<img alt="" src="https://secure.leadforensics.com/150446.png " style="display:none;">
Go to top icon

How to Retrieve Active Directory Information for Authentication in ASP.NET

Swapna Patne Jan 14, 2013

Active Directories Lightweight Directory Access Protocol C#.NET LDAP ASP.NET Microsoft .Net Technology

Introduction

Hello Friends, I would like to share some of my interesting findings for retrieving the Active Directory information for authentication in web application using C#.NET.

So let’s move on to the implementation details.

Life has been made easy with the introduction of the System.DirectoryServices.dll library in .Net Framework. There's a simple function which I have written that does the Forms/Window authentication to permit users to authenticate against Active Directory using the Lightweight Directory Access Protocol (LDAP).

This custom function basically takes a username, and tries to authenticate it on the given LDAP (Active Directory).

The code below demonstrates the same.

Add the reference to the System.DirectoryServices.dll. Then, include the library in your page:

using System.DirectoryServices;

I have created a custom static class for accessing all Active Directory properties

public static class ADProperties
{
	public const string ACCOUNTEXPIRES = "accountExpires";
	public const string ADMINCOUNT = "adminCount";
	public const string BADPASSWORDTIME = "badPasswordTime";
	public const string BADPWDCOUNT = "badPwdCount";
	public const string CITY = "l";
	public const string CODEPAGE = "codePage";
	public const string COMPANY = "company";
	public const string CONTAINERNAME = "cn";
	public const string COUNTRY = "co";
	public const string COUNTRYCODE = "countryCode";
	public const string COUNTRYNOTATION = "c";
	public const string DEPARTMENT = "department";
	public const string DIRECTREPORTS = "directReports";
	public const string DISPLAYNAME = "displayName";
	public const string DISTINGUISHEDNAME = "distinguishedName";
	public const string DSCOREPROPAGATIONDATA = "dSCorePropagationData";
	public const string EMAILADDRESS = "mail";
	public const string EXTENSION = "ipPhone";
	public const string FAX = "facsimileTelephoneNumber";
	public const string FIRSTNAME = "givenName";
	public const string HOMEMDB = "homeMDB";
	public const string HOMEMTA = "homeMTA";
	public const string HOMEPHONE = "homePhone";
	public const string INSTANCETYPE = "instanceType";
	public const string LASTLOGOFF = "lastLogoff";
	public const string LASTLOGON = "lastLogon";
	public const string LASTLOGONTIMESTAMP = "lastLogonTimestamp";
	public const string LASTNAME = "sn";
	public const string LEGACYEXCHANGEDN = "legacyExchangeDN";
	public const string LOGINNAME = "sAMAccountName";
	public const string LOGONCOUNT = "logonCount";
	public const string MAILNICKNAME = "mailNickname";
	public const string MANAGER = "manager";
	public const string MDBUSEDEFAULTS = "mDBUseDefaults";
	public const string MEMBEROF = "memberOf";
	public const string MIDDLENAME = "initials";
	public const string MOBILE = "mobile";
	public const string MSEXCHHOMESERVERNAME = "msExchHomeServerName";
	public const string MSEXCHMAILBOXGUID = "msExchMailboxGuid";
	public const string MSEXCHMAILBOXSECURITYDESCRIPTOR = "msExchMailboxSecurityDescriptor";
	public const string MSEXCHPOLICIESINCLUDED = "msExchPoliciesIncluded";
	public const string MSEXCHRECIPIENTDISPLAYTYPE = "msExchRecipientDisplayType";
	public const string MSEXCHRECIPIENTTYPEDETAILS = "msExchRecipientTypeDetails";
	public const string MSEXCHUSERACCOUNTCONTROL = "msExchUserAccountControl";
	public const string MSEXCHVERSION = "msExchVersion";
	public const string NAME = "name";
	public const string NTSECURITYDESCRIPTOR = "nTSecurityDescriptor";
	public const string OBJECTCATEGORY = "objectCategory";
	public const string OBJECTCLASS = "objectClass";
	public const string OBJECTGUID = "objectGUID";
	public const string OBJECTSID = "objectSid";
	public const string PAGER = "pager";
	public const string PHYSICALDELIVERYOFFICENAME = "physicalDeliveryOfficeName";
	public const string POSTALCODE = "postalCode";
	public const string PRIMARYGROUPID = "primaryGroupID";
	public const string PROXYADDRESSES = "proxyAddresses";
	public const string PWDLASTSET = "pwdLastSet";
	public const string SAMACCOUNTTYPE = "sAMAccountType";
	public const string SERVICEPRINCIPALNAME = "servicePrincipalName";
	public const string SHOWINADDRESSBOOK = "showInAddressBook";
	public const string STATE = "st";
	public const string STREETADDRESS = "streetAddress";
	public const string TITLE = "title";
	public const string USERACCOUNTCONTROL = "userAccountControl";
	public const string USERPRINCIPALNAME = "userPrincipalName";
	public const string USNCHANGED = "uSNChanged";
	public const string USNCREATED = "uSNCreated";
	public const string WHENCHANGED = "whenChanged";
	public const string WHENCREATED = "whenCreated";
}

