check if user belong to a domain against active directory without impersonation

[Caspy]

I just get stuck on how to check if a user is a member of network (domain).
I am building an internal tracking system with ASP.Net with Form
authentication. When an user is added into the system, it check if the user
is a member of the domain account against Global Catalog. If not, the user
is not allowed to added in. If is, get the user's first name and last name
and insert into the database.
Because the system need access to other resource, I don't want to use
impersonation. Changing WindonIdentity with impersonation at run time is
also not a choice because the web server is running on Windows 2000. Based
on the Security context, how to check if a user in the system or not? Thank
you in advance.

--Caspy

 

[Guest]

hi,

These links were useful for a similar scenario for me.
http://www.dotnet247.com/247reference/msgs/4/20782.aspx
http://www.dotnet247.com/247reference/msgs/51/256427.asp
http://www.dotnet247.com/247reference/System/Data/PropertyCollection/__discussions

hope this helps
--
Kannan.V
Home : http://www.kannanv.com
Blog : http://kannanv.blogspot.com
Web : http://www.DotnetLounge.net

"Any one who has never made a mistake has never tried anything new" - Einstein

 

[Caspy]

Thanks for your reply. Actually, I have the code block work fine in WinApps
to access to LDAP. It also works in ASP.Net with windows authentication and
imperonation enabled. I just cannot make it work in form authentication
without imperonation. The problem is how to set the security context.

Here is the method:

public static bool FindUser(string identification, ref string FirstName,
ref string LastName)
{
bool result = false;
string _path = "GC://";

// Setup the filter
identification = identification.Substring(identification.LastIndexOf(@"\")
+ 1,
identification.Length - identification.LastIndexOf(@"\")-1);
string userNameFilter =
string.Format("(&(ObjectClass=Person)(SAMAccountName={0}))",
identification);

// Get a Directory Searcher to the LDAPPath
DirectorySearcher searcher = new DirectorySearcher(_path);
if (searcher == null)
{
return false;
}

// Add the properties that need to be retrieved
searcher.PropertiesToLoad.Add("givenName");
searcher.PropertiesToLoad.Add("sn");

// Set the filter for the search
searcher.Filter = userNameFilter;

try
{
// Execute the search
SearchResult search = searcher.FindOne();

if (search != null)
{
FirstName = SearchResultProperty(search, "givenName");
LastName = SearchResultProperty(search, "sn");
result = true;
}
else
result = false;
}
catch (Exception ex)
{
result = false;
}

return result;
}


Thanks,

--Capsy

 

[Sean M]

As a side note, it may be beneficial to use FindAll() and iterate
through the returned SearchResultCollection instead of using FindOne(). This
is to prevent against a known leak in .NET 1.1 (fixed in 2.0, however) where
the underlying COM object is not released. Remember to call Dispose() on
your DirectorySearcher and DirectoryEntry objects when you are finished with
them -- the finally{} section of an exception handler is a good place to do
this, that way it gets disposed regardless of whether an exception occurs or
not.

-- Sean M