Reputation: 1
Limitation on using PrincipalContext & DomainContext, to retrive Active directory users
I have added the following code inside my asp.net mvc web application model class, to retrive the current AD users:-
public List<DomainContext> GetADUsers(string term=null)
{
List<DomainContext> results = new List<DomainContext>();
string ADServerName = System.Web.Configuration.WebConfigurationManager.AppSettings["ADServerName"];
using (var context = new PrincipalContext(ContextType.Domain, ADServerName))
using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
{
var searchResults = searcher.FindAll();
foreach (Principal p in searchResults)
{
if (term == null || p.SamAccountName.ToString().ToUpper().StartsWith(term.ToUpper()))
{
DomainContext dc = new DomainContext();
dc.DisplayName = p.DisplayName;
dc.UserPrincipalName = p.UserPrincipalName;
dc.Name = p.Name;
dc.SamAccountName = p.SamAccountName ;
dc.DistinguishedName = p.DistinguishedName;
results.Add(dc);
}
}
}
return results;
}
I am now on the development machine , where AD is on the same machine as the asp.net mvc web application runs. And there is no need to provide username or password to access the AD. But I have the following questions about using my above approach on production server :-
Will the same approach work well if the AD and the asp.net mvc (deployed on IIS ) are not on the same machine?
Will I be able to provide username and password to access the active directory?
What are the general requirements I should achieve to be able to allow the Domaincontext class to access AD on remote servers ?
Thanks I advance for any help. Regards
Upvotes: 0
Views: 688
Answers (1)
Reputation: 16595
I think you're asking if you're able to use the same code if the web server is not apart of the Active Directory domain. PrincipalContext does have an overload for username and password to allow for credentials to be used to connect, instead of relying on the machine having enough permissions to read from the directory.
As for permissions, grant as few as possible. I would get your system administrator involved to create a the account. You maybe able to use Service Accounts which were introduced in Windows Server 2008 to allow for the authentication to happen.
Upvotes: 1
Related Questions
- Accessing user details using Active Directory in an ASP.NET Core MVC app with Windows authentication
- How to use PrincipalContext in .NET Core 2.0
- Using PrincipalContext in the Global.asax to get AD information
- Getting users from another AD Domain using PrincipalContext
- Using PrincipalContext & PrincipalSearcher to access Active Directory users from separate server
- How to pass a UserPrincipal with PrincipalContext inside ASP.NET MVC
- How to return user details from the Active Directory using PrincipalContext
- How to use PrincipalContext with MVC Web Application
- Getting all users from Active Directory PrincipalContext
- Unknown error (0x5011) with ActiveDirectory PrincipalContext