You can use the following function along with forms based authentication or it can used just to check a user's credentials. It takes the following input variables:

username: The user's account name. It can be prefixed by the domain;

e.g., mydomaintom or just username ex: tom..

public void GetActiveDirectoryDetails(string username)
    {
DirectorySearcherdirectorysearcher = new DirectorySearcher();
        var path = directorysearcher.SearchRoot.Path;
        DirectoryEntry dirEntry = new DirectoryEntry(path);
        DirectorySearcher dirSearcher = new DirectorySearcher(dirEntry) { Filter = "(" + ADProperties.LOGINNAME + "=" + username+ ")" };

        SearchResult result = dirSearcher.FindOne();

        if (result != null)
        {
            if (result.Properties.Contains(ADProperties.FIRSTNAME))
            {
                firstName = Convert.ToString(result.Properties[ADProperties.FIRSTNAME][0]);
            }
            if (result.Properties.Contains(ADProperties.LASTNAME))
            {
                lastName = Convert.ToString(result.Properties[ADProperties.LASTNAME][0]);
            }
            if (result.Properties.Contains(ADProperties.EMAILADDRESS))
            {
                emailId = Convert.ToString(result.Properties[ADProperties.EMAILADDRESS][0]);
            }
            if (result.Properties.Contains(ADProperties.DEPARTMENT))
            {
                department = Convert.ToString(result.Properties[ADProperties.DEPARTMENT][0]);
            }

        }
    }

The below code will help you to fetch the Groups from the Active Directory

public string GetGroups(string param)
{
    DirectorySearcher directorysearcher = new DirectorySearcher();
    var path = directorysearcher.SearchRoot.Path;

    DirectoryEntry dirEntry = newDirectoryEntry(path);
    DirectorySearcher dirSearcher = new DirectorySearcher(dirEntry) { Filter = "(" + ADProperties.LOGINNAME + "=" + param + ")" };

    SearchResult result = dirSearcher.FindOne();
    StringBuildergroupNames = new StringBuilder();

    try
    {

        int propertyCount = result.Properties["memberOf"].Count;
        string dn;
        int equalsIndex, commaIndex;

        for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
        {
            dn = (string)result.Properties["memberOf"][propertyCounter];
            equalsIndex = dn.IndexOf("=", 1);
            commaIndex = dn.IndexOf(",", 1);
            if (-1 == equalsIndex)
            {
                return null;
            }
            groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
            groupNames.Append("|");
        }
    }
    catch (Exception ex)
    {
        throw new Exception("Error obtaining group names. " + ex.Message);
    }

	return groupNames.ToString();
}

So friends, I hope this will help you to get all Active Directories in a single custom file.

Similar Blog

e-Zest is a leading digital innovation partner for enterprises and technology companies that utilizes emerging technologies for creating engaging customers experiences. Being a customer-focused and technology-driven company, it always helps clients in crafting holistic business value for their software development efforts. It offers software development and consulting services for cloud computing, enterprise mobility, big data and analytics, user experience and digital commerce.