C# Get Domain Active directory Information by Windows Credentials

Question

I've been searching a lot on the web for Active Directories and windows authentications. I've succeded on getting the User information from the Domain AD but I had to pass the User name AND PASSWORD. So to put you into my context :

I have a Domain where I've set my users. Each Users will be connecting to the domain with their given credentials. So they will log into their PC and when they open a VS 2013 C# application it will check if the users Exists on the Domain if he does then return the AD information if the users doesn't exist then show a Login Page to enter the Credentials. Since I can have external users connecting to my Domain etc ...

right now I cannot access the AD with the user's windows authentication it gives me a Unkown error on the Search.FindOne();

public static void GetActiveDirectoryUser(string UserName) 
    {
        try
        {
            // Create LDAP connetion object
            DirectoryEntry ldapConnection = CreateDirectoryEntry();

            // Create Search object which operates on LDAP connection object
            // and set search object to only find the user specified
            DirectorySearcher search = new DirectorySearcher(ldapConnection);

            // Create results objects from search object
            SearchResult result = search.FindOne();

            if (result != null)
            {
                // User exists, cycle through LDAP fields (cn, telephonenumber, etc.)
                ResultPropertyCollection fields = result.Properties;

                foreach (string ldapField in fields.PropertyNames)
                {
                    // Cycle through objects in each field e.g group membership
                    foreach (Object objCollection in fields[ldapField])
                    {
                        Console.WriteLine(String.Format("{0, -20} : {1}", ldapField, objCollection.ToString()));
                    }
                }
            }
        }
        catch (Exception e)
        {
            Console.WriteLine("Exception Caught:\n\n" + e.ToString());
        }
    }

    static DirectoryEntry CreateDirectoryEntry()
    {
        string pathDomainName = "WinNT://MyDomain/Fred,Person";

        DirectoryEntry ldapConnection = new DirectoryEntry(pathDomainName);

        return ldapConnection;
    }

This is the error I'm getting

System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()

but when I use this string

string pathDomainName = "LDAP://MyDomain";
DirectoryEntry directoryEntry = new DirectoryEntry(pathDomainName, "Fred", "f12345!");

it works, it returns me all the AD for the user, but I've already logged in with the windows authentication, why would I pass the credentials again ? I just need to know that if the user exists on the domain that's it

Thanks

Answer 1

If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

• Managing Directory Security Principals in the .NET Framework 3.5
• MSDN docs on System.DirectoryServices.AccountManagement

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
    // find a user
    UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

    if(user != null)
    {
       // do something here....     
    }

    // or alternatively: get the currently logged in user
    UserPrincipal current = UserPrincipal.Current;

    .....
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!