The IADsOpenDSObject interface is designed to supply a security context for binding to a directory object. It provides means for specifying credentials of a client. Use this interface to bind to an ADSI object when you must supply credentials for authentication.
Adaxes ADSI Provider maintains the security context in its cache. Thus, throughout the connection within a process, once authenticated, the supplied user credentials are applied to any actions performed on this object and its children. This credential caching model applies to binding to different objects as well, provided that the binding takes place within the same connection and process.
Calling the OpenDSObject method yields a cache handle. Releasing this cache handle releases the security context as well.
Inheritance: The IADsOpenDSObject interface inherits from the IDispatch interface.
Binds to an ADSI object using the given credentials.
Object OpenDSObject(String adsPath, String username, String password, Int32 authOptions)
- adsPath - A String that specifies the ADS path of the ADSI object.
- username - A String that specifies the username to be used to bind to the object.
- password - A String that specifies the user password.
- authOptions - Authentication flags used to specify the binding options. For more information, see ADS_AUTHENTICATION_ENUM.
The method uses the default credentials when username and password are set to NULL.
This method should not be used just to validate user credentials.
The OpenDSObject method maintains the authenticated and encrypted user credentials in the cache. Cached credentials may be used in subsequent operations for binding to any other directory objects. ADSI client applications should not cache the credentials supplied by the user. Instead, they should rely on the ADSI infrastructure to perform caching. To use the cached credentials, password and username must remain unchanged in any subsequent calls of OpenDSObject.
The credentials passed to the OpenDSObject method are used only with the particular object bound to and do not affect the security context of the calling thread.
With the Adaxes ADSI provider, you can pass in username as one of the following strings:
- Pre-Windows 2000 username (e.g. DOMAIN\johnsmith).
- User Principal Name (UPN) (e.g. johnsmith@Domain.com). To use a UPN, you must assign the appropriate UPN value for the userPrincipalName attribute of the target user object.
Minimum required version: 2009.1