• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 635
  • Last Modified:

asp.net & AD groups list



How do I get a groups list from the active directory repository in ASP.net using the fully qualified using the fully qualified LDAP name/call and display them in a list on a MVC Strongly-typed view page?  Also, how can I get the specific users associated with a group using the fully qualified LDAP name (e.g. CD=blah,DC=blah,DC=com)?

Again i'm using ASP.net in a web service and I'm not sure if the web service security would allow that.  The AD server is on a different box local to my network.

I tried using something like this I found and it's not working the way I want it to:


ArrayList groupMembers = new ArrayList();

            // find all nested groups in this group
            DirectorySearcher ds = new DirectorySearcher("LDAP://DC=company,DC=com");
            ds.Filter = String.Format("(&(memberOf={0})(objectClass=group))", strGroupDN);

            ds.PropertiesToLoad.Add("distinguishedName");

            foreach (SearchResult sr in ds.FindAll())
            {
                groupMembers.Add(sr.Properties["distinguishedName"][0].ToString());
            }

Open in new window

0
esesjay4
Asked:
esesjay4
1 Solution
 
strickddCommented:
This is the code I use for interacting with AD. It is not necessarily what you are doing, but it should help figure it out.
#region LDap Authentication
		/// <summary>
		/// <para>Searches a group for a particular username.</para>
		/// <para>This is an unindexed tree search, which is O(n), where n is the total number of members under the root. </para>
		/// <para>Possibly more if LDAP doesn't have a O(1) file-finding time.</para>
		/// <note>USE AS SPECIFIC GROUPING AS YOU CAN. Querying the entire LDAP will take a lot of time.</note>
		/// <note>DO NOT include domain name. (i.e. "AD\")</note>
		/// </summary>
		/// <param name="userName">Username to check against LDAP.</param>
		/// <param name="group">The Active Directory Group to check against.</param>
		/// <returns>true if a user with Username is found in Group or any subgroup of Group</returns>
		public static bool IsInGroup(string userName, string group)
		{
			//find the group in LDAP. If not able to, abort and return false.
			System.DirectoryServices.DirectorySearcher GroupSearch = new System.DirectoryServices.DirectorySearcher("(cn=" + group + ")");
			System.DirectoryServices.SearchResultCollection FindGroup = GroupSearch.FindAll();
			if (FindGroup.Count <= 0)
			{
				FindGroup.Dispose();
				GroupSearch.Dispose();
				return false;
			}

        
			//find the members of the group (either subdirectories or members)
			//return true if Username is in the directory or subdirectory via recursion
			foreach (System.DirectoryServices.SearchResult FoundGroup in FindGroup)
			{
				foreach(string key in FoundGroup.Properties["member"])
				{
					if (IsInGroupRecursive(userName.ToLower(), key))
					{
						FindGroup.Dispose();
						GroupSearch.Dispose();
						return true;
					}
				}
			}

			FindGroup.Dispose();
			GroupSearch.Dispose();
			return false;
		}

	
		/// <summary>
		/// <para>Groupsearch, the core of the SearchGroup function.</para>
		/// <para>Searches a particular group for a username, given a path.</para>
		/// <para>username is found by cn=, possible adaptation would be to allow a property to be passed in.</para>
		/// <note>DO NOT include domain name. (i.e. "AD\")</note>
		/// </summary>
		/// <param name="username">Username to check against LDAP.</param>
		/// <param name="path">LDAP path for search for a user.</param>
		/// <returns>true if a user with Username is found in Group or any subgroup of Group</returns>
		private static bool IsInGroupRecursive(string username, string path)
		{
			//Test if a directory is the correct user.
			System.DirectoryServices.DirectoryEntry CurrentGroup = new System.DirectoryServices.DirectoryEntry(@"LDAP://"+path);

			if (CurrentGroup.Properties["cn"].Value.ToString().ToLower().Equals(username))
			{
				CurrentGroup.Dispose();
				return true;
			}
			else //search all subdirectories recursively.
			{
				foreach (string key in CurrentGroup.Properties["member"])
				{
					if (IsInGroupRecursive(username, key))
					{
						CurrentGroup.Dispose();
						return true;
					}
				}
			}

			CurrentGroup.Dispose();
			return false;
		}
		#endregion

Open in new window

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now