473,387 Members | 1,453 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > active directory

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Active Directory

I am trying to determine if the logged in user belongs to an Active
Directory Group. I have started with these code snippets:

WindowsIdentity id = WindowsIdentity.GetCurrent();
IdentityReferenceCollection irc = id.Groups;

This only returns the ID of the groups, I need the AD Group Name.

string adPath = "LDAP://MyDom.com";
DirectoryEntry entry = new DirectoryEntry(adPath);
string userName = HttpContext.Current.User.Identity.Name.ToString();
string name = userName.Substring(userName.IndexOf(@"\") + 1);
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.Filter = "(cn=" + name + ")";
mySearcher.PropertiesToLoad.Add("memberOf");
mySearcher.PropertiesToLoad.Add("cn");
StringBuilder groupNames = new StringBuilder();
SearchResult result = mySearcher.FindOne();
DirectoryEntry userEntry = result.GetDirectoryEntry();
int propertyCount = result.Properties["memberOf"].Count;

The propertyCount comes back as 0.

What am I doing wrong? Any help greatly appreciated.
Mar 10 '06 #1
9 3289
Is your application running with full trust? The PropertiesToLoad
property requires full trust. Check out this link, at the bottom it
has the security requirements.

http://msdn.microsoft.com/library/de...oloadtopic.asp

HTH,
Darren Kopp
http://blog.secudocs.com/

Mar 10 '06 #2
I am running this in my local test environment. How do I set up full trust?
Mar 10 '06 #3
I am running IIS6 and VS2005
Mar 10 '06 #4
Check out these links, they have good descriptions of what you need to
do (both in code and framework configuration).

http://cyberforge.com/weblog/aniltj/...04/27/486.aspx
http://msdn.microsoft.com/library/de...aght000017.asp
(asp.net 2.0)
http://msdn.microsoft.com/library/de...AGHT000020.asp
(asp.net 2.0)
http://support.microsoft.com/default...b;en-us;815164

I'm not positive that is your problem, though it may be suspect. I
would think it would throw a security exception or something, but
documentation says that it may just "not work correctly".

HTH,
Darren Kopp
http://blog.secudocs.com/

Mar 10 '06 #5
I set the Trust to Full for the System.DirectoryServices.DLL to no avail.

I kinda agree, that if that was the issue, I would see a security issue.

To test that, I set the web app to "High" vs. "Full" and received a security
error
Mar 10 '06 #6
On Fri, 10 Mar 2006 19:12:35 GMT, Ernest Griffin wrote:
I am trying to determine if the logged in user belongs to an Active
Directory Group.
You're going to have to provide a little more information. When you say
"logged in user", what do you mean?

Do you mean the user logged in to their local machine accessing your web
page?

Do you mean the user is logged in to the web page using the ASP.NET 2.0
Login Controls?

Do you mean the user is logged in to the web page using some custom code
you (or someone else) wrote?
I have started with these code snippets:

WindowsIdentity id = WindowsIdentity.GetCurrent();
IdentityReferenceCollection irc = id.Groups;

This only returns the ID of the groups, I need the AD Group Name.


I assume you're using ASP.NET 2.0, since Groups is a new property added in
2.0 on WindowsIdentity.

Why not just use the role provider methods used by ASP.NET, set the role
provider to use WindowsTokenRoleProvider, then you can just do
Role.GetRolesForUser()?
Mar 10 '06 #7
This is running in an internal web site.
External Users will be challenged with windows authentication.
The users will be loggin into the local domain.
The users will browse to pages.
I will determine who they are (I can do that successfully)
I will query the LDAP to see what groups they are in.
Depending on the result, I will show different items.
I am using IIS6
I am using .NET 2.0 and 1.1
I am using VS2005
I am using SQL2000
This is within a WSS Web part.
Mar 10 '06 #8
Here is the code that worked From Start to Finish

WindowsIdentity id = WindowsIdentity.GetCurrent();
IdentityReferenceCollection irc = WindowsIdentity.GetCurrent().Groups;
string[] strArray = new string[irc.Count];
int t = 0;
foreach(IdentityReference ir in irc)
{
IdentityReference account = ir.Translate(typeof(NTAccount));
strArray[t] = account.Value;
t++;
}
Mar 10 '06 #9
On Fri, 10 Mar 2006 21:40:41 GMT, Ernest Griffin wrote:
This is running in an internal web site.
External Users will be challenged with windows authentication.
I assume what you mean is you will use basic authentication for external
users. Be aware that this sends passwords in clear text. Hopefully,
you're using SSL.
The users will be loggin into the local domain.


External users will have to use a domain qualifier, and this can be
annoying to many users. For example, they may have to type
"DOMAIN\username" rather than just "username". There is no reliable method
to avoid this other than using Forms Authentication, and then you don't get
the automatic WindowsIdentity.

I see below that you already have a solution that works for you. Just be
aware that there are several gotcha's when dealing with Windows Identities
when using external (non-domain attached) computers.
Mar 11 '06 #10
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
Cannot See a Newly Installed SQL Server 2000 (No Active Directory)
by: Jay Chan | last post by:
We have just installed a SQL Server 2000 (SP 3A) onto a computer that has Windows-2003 Server on it. Now, we cannot get access to that database server from other computers. Seem like this may be an...
Microsoft SQL Server
0
Active Directory Error - The server is unwilling to process the request
by: microsoft | last post by:
Hi People, when I try to modify an active directory user programatically, I receive the following exception: The server is unwilling to process the request Reading the microsoft web site, I...
.NET Framework
9
windows2003 active directory problems
by: Mario Rodriguez | last post by:
Hi people. I have a problem adding users to Win2003 active directory programatically. When I execute my app throws the following exception: .................The specified directory service...
.NET Framework
4
current user in Active Directory
by: ASGMikeG | last post by:
Hi, How do I find the user object for the current user in Active Directory i.e. the user running my program ? Regards Michael
.NET Framework
1
Problem querying LDAP and/or Active Directory
by: Andrew | last post by:
Hey all, Working on revamping our Intranet here and making use of the LDPA, Active Directory, Directory Services, etc. that .Net provides. I am still fairly new on this subject, so the problem...
ASP.NET
6
adding user in active directory
by: Leo_Surf | last post by:
Hello, I need your help adding user in Active Directory from ASP.net website. Could any one provide me the complete code for the html page. As this is my curriculam project and I dont have any...
ASP.NET
1
Problem retrieving Active Directory users
by: tangus via DotNetMonster.com | last post by:
Hello all, I'm really struggling with getting some Active Directory code to work in ASP.NET. Can you please provide assistance? I am executing the following code: Dim enTry As DirectoryEntry =...
ASP.NET
10
Windows Authentication through Active Directory
by: Hriday | last post by:
Hi there, Please help me..It is urgent This is Hriday, working on windows authentication with Active Directory... My requirment is when a user sends a request to my web Applicatoin I want to...
Visual Basic .NET
0
[Active Directory] On what ground does LDAP connect to Active Directory
by: RTT | last post by:
here is my current situation. I develop a program on my computer's localhost. From there i contact Active directory succesfull using a connectionstring like:...
Visual Basic .NET
2
Populating a DDL with users from Active Directory
by: Jim in Arizona | last post by:
My goal, somehow, is to populate a dropdownlist with all the user names in active directory. I don't even know where to begin, really. I added a reference to System.DirectoryServices so I could...
ASP.NET
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!