Solved

asp.net & AD groups list

Posted on 2011-02-17
1
629 Views
Last Modified: 2012-05-11


How do I get a groups list from the active directory repository in ASP.net using the fully qualified using the fully qualified LDAP name/call and display them in a list on a MVC Strongly-typed view page?  Also, how can I get the specific users associated with a group using the fully qualified LDAP name (e.g. CD=blah,DC=blah,DC=com)?

Again i'm using ASP.net in a web service and I'm not sure if the web service security would allow that.  The AD server is on a different box local to my network.

I tried using something like this I found and it's not working the way I want it to:


ArrayList groupMembers = new ArrayList();

            // find all nested groups in this group
            DirectorySearcher ds = new DirectorySearcher("LDAP://DC=company,DC=com");
            ds.Filter = String.Format("(&(memberOf={0})(objectClass=group))", strGroupDN);

            ds.PropertiesToLoad.Add("distinguishedName");

            foreach (SearchResult sr in ds.FindAll())
            {
                groupMembers.Add(sr.Properties["distinguishedName"][0].ToString());
            }

Open in new window

0
Comment
Question by:esesjay4
1 Comment
 
LVL 28

Accepted Solution

by:
strickdd earned 250 total points
ID: 34928077
This is the code I use for interacting with AD. It is not necessarily what you are doing, but it should help figure it out.
#region LDap Authentication
		/// <summary>
		/// <para>Searches a group for a particular username.</para>
		/// <para>This is an unindexed tree search, which is O(n), where n is the total number of members under the root. </para>
		/// <para>Possibly more if LDAP doesn't have a O(1) file-finding time.</para>
		/// <note>USE AS SPECIFIC GROUPING AS YOU CAN. Querying the entire LDAP will take a lot of time.</note>
		/// <note>DO NOT include domain name. (i.e. "AD\")</note>
		/// </summary>
		/// <param name="userName">Username to check against LDAP.</param>
		/// <param name="group">The Active Directory Group to check against.</param>
		/// <returns>true if a user with Username is found in Group or any subgroup of Group</returns>
		public static bool IsInGroup(string userName, string group)
		{
			//find the group in LDAP. If not able to, abort and return false.
			System.DirectoryServices.DirectorySearcher GroupSearch = new System.DirectoryServices.DirectorySearcher("(cn=" + group + ")");
			System.DirectoryServices.SearchResultCollection FindGroup = GroupSearch.FindAll();
			if (FindGroup.Count <= 0)
			{
				FindGroup.Dispose();
				GroupSearch.Dispose();
				return false;
			}

        
			//find the members of the group (either subdirectories or members)
			//return true if Username is in the directory or subdirectory via recursion
			foreach (System.DirectoryServices.SearchResult FoundGroup in FindGroup)
			{
				foreach(string key in FoundGroup.Properties["member"])
				{
					if (IsInGroupRecursive(userName.ToLower(), key))
					{
						FindGroup.Dispose();
						GroupSearch.Dispose();
						return true;
					}
				}
			}

			FindGroup.Dispose();
			GroupSearch.Dispose();
			return false;
		}

	
		/// <summary>
		/// <para>Groupsearch, the core of the SearchGroup function.</para>
		/// <para>Searches a particular group for a username, given a path.</para>
		/// <para>username is found by cn=, possible adaptation would be to allow a property to be passed in.</para>
		/// <note>DO NOT include domain name. (i.e. "AD\")</note>
		/// </summary>
		/// <param name="username">Username to check against LDAP.</param>
		/// <param name="path">LDAP path for search for a user.</param>
		/// <returns>true if a user with Username is found in Group or any subgroup of Group</returns>
		private static bool IsInGroupRecursive(string username, string path)
		{
			//Test if a directory is the correct user.
			System.DirectoryServices.DirectoryEntry CurrentGroup = new System.DirectoryServices.DirectoryEntry(@"LDAP://"+path);

			if (CurrentGroup.Properties["cn"].Value.ToString().ToLower().Equals(username))
			{
				CurrentGroup.Dispose();
				return true;
			}
			else //search all subdirectories recursively.
			{
				foreach (string key in CurrentGroup.Properties["member"])
				{
					if (IsInGroupRecursive(username, key))
					{
						CurrentGroup.Dispose();
						return true;
					}
				}
			}

			CurrentGroup.Dispose();
			return false;
		}
		#endregion

Open in new window

0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Lots of people ask this question on how to extend the “MembershipProvider” to make use of custom authentication like using existing database or make use of some other way of authentication. Many blogs show you how to extend the membership provider c…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question