Solved

asp.net & AD groups list

Posted on 2011-02-17
1
632 Views
Last Modified: 2012-05-11


How do I get a groups list from the active directory repository in ASP.net using the fully qualified using the fully qualified LDAP name/call and display them in a list on a MVC Strongly-typed view page?  Also, how can I get the specific users associated with a group using the fully qualified LDAP name (e.g. CD=blah,DC=blah,DC=com)?

Again i'm using ASP.net in a web service and I'm not sure if the web service security would allow that.  The AD server is on a different box local to my network.

I tried using something like this I found and it's not working the way I want it to:


ArrayList groupMembers = new ArrayList();

            // find all nested groups in this group
            DirectorySearcher ds = new DirectorySearcher("LDAP://DC=company,DC=com");
            ds.Filter = String.Format("(&(memberOf={0})(objectClass=group))", strGroupDN);

            ds.PropertiesToLoad.Add("distinguishedName");

            foreach (SearchResult sr in ds.FindAll())
            {
                groupMembers.Add(sr.Properties["distinguishedName"][0].ToString());
            }

Open in new window

0
Comment
Question by:esesjay4
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 28

Accepted Solution

by:
strickdd earned 250 total points
ID: 34928077
This is the code I use for interacting with AD. It is not necessarily what you are doing, but it should help figure it out.
#region LDap Authentication
		/// <summary>
		/// <para>Searches a group for a particular username.</para>
		/// <para>This is an unindexed tree search, which is O(n), where n is the total number of members under the root. </para>
		/// <para>Possibly more if LDAP doesn't have a O(1) file-finding time.</para>
		/// <note>USE AS SPECIFIC GROUPING AS YOU CAN. Querying the entire LDAP will take a lot of time.</note>
		/// <note>DO NOT include domain name. (i.e. "AD\")</note>
		/// </summary>
		/// <param name="userName">Username to check against LDAP.</param>
		/// <param name="group">The Active Directory Group to check against.</param>
		/// <returns>true if a user with Username is found in Group or any subgroup of Group</returns>
		public static bool IsInGroup(string userName, string group)
		{
			//find the group in LDAP. If not able to, abort and return false.
			System.DirectoryServices.DirectorySearcher GroupSearch = new System.DirectoryServices.DirectorySearcher("(cn=" + group + ")");
			System.DirectoryServices.SearchResultCollection FindGroup = GroupSearch.FindAll();
			if (FindGroup.Count <= 0)
			{
				FindGroup.Dispose();
				GroupSearch.Dispose();
				return false;
			}

        
			//find the members of the group (either subdirectories or members)
			//return true if Username is in the directory or subdirectory via recursion
			foreach (System.DirectoryServices.SearchResult FoundGroup in FindGroup)
			{
				foreach(string key in FoundGroup.Properties["member"])
				{
					if (IsInGroupRecursive(userName.ToLower(), key))
					{
						FindGroup.Dispose();
						GroupSearch.Dispose();
						return true;
					}
				}
			}

			FindGroup.Dispose();
			GroupSearch.Dispose();
			return false;
		}

	
		/// <summary>
		/// <para>Groupsearch, the core of the SearchGroup function.</para>
		/// <para>Searches a particular group for a username, given a path.</para>
		/// <para>username is found by cn=, possible adaptation would be to allow a property to be passed in.</para>
		/// <note>DO NOT include domain name. (i.e. "AD\")</note>
		/// </summary>
		/// <param name="username">Username to check against LDAP.</param>
		/// <param name="path">LDAP path for search for a user.</param>
		/// <returns>true if a user with Username is found in Group or any subgroup of Group</returns>
		private static bool IsInGroupRecursive(string username, string path)
		{
			//Test if a directory is the correct user.
			System.DirectoryServices.DirectoryEntry CurrentGroup = new System.DirectoryServices.DirectoryEntry(@"LDAP://"+path);

			if (CurrentGroup.Properties["cn"].Value.ToString().ToLower().Equals(username))
			{
				CurrentGroup.Dispose();
				return true;
			}
			else //search all subdirectories recursively.
			{
				foreach (string key in CurrentGroup.Properties["member"])
				{
					if (IsInGroupRecursive(username, key))
					{
						CurrentGroup.Dispose();
						return true;
					}
				}
			}

			CurrentGroup.Dispose();
			return false;
		}
		#endregion

Open in new window

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question