateDirectory(OutputPath);
}
using (Process p = new Process())
{
p.StartInfo = GetProcessStartInfo(backupSource, backupFilename, formatFilename);
//Here I'm currently getting ""Access Denied" exception"
p.Start();
...
}
}
private ProcessStartInfo GetProcessStartInfo(string backupSource, string backupFilename, string formatFilename)
{
var result = new ProcessStartInfo();
result.UseShellExecute = false;
result.RedirectStandardOutput = true;
result.RedirectStandardError = true;
var file = Path.Combine(PathToExecutable, "bcp.exe");
// #"C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\bcp.exe";
result.FileName = file;
result.WorkingDirectory = Path.GetDirectoryName(file);
result.LoadUserProfile = true;
result.Domain = "IMPERSONATED USER DOMAIN";
result.UserName = "IMPERSONATED USER NAME";
var ssPwd = new SecureString();
string password = "IMPERSONATED USER PASSWORD";
for (int x = 0; x < password.Length; x++)
{
ssPwd.AppendChar(password[x]);
}
result.Password = ssPwd;
var backupFullFilename = GetFullFileName(backupFilename);
StringBuilder arguments = new StringBuilder(backupSource);
var formatFullFilename = GetFullFileName(formatFilename);
FormatArguments(arguments, backupFullFilename, formatFullFilename);
var argumentsString = arguments.ToString();
result.Arguments = argumentsString;
return result;
}
Edit #1:
I was able to resolve the "Access is denied" exception, by adding the impersonating user to the administrators group on the machine which the application that starts the process runs on.
Now, I'm having a different issue, no exception but seems like the process isn't starting, or exiting right on start, I'm getting exit code 1073741502.
I've read I must use the native win32 api CreateProcessAsUser() instead of System.Diagnostics.Process.Start() but I'm not sure if that's true.
Ideas?
Assistance would be appreciated.
How do I get the current username in .NET using C#?
string userName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
If you are in a network of users, then the username will be different:
Environment.UserName
- Will Display format : 'Username'
rather than
System.Security.Principal.WindowsIdentity.GetCurrent().Name
- Will Display format : 'NetworkName\Username'
Choose the format you want.
Try the property: Environment.UserName.
The documentation for Environment.UserName seems to be a bit conflicting:
Environment.UserName Property
On the same page it says:
Gets the user name of the person who is currently logged on to the Windows operating system.
AND
displays the user name of the person who started the current thread
If you test Environment.UserName using RunAs, it will give you the RunAs user account name, not the user originally logged on to Windows.
I totally second the other answers, but I would like to highlight one more method which says
String UserName = Request.LogonUserIdentity.Name;
The above method returned me the username in the format: DomainName\UserName. For example, EUROPE\UserName
Which is different from:
String UserName = Environment.UserName;
Which displayed in the format: UserName
And finally:
String UserName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
which gave: NT AUTHORITY\IUSR (while running the application on IIS server) and DomainName\UserName (while running the application on a local server).
Use:
System.Security.Principal.WindowsIdentity.GetCurrent().Name
That will be the logon name.
Just in case someone is looking for user Display Name as opposed to User Name, like me.
Here's the treat :
System.DirectoryServices.AccountManagement.UserPrincipal.Current.DisplayName
Add Reference to System.DirectoryServices.AccountManagement in your project.
String myUserName = Environment.UserName
This will give you output - your_user_name
You may also want to try using:
Environment.UserName;
Like this...:
string j = "Your WindowsXP Account Name is: " + Environment.UserName;
Hope this has been helpful.
I tried several combinations from existing answers, but they were giving me
DefaultAppPool
IIS APPPOOL
IIS APPPOOL\DefaultAppPool
I ended up using
string vUserName = User.Identity.Name;
Which gave me the actual users domain username only.
Use System.Windows.Forms.SystemInformation.UserName for the actually logged in user as Environment.UserName still returns the account being used by the current process.
I've tried all the previous answers and found the answer on MSDN after none of these worked for me. See 'UserName4' for the correct one for me.
I'm after the Logged in User, as displayed by:
<asp:LoginName ID="LoginName1" runat="server" />
Here's a little function I wrote to try them all. My result is in the comments after each row.
protected string GetLoggedInUsername()
{
string UserName = System.Security.Principal.WindowsIdentity.GetCurrent().Name; // Gives NT AUTHORITY\SYSTEM
String UserName2 = Request.LogonUserIdentity.Name; // Gives NT AUTHORITY\SYSTEM
String UserName3 = Environment.UserName; // Gives SYSTEM
string UserName4 = HttpContext.Current.User.Identity.Name; // Gives actual user logged on (as seen in <ASP:Login />)
string UserName5 = System.Windows.Forms.SystemInformation.UserName; // Gives SYSTEM
return UserName4;
}
Calling this function returns the logged in username by return.
