If you need to authenticate user logins against their Active Directory credentials, integrated authentication is often preferable since it is automatic but it is not always possible.  Given clear text user name and password, how can we do it?

A quick search will turn up a lot of ways:

• Use the LogonUser API (possibly not recommended as this is really used to impersonate a user, not just validate their login, but it appears if you use LOGON32_LOGON_NETWORK as logon type then it is a valid way to do it)
• Use the SSPI API – I’ll admit I was not able to go through that document
• Use an LDAP connection object (with a special OleDb provider)
• Use an LDAP object (with the GetObject call in VBScript – not sure what the equivalent is in C# though)
• Use the System.DirectoryServices

Of the above the DirectoryServices is the only one that worked for me on ASP.NET 1.1. 

The authentication procedure looked something like this:

private bool ValidateLogin(String user, String pw)
{
  DirectoryEntry e = new DirectoryEntry("GC://DOMAIN", user, pw, AuthenticationTypes.Secure);
  try {
    if(e.Name != null)
      return true;
  } catch {
    // exception means the logon failed
    return false;
  }
  // should not be reached
  return false;
}

The “GC://DOMAIN” part was the little trick… first I tried “WinNT://DOMAIN/USER” and found out new users were not able to log in.  You can also use a full LDAP query string.