Get Organization/Departament and Organization/Title with Userprincipal - AD and C#

Asked

Viewed 256 times

2

I am using the reference System.DirectoryServices.Accountmanagement and I have the code below:

string dnsAD = "USINA.REDE";
string groupName = "Grupo Controle Acesso Gestao de Ativos"; //seta o grupo de acesso
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, dnsAD);
GroupPrincipal groupPrincipal = GroupPrincipal.FindByIdentity(principalContext, groupName);
if (principalContext.ValidateCredentials(Login, Senha))
{
    UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, Login);
    if (!(userPrincipal == null) && (userPrincipal.IsMemberOf(groupPrincipal))) //verifica se user é membro do grupo

I would like if within this context, using Userprincipal, I can obtain information from the Organization, such as Departament and Title?

From now on I thank you all!

c# authentication active-directory

1 answer

2


You can use the class UserPrincipal together with a class called DirectoryEntry to access some properties of the main. This class represents a node or object of the Active Directory hierarchy. The class UserPrincipal inherits from a class Principal which in turn is associated with a DirectoryEntry.

To obtain the DirectoryEntry overarching of a Principal we use the method GetUnderlyingObject of this class. It turns out that every object DirectoryEntry has a collection called Properties that has ADDS properties for that active directory object. This property is of the type PropertyCollection and has a method Contains to check if a property is specified for that AD entry.

Basically this is how it’s done:

directoryEntry.Properties.Contains("propriedade");

That’s a bool that says whether the property is there or not. If the property is you can access its value with array syntax and access the property Value:

directoryEntry.Properties["propriedade"].Value.ToString();

With this idea, the best you can do is to create extension methods to make everything more flexible. Create an extension method for the class Principal that returns a property of DirectoryEntry overlying like this:

public static string GetProperty(this Principal principal, string propriedade)
{
    DirectoryEntry directoryEntrySobrejacente = principal.GetUnderlyingObject() as DirectoryEntry;

    if (directoryEntrySobrejacente.Properties.Contains(propriedade))
    {
        return directoryEntrySobrejacente.Properties[propriedade].Value.ToString();
    }
    else
    {
        return string.Empty;
    }
}

Then create extension methods for the specific properties you want. For example, a method GetDepartment to return the Department property by passing the property name as a string.

I don’t know much about AD so I don’t know if this approach works exactly for your problem. Try it there and tell me if it worked.

References

  • thank you! eu fiz assim 
 UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, Login);
 DirectoryEntry userDE = (DirectoryEntry)userPrincipal.GetUnderlyingObject();
 var nome = userPrincipal.Name;
 var email = userPrincipal.EmailAddress; 
 var dpto = userDE.Properties["Department"].Value.ToString();
 var posicao = userDE.Properties["Title"].Value.ToString();

  • It can also be, the use of extension methods was only to reuse code. For these properties worked as expected ?

Browser other questions tagged c# authentication active-directory

You are not signed in. Login or sign up in order to post.