check if user belong to a domain against active directory without impersonation

Discussion in 'ASP .Net' started by Caspy, Aug 3, 2005.

  1. Caspy

    Caspy Guest

    I just get stuck on how to check if a user is a member of network (domain).
    I am building an internal tracking system with ASP.Net with Form
    authentication. When an user is added into the system, it check if the user
    is a member of the domain account against Global Catalog. If not, the user
    is not allowed to added in. If is, get the user's first name and last name
    and insert into the database.
    Because the system need access to other resource, I don't want to use
    impersonation. Changing WindonIdentity with impersonation at run time is
    also not a choice because the web server is running on Windows 2000. Based
    on the Security context, how to check if a user in the system or not? Thank
    you in advance.

    --Caspy
    Caspy, Aug 3, 2005
    #1
    1. Advertising

  2. RE: check if user belong to a domain against active directory without

    hi,

    These links were useful for a similar scenario for me.
    http://www.dotnet247.com/247reference/msgs/4/20782.aspx
    http://www.dotnet247.com/247reference/msgs/51/256427.asp
    http://www.dotnet247.com/247reference/System/Data/PropertyCollection/__discussions

    hope this helps
    --
    Kannan.V
    Home : http://www.kannanv.com
    Blog : http://kannanv.blogspot.com
    Web : http://www.DotnetLounge.net

    "Any one who has never made a mistake has never tried anything new" - Einstein


    "Caspy" wrote:

    > I just get stuck on how to check if a user is a member of network (domain).
    > I am building an internal tracking system with ASP.Net with Form
    > authentication. When an user is added into the system, it check if the user
    > is a member of the domain account against Global Catalog. If not, the user
    > is not allowed to added in. If is, get the user's first name and last name
    > and insert into the database.
    > Because the system need access to other resource, I don't want to use
    > impersonation. Changing WindonIdentity with impersonation at run time is
    > also not a choice because the web server is running on Windows 2000. Based
    > on the Security context, how to check if a user in the system or not? Thank
    > you in advance.
    >
    > --Caspy
    >
    >
    >
    =?Utf-8?B?S2FubmFuLlYgW01DU0QubmV0XQ==?=, Aug 3, 2005
    #2
    1. Advertising

  3. Caspy

    Caspy Guest

    Re: check if user belong to a domain against active directory without

    Thanks for your reply. Actually, I have the code block work fine in WinApps
    to access to LDAP. It also works in ASP.Net with windows authentication and
    imperonation enabled. I just cannot make it work in form authentication
    without imperonation. The problem is how to set the security context.

    Here is the method:

    public static bool FindUser(string identification, ref string FirstName,
    ref string LastName)
    {
    bool result = false;
    string _path = "GC://";

    // Setup the filter
    identification = identification.Substring(identification.LastIndexOf(@"\")
    + 1,
    identification.Length - identification.LastIndexOf(@"\")-1);
    string userNameFilter =
    string.Format("(&(ObjectClass=Person)(SAMAccountName={0}))",
    identification);

    // Get a Directory Searcher to the LDAPPath
    DirectorySearcher searcher = new DirectorySearcher(_path);
    if (searcher == null)
    {
    return false;
    }

    // Add the properties that need to be retrieved
    searcher.PropertiesToLoad.Add("givenName");
    searcher.PropertiesToLoad.Add("sn");

    // Set the filter for the search
    searcher.Filter = userNameFilter;

    try
    {
    // Execute the search
    SearchResult search = searcher.FindOne();

    if (search != null)
    {
    FirstName = SearchResultProperty(search, "givenName");
    LastName = SearchResultProperty(search, "sn");
    result = true;
    }
    else
    result = false;
    }
    catch (Exception ex)
    {
    result = false;
    }

    return result;
    }


    Thanks,

    --Capsy

    "Kannan.V [MCSD.net]" <> wrote in
    message news:...
    > hi,
    >
    > These links were useful for a similar scenario for me.
    > http://www.dotnet247.com/247reference/msgs/4/20782.aspx
    > http://www.dotnet247.com/247reference/msgs/51/256427.aspx
    >

    http://www.dotnet247.com/247reference/System/Data/PropertyCollection/__discussions
    >
    > hope this helps
    > --
    > Kannan.V
    > Home : http://www.kannanv.com
    > Blog : http://kannanv.blogspot.com
    > Web : http://www.DotnetLounge.net
    >
    > "Any one who has never made a mistake has never tried anything new" -

    Einstein
    >
    >
    > "Caspy" wrote:
    >
    > > I just get stuck on how to check if a user is a member of network

    (domain).
    > > I am building an internal tracking system with ASP.Net with Form
    > > authentication. When an user is added into the system, it check if the

    user
    > > is a member of the domain account against Global Catalog. If not, the

    user
    > > is not allowed to added in. If is, get the user's first name and last

    name
    > > and insert into the database.
    > > Because the system need access to other resource, I don't want to use
    > > impersonation. Changing WindonIdentity with impersonation at run time is
    > > also not a choice because the web server is running on Windows 2000.

