C# Get Domain Active directory Information by Windows Credentials
I've been searching a lot on the web for Active Directories and windows authentications. I've succeded on getting the User information from the Domain AD but I had to pass the User name AND PASSWORD. So to put you into my context :
I have a Domain where I've set my users. Each Users will be connecting to the domain with their given credentials. So they will log into their PC and when they open a VS 2013 C# application it will check if the users Exists on the Domain if he does then return the AD information if the users doesn't exist then show a Login Page to enter the Credentials. Since I can have external users connecting to my Domain etc ...
right now I cannot access the AD with the user's windows authentication it gives me a Unkown error on the Search.FindOne();
public static void GetActiveDirectoryUser(string UserName)
{
try
{
// Create LDAP connetion object
DirectoryEntry ldapConnection = CreateDirectoryEntry();
// Create Search object which operates on LDAP connection object
// and set search object to only find the user specified
DirectorySearcher search = new DirectorySearcher(ldapConnection);
// Create results objects from search object
SearchResult result = search.FindOne();
if (result != null)
{
// User exists, cycle through LDAP fields (cn, telephonenumber, etc.)
ResultPropertyCollection fields = result.Properties;
foreach (string ldapField in fields.PropertyNames)
{
// Cycle through objects in each field e.g group membership
foreach (Object objCollection in fields[ldapField])
{
Console.WriteLine(String.Format("{0, -20} : {1}", ldapField, objCollection.ToString()));
}
}
}
}
catch (Exception e)
{
Console.WriteLine("Exception Caught:\n\n" + e.ToString());
}
}
static DirectoryEntry CreateDirectoryEntry()
{
string pathDomainName = "WinNT://MyDomain/Fred,Person";
DirectoryEntry ldapConnection = new DirectoryEntry(pathDomainName);
return ldapConnection;
}
This is the error I'm getting
System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindOne()
but when I use this string
string pathDomainName = "LDAP://MyDomain";
DirectoryEntry directoryEntry = new DirectoryEntry(pathDomainName, "Fred", "f12345!");
it works, it returns me all the AD for the user, but I've already logged in with the windows authentication, why would I pass the credentials again ? I just need to know that if the user exists on the domain that's it
Thanks
Sam1 Answer
If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:
- Managing Directory Security Principals in the .NET Framework 3.5
- MSDN docs on System.DirectoryServices.AccountManagement
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
if(user != null)
{
// do something here....
}
// or alternatively: get the currently logged in user
UserPrincipal current = UserPrincipal.Current;
.....
}
The new S.DS.AM makes it really easy to play around with users and groups in AD!
marc_sUser contributions licensed under CC BY-SA 3.0