1
Good evening, everyone,
I need to login to AD using C#,
I heard about a class called Principalcontext, you know how I use it?
I saw that I have to go through Domain, would not work like the Directororyentry using Ldappath?
1 answer
1
I have a Helper which can be useful for your case. As it is static class, it can be implemented in any solution and improved.
Note that there are several ways to do a certain search. Some use PrincipalContext, others using DirectorySearcher. Implement the code, make the necessary modifications and perform tests:
public static class ActiveDirectoryHelper
{
/// <summary>
/// Converte uma array de bytes do campo thumbnailPhoto do AD para uma foto.
/// </summary>
/// <param name="data"></param>
/// <returns></returns>
static Image ByteToPhoto(byte[] data)
{
if (data != null)
{
using (MemoryStream s = new MemoryStream(data))
{
return Bitmap.FromStream(s);
}
}
return null;
}
/// <summary>
/// Pesquisa o campo thumbnailPhoto do AD.
/// </summary>
/// <param name="userName"></param>
/// <returns></returns>
static Image GetUserPicture(string userName)
{
using (DirectorySearcher dsSearcher = new DirectorySearcher())
{
dsSearcher.Filter = "(&(objectClass=user) (cn=" + userName + "))";
SearchResult result = dsSearcher.FindOne();
using (DirectoryEntry user = new DirectoryEntry(result.Path))
{
byte[] data = user.Properties["thumbnailPhoto"].Value as byte[];
if (data != null)
{
using (MemoryStream s = new MemoryStream(data))
{
return Bitmap.FromStream(s);
}
}
return null;
}
}
}
/// <summary>
/// Traz um usuário do AD com algumas informações.
/// </summary>
/// <param name="search"></param>
/// <returns></returns>
public static ActiveDirectoryUserViewModel GetADUser(String search)
{
using (var context = new PrincipalContext(ContextType.Domain, "meudominio.com"))
{
var result = UserPrincipal.FindByIdentity(context, search);
return new ActiveDirectoryUserViewModel
{
Sid = result.Sid,
DisplayName = result.DisplayName,
Email = result.EmailAddress,
Mapped = true,
UserName = result.UserPrincipalName,
FirstName = result.GivenName,
MiddleName = result.MiddleName,
Surname = result.Surname,
VoiceTelephoneNumber = result.VoiceTelephoneNumber
};
}
}
/// <summary>
/// Traz todos os usuários das unidades organizacionais "Usuarios" e "SP".
/// </summary>
/// <returns></returns>
public static IEnumerable<ActiveDirectoryUserViewModel> GetADUsers()
{
using (var context = new PrincipalContext(ContextType.Domain, "meudominio.com", "OU=Usuarios,OU=SP,DC=meudominio,DC=com"))
{
UserPrincipalExtended userPrincipal = new UserPrincipalExtended(context);
userPrincipal.Enabled = true;
using (var searcher = new PrincipalSearcher(userPrincipal))
{
foreach (Principal result in searcher.FindAll().Where(r => r.DisplayName != ""))
{
// DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry;
UserPrincipalExtended upe = result as UserPrincipalExtended;
/* Debug.WriteLine("First Name: " + de.Properties["givenName"].Value);
Debug.WriteLine("Last Name : " + de.Properties["sn"].Value);
Debug.WriteLine("SAM account name : " + de.Properties["samAccountName"].Value);
Debug.WriteLine("User principal name: " + de.Properties["userPrincipalName"].Value);
Debug.WriteLine(); */
/* yield return new ActiveDirectoryUserViewModel
{
Sid = new System.Security.Principal.SecurityIdentifier((byte[])de.Properties["objectSid"].Value, 0),
DisplayName = (de.Properties["displayName"].Value ?? de.Properties["name"].Value).ToString(),
// UserName = de.Properties["name"].Value.ToString()
UserName = de.Properties["sAMAccountName"].Value.ToString(),
Department = de.Properties["department"].Value.ToString(),
VoiceTelephoneNumber = de.Properties["telephoneNumber"].Value.ToString()
}; */
if ((upe.VoiceTelephoneNumber ?? "").Trim() != "" && (upe.Department ?? "").Trim() != "")
{
yield return new ActiveDirectoryUserViewModel
{
Sid = upe.Sid,
DisplayName = upe.DisplayName,
// UserName = de.Properties["name"].Value.ToString()
UserName = upe.UserPrincipalName,
Department = upe.Department,
VoiceTelephoneNumber = upe.VoiceTelephoneNumber
};
}
}
}
}
}
/// <summary>
/// Traz um usuário do AD por login.
