Das Blog

Debugging one line at a time
$1*/ mo WordPress hosting! Get going with GoDaddy!
Menu
  • Home
  • Coding
    • Entity Framework
    • MVC
    • NHibernate
  • JavaScript
    • TypeScript
  • Hosting
  • SEO
  • Social
  • Database
    • MySql
    • SSIS
  • WP
  • Other
    • CakePHP
    • Error Messages
    • Google Maps
Home
Coding
Using DirectoryServices to access Active Directory User’s Credentials
Coding

Using DirectoryServices to access Active Directory User’s Credentials

Codex Discipulus January 28, 2010
Use DirectoryServices to query AD

Use DirectoryServices to query AD

There will be times when using the Active Directory Membership to provide authentication to a web application is just not feasible. But the requirement can still be to match an Active Directory user to an entry at the application’s database. Thankfully Microsoft has provided developers with a good abstraction to access Active Directory (System.DirectoryServices). As part of my research I decided to create a small console application that will communicate with Active Directory, get a list of all users belonging to a specific group, be able to get all properties (like displayName, physicalDeliveryOfficeName, homeDirectory, countryCode, sAMAccountName, etc.) from the user’s Active Directory entry and specifically convert the objectsid (byte[] array) to a string representing the SID.

The namespace System.DirectoryServices provides access to Active Directory Domain Services and allows you to connect to Active Directory and search for objects within this special database.

using System.DirectoryServices namespace

using System.DirectoryServices namespace

DirectoryEntry represents an object in the Active Directory Domain Services tree hierarchy. By connecting you establish the returned object as your root for next searches. For this connection to happen you need to provide the path (in my case was the standard LDAP path, example: “LDAP://mydomainAD.net“) and your security credentials. Is best to ask your local AD Admin to setup an account for this application.

DirectoryEntry

DirectoryEntry

Next we need to perform a search and get our results:

Active Directory DirectorySearcher

Active Directory DirectorySearcher

When creating an instance of DirectorySearcher, the first parameter DirectoryEntry (created in the last step) is optionally. It will set your starting point for searching if present, but if not it will default to your current domain.
The second parameter is my filter to search and return only objects belonging to the specified group (setup was done separately in a config file).
You retrieve your results (collection of SearchResult, SearchResultCollection) by calling the FindAll method.

Another call to DirectoryEntry but passing each member’s information returns the AD properties for such user and allows me to query each of its properties like (sAMAccountName, name, homeDirectory, etc.)

Active Directory ResultPropertyCollection

Active Directory ResultPropertyCollection

I am interested in one particular property, the user’s “objectSid“. Once I have the value (byte[]) I pass it to another method to transform it to a security token (SID).

SecurityIdentifier

SecurityIdentifier

I used a SecurityIdentifier to transform the byte[] to a meaningful SID token. All happening within Windows’ own methods.

The resulting value (SID formatted) is: “S-1-5-21-1348824495-855021684-617735142-29890”

You can download this code sample: PublishADProperties.cs

Share
Tweet
Google+
Linkedin
Stumble
Email
Prev Article
Next Article

Related Articles

Setup Sql Membership tables
There are many reason for having to setup the SQL …

Setup Sql Membership tables

Token Authentication is a very popular method to secure a …

Step by Step Token based Authentication in Web Api 2 via OWIN

About The Author

Codex Discipulus

Hello, my name is David and I am a disciple of coding, always learning and always ready to help. Welcome to my blog, I hope you find it useful, please send your comments and share an article with your friends.

Leave a Reply

Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent Posts

  • Hosting ASP.Net Core 3.x Worker Service as …
    Using the Worker template now is possible to host an …
  • Calling an HTTPS WCF Service from Net …
    We all know how to call a WCF service from …
  • How to Add a VS Code Project …
    Let’s try to add a Visual Studio Code project to …
  • Step by Step Token based Authentication in …
    Token Authentication is a very popular method to secure a …
  • How to Ignore NuGet Packages in TFS …
    This should be a short post. It is really just …

Categories

  • CakePHP
  • Coding
  • Database
  • Entity Framework
  • Error Messages
  • General
  • Google Maps
  • Hosting
  • JavaScript
  • MVC
  • MySql
  • Net Core
  • NHibernate
  • SEO
  • SSIS
  • TypeScript
  • Wordpress

Tags

ActiveDirectory analytics apps aspnet CakePHP coding database projects design patterns entity framework error messages fatcow first steps ftp github gitlab godaddy google maps api hangfire Hosting iis7 java javascript membership MVC MySql NHibernate nuget nuget packages oracle owin repository SEO sharp ssis t4 tfs thesis token authentication typescript vs2010 vs2015 vs2017 web api Wordpress wp-pagenavi

Das Blog

Debugging one line at a time
Copyright © 2020 Das Blog
ScottsdaleWebStudio.com © All Rights Reserved 2017