    Based
    > > on the Security context, how to check if a user in the system or not?

    Thank
    > > you in advance.
    > >
    > > --Caspy
    > >
    > >
    > >
    Caspy, Aug 4, 2005
    #3
  4. Caspy

    Sean M Guest

    Re: check if user belong to a domain against active directory without

    As a side note, it may be beneficial to use FindAll() and iterate
    through the returned SearchResultCollection instead of using FindOne(). This
    is to prevent against a known leak in .NET 1.1 (fixed in 2.0, however) where
    the underlying COM object is not released. Remember to call Dispose() on
    your DirectorySearcher and DirectoryEntry objects when you are finished with
    them -- the finally{} section of an exception handler is a good place to do
    this, that way it gets disposed regardless of whether an exception occurs or
    not.

    -- Sean M

    "Caspy" <> wrote in message
    news:...
    > Thanks for your reply. Actually, I have the code block work fine in
    > WinApps
    > to access to LDAP. It also works in ASP.Net with windows authentication
    > and
    > imperonation enabled. I just cannot make it work in form authentication
    > without imperonation. The problem is how to set the security context.
    >
    > Here is the method:
    >
    > public static bool FindUser(string identification, ref string FirstName,
    > ref string LastName)
    > {
    > bool result = false;
    > string _path = "GC://";
    >
    > // Setup the filter
    > identification =
    > identification.Substring(identification.LastIndexOf(@"\")
    > + 1,
    > identification.Length - identification.LastIndexOf(@"\")-1);
    > string userNameFilter =
    > string.Format("(&(ObjectClass=Person)(SAMAccountName={0}))",
    > identification);
    >
    > // Get a Directory Searcher to the LDAPPath
    > DirectorySearcher searcher = new DirectorySearcher(_path);
    > if (searcher == null)
    > {
    > return false;
    > }
    >
    > // Add the properties that need to be retrieved
    > searcher.PropertiesToLoad.Add("givenName");
    > searcher.PropertiesToLoad.Add("sn");
    >
    > // Set the filter for the search
    > searcher.Filter = userNameFilter;
    >
    > try
    > {
    > // Execute the search
    > SearchResult search = searcher.FindOne();
    >
    > if (search != null)
    > {
    > FirstName = SearchResultProperty(search, "givenName");
    > LastName = SearchResultProperty(search, "sn");
    > result = true;
    > }
    > else
    > result = false;
    > }
    > catch (Exception ex)
    > {
    > result = false;
    > }
    >
    > return result;
    > }
    >
    >
    > Thanks,
    >
    > --Capsy
    >
    > "Kannan.V [MCSD.net]" <> wrote in
    > message news:...
    >> hi,
    >>
    >> These links were useful for a similar scenario for me.
    >> http://www.dotnet247.com/247reference/msgs/4/20782.aspx
    >> http://www.dotnet247.com/247reference/msgs/51/256427.aspx
    >>

    > http://www.dotnet247.com/247reference/System/Data/PropertyCollection/__discussions
    >>
    >> hope this helps
    >> --
    >> Kannan.V
    >> Home : http://www.kannanv.com
    >> Blog : http://kannanv.blogspot.com
    >> Web : http://www.DotnetLounge.net
    >>
    >> "Any one who has never made a mistake has never tried anything new" -

    > Einstein
    >>
    >>
    >> "Caspy" wrote:
    >>
    >> > I just get stuck on how to check if a user is a member of network

    > (domain).
    >> > I am building an internal tracking system with ASP.Net with Form
    >> > authentication. When an user is added into the system, it check if the

    > user
    >> > is a member of the domain account against Global Catalog. If not, the

    > user
    >> > is not allowed to added in. If is, get the user's first name and last

    > name
    >> > and insert into the database.
    >> > Because the system need access to other resource, I don't want to use
    >> > impersonation. Changing WindonIdentity with impersonation at run time
    >> > is
    >> > also not a choice because the web server is running on Windows 2000.

    > Based
    >> > on the Security context, how to check if a user in the system or not?

    > Thank
    >> > you in advance.
    >> >
    >> > --Caspy
    >> >
    >> >
    >> >

    >
    >
    Sean M, Aug 4, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Miika Parvio
    Replies:
    0
    Views:
    1,772
    Miika Parvio
    Jan 14, 2005
  2. rote
    Replies:
    2
    Views:
    469
  3. Mike Swift
    Replies:
    2
    Views:
    264
    avnrao
    Apr 28, 2004
  4. Craig Vedur
    Replies:
    5
    Views:
    629
  5. rote
    Replies:
    4
    Views:
    235
Loading...

Share This Page