/// </summary>
/// <param name="name"></param>
/// <returns></returns>
public static ActiveDirectoryUserViewModel GetADUserByLogin(String name)
{
var filter = "(&(objectClass=user)(objectCategory=person)(samaccountname=" + name.Replace("DOMINIO\\", "") + "))";
using (var context = new PrincipalContext(ContextType.Domain, "meudominio.com"))
{
var result = InternalSearch(filter);
result.Groups = UserPrincipal.FindByIdentity(context, name)
.GetGroups()
.Select(g => new ActiveDirectoryGroupViewModel { Sid = g.Sid, Name = g.Name, Description = g.Description })
.ToList();
return result;
};
}
/// <summary>
/// Traz um usuário do AD por Sid (security identifier).
/// </summary>
/// <param name="sid"></param>
/// <returns></returns>
public static ActiveDirectoryUserViewModel GetADUserBySid(String sid)
{
var filter = "(&(objectClass=user)(objectCategory=person)(objectSid=" + sid + "))";
return InternalSearch(filter);
}
/// <summary>
/// Método auxiliar para montar pesquisas do AD.
/// </summary>
/// <param name="filter"></param>
/// <returns></returns>
static ActiveDirectoryUserViewModel InternalSearch(String filter)
{
using (DirectoryEntry entry = new DirectoryEntry("LDAP://meudominio.com"))
{
DirectorySearcher search = new DirectorySearcher(entry);
// search.Filter = "(&(objectClass=user)(l=" + name + "))";
search.Filter = filter;
search.PropertiesToLoad.AddRange(new string[] {"samaccountname", "mail", "usergroup", "department", "displayname", "cn", "givenName", "initials",
"sn", "homePostalAddress", "title", "company", "st", "l", "co", "postalcode", "telephoneNumber", "otherTelephone", "facsimileTelephoneNumber", "mail",
"extensionAttribute1", "extensionAttribute2", "extensionAttribute3", "extensionAttribute4", "extensionAttribute5", "extensionAttribute6",
"extensionAttribute7", "extensionAttribute8", "extensionAttribute9", "extensionAttribute10", "extensionAttribute11", "extensionAttribute12",
"whenChanged", "whenCreated", "thumbnailPhoto", "objectSid", "objectGUID"}
);
foreach (SearchResult sResultSet in search.FindAll())
{
/* Debug.WriteLine("samaccountname: " + GetProperty(sResultSet, "samaccountname"));
// Login Name
Debug.WriteLine("cn: " + GetProperty(sResultSet, "cn"));
// First Name
Debug.WriteLine("givenName: " + GetProperty(sResultSet, "givenName"));
// Middle Initials
Debug.WriteLine("initials: " + GetProperty(sResultSet, "initials"));
// Last Name
Debug.WriteLine("sn: " + GetProperty(sResultSet, "sn"));
// Address
string tempAddress = GetProperty(sResultSet, "homePostalAddress");
if (tempAddress != string.Empty)
{
string[] addressArray = tempAddress.Split(';');
string taddr1, taddr2;
taddr1 = addressArray[0];
Debug.WriteLine(taddr1);
taddr2 = addressArray[1];
Debug.WriteLine(taddr2);
}
// title
Debug.WriteLine("title: " + GetProperty(sResultSet, "title"));
// company
Debug.WriteLine("company: " + GetProperty(sResultSet, "company"));
//state
Debug.WriteLine("st: " + GetProperty(sResultSet, "st"));
//city
Debug.WriteLine("l: " + GetProperty(sResultSet, "l"));
//country
Debug.WriteLine("co: " + GetProperty(sResultSet, "co"));
//postal code
Debug.WriteLine("postalCode: " + GetProperty(sResultSet, "postalCode"));
// telephonenumber
Debug.WriteLine("telephoneNumber: " + GetProperty(sResultSet, "telephoneNumber"));
//extention
Debug.WriteLine("otherTelephone: " + GetProperty(sResultSet, "otherTelephone"));
//fax
Debug.WriteLine("facsimileTelephoneNumber: " + GetProperty(sResultSet, "facsimileTelephoneNumber"));
// email address
Debug.WriteLine("mail: " + GetProperty(sResultSet, "mail"));
// Challenge Question
Debug.WriteLine("extensionAttribute1: " + GetProperty(sResultSet, "extensionAttribute1"));
// Challenge Response
Debug.WriteLine("extensionAttribute2: " + GetProperty(sResultSet, "extensionAttribute2"));
//Member Company
