Reputation: 7352
How to access a user's folder on Active Directory with his username and password?
I have a system where there are some users registered as Active Directory users. And they have some of their folders redirected to a directory in our server.
In my test environment there are 2 users User1 and User2 and they have their Documents folders redirected to my server.
User1's folder resides under\\netapp\profiles\User1\DocumentsUser2's folder resides under\\netapp\profiles\User2\Documents
And below is the server structure my admin provided me.
dc.myDomain ->
DNS, DHCP, ADDrive.myDomain -> the server my web application will run on
W8User1.myDomain -> User1
W8User2.myDomain -> User2
What I am trying to do is to provide them the ability to see their files from a web application that I will develop. I am pretty new to this Active Directory stuff and not even sure if it is even possible or not. Here is what I have so far.
using ( var context = new PrincipalContext(ContextType.Domain, "<myDomain>", "DriveAdmin@<myDomain>", "password") )
{
//Username and password for authentication.
if ( context.ValidateCredentials("User1@<myDomain>", "password") )
{
var de = new DirectoryEntry(@"LDAP://<myDomain>", "User1@<myDomain>", "password");
DirectorySearcher searcher = new DirectorySearcher(de);
var r1 = "";
foreach ( SearchResult s in searcher.FindAll() )
r1 += s.Path + "<br>";
var r2 = "";
foreach ( var d in Directory.GetDirectories(@"\\netapp\profiles\User1") )
r2 += d + "<br>";
}
else /// unauthorized;
}
The validation works fine.
r1 gives me a lot of records that I don't have a use of and don't understand eg.
LDAP://bilgiturk.depo/..blah blah DC.. blah blah OU.. and so
And I can't even get r2 as you would guess it gives Access Denied exception.
Is is doable? When I seach for Active Directory C# things on net I only come across with Active Direcrory administration operations like add user create group and things like that. So I started to get the feeling that it is not even possible? Please guide me.
Upvotes: 2
Views: 2384
Answers (1)
Reputation: 754220
You can read out the user's name, and his home directory, from Active Directory - but you CANNOT read the user's password, so you cannot impersonate that user to get access to his home directory.
You do have two options, however:
if you get the user's credentials (user name and password) from him directly, you can impersonate that user, and under that user's context, you should be able to get a listing of all the files and folders in his own home directory (see Rick Strahl's blog post for one way to do it)
if you can run the web application under a specific account that has (read-only, read directory) access to all the user's home folders, you could even avoid having to do impersonation (but in that case, your ASP.NET app's account needs extended access privileges)
Upvotes: 2
Related Questions
- C# authenticate user under LDAP Domain
- c# Grant user access to network folder using ad service account
- access a directory in a domain by username and password
- Getting the password of a user from active directory
- Fetch all users in active directory in a specified folder
- LDAP Path And Permissions To Query Local User Directory?
- getting an active directory user in C#
- How to get the current user's Active Directory details in C#
- How I get the users of a folder in Active Directory?
- LDAP Authentication using DirectoryEntry