Solved

asp.net & AD groups list

Posted on 2011-02-17
1
627 Views
Last Modified: 2012-05-11


How do I get a groups list from the active directory repository in ASP.net using the fully qualified using the fully qualified LDAP name/call and display them in a list on a MVC Strongly-typed view page?  Also, how can I get the specific users associated with a group using the fully qualified LDAP name (e.g. CD=blah,DC=blah,DC=com)?

Again i'm using ASP.net in a web service and I'm not sure if the web service security would allow that.  The AD server is on a different box local to my network.

I tried using something like this I found and it's not working the way I want it to:


ArrayList groupMembers = new ArrayList();

            // find all nested groups in this group
            DirectorySearcher ds = new DirectorySearcher("LDAP://DC=company,DC=com");
            ds.Filter = String.Format("(&(memberOf={0})(objectClass=group))", strGroupDN);

            ds.PropertiesToLoad.Add("distinguishedName");

            foreach (SearchResult sr in ds.FindAll())
            {
                groupMembers.Add(sr.Properties["distinguishedName"][0].ToString());
            }

Open in new window

0
Comment
Question by:esesjay4
1 Comment
 
LVL 28

Accepted Solution

by:
strickdd earned 250 total points
ID: 34928077
This is the code I use for interacting with AD. It is not necessarily what you are doing, but it should help figure it out.
#region LDap Authentication
		/// <summary>
		/// <para>Searches a group for a particular username.</para>
		/// <para>This is an unindexed tree search, which is O(n), where n is the total number of members under the root. </para>
		/// <para>Possibly more if LDAP doesn't have a O(1) file-finding time.</para>
		/// <note>USE AS SPECIFIC GROUPING AS YOU CAN. Querying the entire LDAP will take a lot of time.</note>
		/// <note>DO NOT include domain name. (i.e. "AD\")</note>
		/// </summary>
		/// <param name="userName">Username to check against LDAP.</param>
		/// <param name="group">The Active Directory Group to check against.</param>
		/// <returns>true if a user with Username is found in Group or any subgroup of Group</returns>
		public static bool IsInGroup(string userName, string group)
		{
			//find the group in LDAP. If not able to, abort and return false.
			System.DirectoryServices.DirectorySearcher GroupSearch = new System.DirectoryServices.DirectorySearcher("(cn=" + group + ")");
			System.DirectoryServices.SearchResultCollection FindGroup = GroupSearch.FindAll();
			if (FindGroup.Count <= 0)
			{
				FindGroup.Dispose();
				GroupSearch.Dispose();
				return false;
			}

        
			//find the members of the group (either subdirectories or members)
			//return true if Username is in the directory or subdirectory via recursion
			foreach (System.DirectoryServices.SearchResult FoundGroup in FindGroup)
			{
				foreach(string key in FoundGroup.Properties["member"])
				{
					if (IsInGroupRecursive(userName.ToLower(), key))
					{
						FindGroup.Dispose();
						GroupSearch.Dispose();
						return true;
					}
				}
			}

			FindGroup.Dispose();
			GroupSearch.Dispose();
			return false;
		}

	
		/// <summary>
		/// <para>Groupsearch, the core of the SearchGroup function.</para>
		/// <para>Searches a particular group for a username, given a path.</para>
		/// <para>username is found by cn=, possible adaptation would be to allow a property to be passed in.</para>
		/// <note>DO NOT include domain name. (i.e. "AD\")</note>
		/// </summary>
		/// <param name="username">Username to check against LDAP.</param>
		/// <param name="path">LDAP path for search for a user.</param>
		/// <returns>true if a user with Username is found in Group or any subgroup of Group</returns>
		private static bool IsInGroupRecursive(string username, string path)
		{
			//Test if a directory is the correct user.
			System.DirectoryServices.DirectoryEntry CurrentGroup = new System.DirectoryServices.DirectoryEntry(@"LDAP://"+path);

			if (CurrentGroup.Properties["cn"].Value.ToString().ToLower().Equals(username))
			{
				CurrentGroup.Dispose();
				return true;
			}
			else //search all subdirectories recursively.
			{
				foreach (string key in CurrentGroup.Properties["member"])
				{
					if (IsInGroupRecursive(username, key))
					{
						CurrentGroup.Dispose();
						return true;
					}
				}
			}

			CurrentGroup.Dispose();
			return false;
		}
		#endregion

Open in new window

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article discusses the ASP.NET AJAX ModalPopupExtender control. In this article we will show how to use the ModalPopupExtender control, how to display/show/call the ASP.NET AJAX ModalPopupExtender control from javascript, how to show/display/cal…
Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now