Update: I would like to point out that running this code on my Local server instance shows me that Username4 returns "" (an empty string), but UserName3 and UserName5 return the logged in User. Just something to beware of.
try this
ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT UserName FROM Win32_ComputerSystem");
ManagementObjectCollection collection = searcher.Get();
string username = (string)collection.Cast<ManagementBaseObject>().First()["UserName"];
now it looks better
Here is the code (but not in C#):
Private m_CurUser As String
Public ReadOnly Property CurrentUser As String
Get
If String.IsNullOrEmpty(m_CurUser) Then
Dim who As System.Security.Principal.IIdentity = System.Security.Principal.WindowsIdentity.GetCurrent()
If who Is Nothing Then
m_CurUser = Environment.UserDomainName & "\" & Environment.UserName
Else
m_CurUser = who.Name
End If
End If
Return m_CurUser
End Get
End Property
Here is the code (now also in C#):
private string m_CurUser;
public string CurrentUser
{
get
{
if(string.IsNullOrEmpty(m_CurUser))
{
var who = System.Security.Principal.WindowsIdentity.GetCurrent();
if (who == null)
m_CurUser = System.Environment.UserDomainName + #"\" + System.Environment.UserName;
else
m_CurUser = who.Name;
}
return m_CurUser;
}
}
For a Windows Forms app that was to be distributed to several users, many of which log in over vpn, I had tried several ways which all worked for my local machine testing but not for others. I came across a Microsoft article that I adapted and works.
using System;
using System.Security.Principal;
namespace ManageExclusion
{
public static class UserIdentity
{
// concept borrowed from
// https://msdn.microsoft.com/en-us/library/system.security.principal.windowsidentity(v=vs.110).aspx
public static string GetUser()
{
IntPtr accountToken = WindowsIdentity.GetCurrent().Token;
WindowsIdentity windowsIdentity = new WindowsIdentity(accountToken);
return windowsIdentity.Name;
}
}
}
Get the current Windows username:
using System;
class Sample
{
public static void Main()
{
Console.WriteLine();
// <-- Keep this information secure! -->
Console.WriteLine("UserName: {0}", Environment.UserName);
}
}
I went over most of the answers here and none of them gave me the right user name.
In my case I wanted to get the logged in user name, while running my app from a different user, like when shift+right click on a file and "Run as a different user".
The answers I tried gave me the 'other' username.
This blog post supplies a way to get the logged in user name, which works even in my scenario:
https://smbadiwe.github.io/post/track-activities-windows-service/
It uses Wtsapi
Edit: the essential code from the blog post, in case it ever disappears, is
Add this code to a class inheriting from ServiceBase
[DllImport("Wtsapi32.dll")]
private static extern bool WTSQuerySessionInformation(IntPtr hServer, int sessionId, WtsInfoClass wtsInfoClass, out IntPtr ppBuffer, out int pBytesReturned);
[DllImport("Wtsapi32.dll")]
private static extern void WTSFreeMemory(IntPtr pointer);
private enum WtsInfoClass
{
WTSUserName = 5,
WTSDomainName = 7,
}
private static string GetUsername(int sessionId, bool prependDomain = true)
{
IntPtr buffer;
int strLen;
string username = "SYSTEM";
if (WTSQuerySessionInformation(IntPtr.Zero, sessionId, WtsInfoClass.WTSUserName, out buffer, out strLen) && strLen > 1)
{
username = Marshal.PtrToStringAnsi(buffer);
WTSFreeMemory(buffer);
if (prependDomain)
{
if (WTSQuerySessionInformation(IntPtr.Zero, sessionId, WtsInfoClass.WTSDomainName, out buffer, out strLen) && strLen > 1)
{
username = Marshal.PtrToStringAnsi(buffer) + "\\" + username;
WTSFreeMemory(buffer);
}
}
}
return username;
}
If you don't have one already, add a constructor to the class; and add this line to it:
CanHandleSessionChangeEvent = true;
EDIT:
Per comments requests, here's how I get the session ID - which is the active console session ID:
[DllImport("kernel32.dll")]
private static extern uint WTSGetActiveConsoleSessionId();
var activeSessionId = WTSGetActiveConsoleSessionId();
if (activeSessionId == INVALID_SESSION_ID) //failed
{
logger.WriteLog("No session attached to console!");
}
In case it's helpful to others, when I upgraded an app from c#.net 3.5 app to Visual Studio 2017 this line of code User.Identity.Name.Substring(4); threw this error "startIndex cannot be larger than length of string" (it didn't baulk before).
It was happy when I changed it to System.Security.Principal.WindowsIdentity.GetCurrent().Name however I ended up using Environment.UserName; to get the logged in Windows user and without the domain portion.
I would like to have a clean C# class that authenticates from Active Directory.
It should be pretty simple, it just has to ask for credentials and check if it matches what AD is expecting.
I am responsible for a number of C# applications, and I would like all of them to use the same class.
Could someone please provide a clean code sample of such a class? It should have good error handling, be well commented, and specifically ask for credentials rather than try to read if a user is already logged in to AD for another application. (This is a security requirement because some applications are used in areas with shared computers: People with multiple roles and different permission levels may use the same computer and forget to log out between sessions)
http://support.microsoft.com/kb/316748
public bool IsAuthenticated(String domain, String username, String pwd)
{
String domainAndUsername = domain + "\\" + username;
DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);
try
{ //Bind to the native AdsObject to force authentication.
Object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if(null == result)
{
return false;
}
//Update the new path to the user in the directory.
_path = result.Path;
_filterAttribute = (String)result.Properties["cn"][0];
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
return true;
}
Admittedly I have no experience programming against AD, but the link below seems it might address your problem.
http://www.codeproject.com/KB/system/everythingInAD.aspx#35
There's some reason you can't use Windows integrated authentication, and not bother users with entering their names and passwords? That's simultaneously the most usable and secure solution when possible.