[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

asp.net & AD groups list

Posted on 2011-02-17
1
Medium Priority
?
634 Views
Last Modified: 2012-05-11


How do I get a groups list from the active directory repository in ASP.net using the fully qualified using the fully qualified LDAP name/call and display them in a list on a MVC Strongly-typed view page?  Also, how can I get the specific users associated with a group using the fully qualified LDAP name (e.g. CD=blah,DC=blah,DC=com)?

Again i'm using ASP.net in a web service and I'm not sure if the web service security would allow that.  The AD server is on a different box local to my network.

I tried using something like this I found and it's not working the way I want it to:


ArrayList groupMembers = new ArrayList();

            // find all nested groups in this group
            DirectorySearcher ds = new DirectorySearcher("LDAP://DC=company,DC=com");
            ds.Filter = String.Format("(&(memberOf={0})(objectClass=group))", strGroupDN);

            ds.PropertiesToLoad.Add("distinguishedName");

            foreach (SearchResult sr in ds.FindAll())
            {
                groupMembers.Add(sr.Properties["distinguishedName"][0].ToString());
            }

Open in new window

0
Comment
Question by:esesjay4
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 28

Accepted Solution

by:
strickdd earned 1000 total points
ID: 34928077
This is the code I use for interacting with AD. It is not necessarily what you are doing, but it should help figure it out.
#region LDap Authentication
		/// <summary>
		/// <para>Searches a group for a particular username.</para>
		/// <para>This is an unindexed tree search, which is O(n), where n is the total number of members under the root. </para>
		/// <para>Possibly more if LDAP doesn't have a O(1) file-finding time.</para>
		/// <note>USE AS SPECIFIC GROUPING AS YOU CAN. Querying the entire LDAP will take a lot of time.</note>
		/// <note>DO NOT include domain name. (i.e. "AD\")</note>
		/// </summary>
		/// <param name="userName">Username to check against LDAP.</param>
		/// <param name="group">The Active Directory Group to check against.</param>
		/// <returns>true if a user with Username is found in Group or any subgroup of Group</returns>
		public static bool IsInGroup(string userName, string group)
		{
			//find the group in LDAP. If not able to, abort and return false.
			System.DirectoryServices.DirectorySearcher GroupSearch = new System.DirectoryServices.DirectorySearcher("(cn=" + group + ")");
			System.DirectoryServices.SearchResultCollection FindGroup = GroupSearch.FindAll();
			if (FindGroup.Count <= 0)
			{
				FindGroup.Dispose();
				GroupSearch.Dispose();
				return false;
			}

        
			//find the members of the group (either subdirectories or members)
			//return true if Username is in the directory or subdirectory via recursion
			foreach (System.DirectoryServices.SearchResult FoundGroup in FindGroup)
			{
				foreach(string key in FoundGroup.Properties["member"])
				{
					if (IsInGroupRecursive(userName.ToLower(), key))
					{
						FindGroup.Dispose();
						GroupSearch.Dispose();
						return true;
					}
				}
			}

			FindGroup.Dispose();
			GroupSearch.Dispose();
			return false;
		}

	
		/// <summary>
		/// <para>Groupsearch, the core of the SearchGroup function.</para>
		/// <para>Searches a particular group for a username, given a path.</para>
		/// <para>username is found by cn=, possible adaptation would be to allow a property to be passed in.</para>
		/// <note>DO NOT include domain name. (i.e. "AD\")</note>
		/// </summary>
		/// <param name="username">Username to check against LDAP.</param>
		/// <param name="path">LDAP path for search for a user.</param>
		/// <returns>true if a user with Username is found in Group or any subgroup of Group</returns>
		private static bool IsInGroupRecursive(string username, string path)
		{
			//Test if a directory is the correct user.
			System.DirectoryServices.DirectoryEntry CurrentGroup = new System.DirectoryServices.DirectoryEntry(@"LDAP://"+path);

			if (CurrentGroup.Properties["cn"].Value.ToString().ToLower().Equals(username))
			{
				CurrentGroup.Dispose();
				return true;
			}
			else //search all subdirectories recursively.
			{
				foreach (string key in CurrentGroup.Properties["member"])
				{
					if (IsInGroupRecursive(username, key))
					{
						CurrentGroup.Dispose();
						return true;
					}
				}
			}

			CurrentGroup.Dispose();
			return false;
		}
		#endregion

Open in new window

0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question