CODEWITHSUNDEEP
c#.netldap
user2739418
user2739418

Reputation: 1631

LDAP Find groups for a Active Directory User in .NET

I am trying to validate user with LDAP and return all the groups (to which) user belong:

I am able to validate but not able to get all the groups.

Following code working on local machine but return errors on when deployed on server. 

public bool Authenticate1(string userName, string password, ref List<string> List)
        {
            const int ERROR_LOGIN_FAILURE = -2147023570;
            DirectoryEntry root = new DirectoryEntry("LDAP://rootDSE", userName, password, AuthenticationTypes.Secure);
            using (root)
            {
                try
                {
                        Object temp = root.NativeObject;
                        string defaultNamingContext = "";
                        defaultNamingContext = root.Properties["defaultNamingContext"].Value.ToString();
                        DirectoryEntry default1 = new DirectoryEntry("LDAP://" + defaultNamingContext, userName, password, AuthenticationTypes.Secure);
                        DirectorySearcher dSearch = new DirectorySearcher(default1.Path);
                        dSearch.Filter = "(SAMAccountName=" + userName + ")";
                        dynamic a = dSearch.FindOne();
                        **DirectoryEntry obUser = new DirectoryEntry(a.Path);**
                        object obGroups = obUser.Invoke("Groups");
                        foreach (object ob in (IEnumerable)obGroups)
                        {
                            // Create object for each group.
                            DirectoryEntry obGpEntry = new DirectoryEntry(ob);
                            dynamic vGroup = obGpEntry.Name;
                            vGroup = vGroup.Substring(vGroup.IndexOf("=") + 1, vGroup.Length - vGroup.IndexOf("=") - 1);
                            List.Add(vGroup);
                        }
                    return true;
                }
                catch (System.Runtime.InteropServices.COMException ex)
                {
                    List.Add(ex.Message);
                    List.Add(ex.ToString());
                    if (ex.ErrorCode != ERROR_LOGIN_FAILURE)
                    {
                        throw;
                    }
                    return false;
                }
            }
        }

In this code following line throw error

DirectoryEntry obUser = new DirectoryEntry(a.Path);

Object reference not set to an instance of an object. On server pool is running under ApplicationPoolIdentity. As per company policy it should run under that.

Not sure what I am missing here on server?

Cheers Harry!

Upvotes: 0

Views: 1079

Answers (1)

marc_s
marc_s

Reputation: 754220

If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
    // find a user
    UserPrincipal user = UserPrincipal.FindByIdentity(ctx, userName );

    if(user != null)
    {
       // get the user's groups
       PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();

       foreach(GroupPrincipal gp in groups.OfType<GroupPrincipal>)
       {
          // do something with the group
       }
    }
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!

Upvotes: 1

Related Questions