Debug.WriteLine("extensionAttribute3: " + GetProperty(sResultSet, "extensionAttribute3"));
// Company Relation ship Exits
Debug.WriteLine("extensionAttribute4: " + GetProperty(sResultSet, "extensionAttribute4"));
//status
Debug.WriteLine("extensionAttribute5: " + GetProperty(sResultSet, "extensionAttribute5"));
// Assigned Sales Person
Debug.WriteLine("extensionAttribute6: " + GetProperty(sResultSet, "extensionAttribute6"));
// Accept T and C
Debug.WriteLine("extensionAttribute7: " + GetProperty(sResultSet, "extensionAttribute7"));
// jobs
Debug.WriteLine("extensionAttribute8: " + GetProperty(sResultSet, "extensionAttribute8"));
String tEmail = GetProperty(sResultSet, "extensionAttribute9");
// email over night
if (tEmail != string.Empty)
{
string em1, em2, em3;
string[] emailArray = tEmail.Split(';');
em1 = emailArray[0];
em2 = emailArray[1];
em3 = emailArray[2];
Debug.WriteLine(em1 + em2 + em3);
}
// email daily emerging market
Debug.WriteLine("extensionAttribute10: " + GetProperty(sResultSet, "extensionAttribute10"));
// email daily corporate market
Debug.WriteLine("extensionAttribute11: " + GetProperty(sResultSet, "extensionAttribute11"));
// AssetMgt Range
Debug.WriteLine("extensionAttribute12: " + GetProperty(sResultSet, "extensionAttribute12"));
// date of account created
Debug.WriteLine("whenCreated: " + GetProperty(sResultSet, "whenCreated"));
// date of account changed
Debug.WriteLine("whenChanged " + GetProperty(sResultSet, "whenChanged"));
Debug.WriteLine("department: " + GetProperty(sResultSet, "department")); */
return new ActiveDirectoryUserViewModel
{
Sid = new System.Security.Principal.SecurityIdentifier((byte[])sResultSet.Properties["objectSid"][0], 0),
// Guid = GetProperty(sResultSet, "objectGUID"),
DisplayName = GetProperty(sResultSet, "displayname"),
Email = GetProperty(sResultSet, "mail"),
Mapped = true,
UserName = GetProperty(sResultSet, "samaccountname"),
FirstName = GetProperty(sResultSet, "givenName"),
Surname = GetProperty(sResultSet, "sn"),
VoiceTelephoneNumber = GetProperty(sResultSet, "telephoneNumber"),
JobTitle = GetProperty(sResultSet, "title"),
Department = GetProperty(sResultSet, "department"),
Photo = sResultSet.Properties["thumbnailPhoto"][0] as byte[]
};
}
}
return new ActiveDirectoryUserViewModel();
}
/// <summary>
/// Trz todos os grupos do AD.
/// </summary>
/// <returns></returns>
public static IEnumerable<ActiveDirectoryGroupViewModel> GetAllGroups()
{
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
GroupPrincipal qbeGroup = new GroupPrincipal(ctx);
PrincipalSearcher srch = new PrincipalSearcher(qbeGroup);
foreach (var found in srch.FindAll())
{
yield return new ActiveDirectoryGroupViewModel
{
Name = found.Name,
Sid = found.Sid,
Description = found.Description
};
}
}
/// <summary>
/// Traz um grupo do AD por Sid (security identifier).
/// </summary>
/// <param name="sid"></param>
/// <returns></returns>
public static ActiveDirectoryGroupViewModel GetGroup(String sid)
{
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
GroupPrincipal qbeGroup = new GroupPrincipal(ctx);
var search = GroupPrincipal.FindByIdentity(ctx, IdentityType.Sid, sid);
if (search != null)
{
return new ActiveDirectoryGroupViewModel {
Name = search.Name,
Description = search.Description,
Sid = search.Sid
};
/* foreach (Principal p in search.GetMembers())
{
Debug.WriteLine("{0}: {1}", p.StructuralObjectClass, p.DisplayName);
} */
}
return null;
}
/// <summary>
/// Método interno para tratamento de propriedade do AD.
/// </summary>
/// <param name="searchResult"></param>
/// <param name="PropertyName"></param>
/// <returns></returns>
private static string GetProperty(SearchResult searchResult, string PropertyName)
{
if (searchResult.Properties.Contains(PropertyName))
{
return searchResult.Properties[PropertyName][0].ToString();
}
else
{
return string.Empty;
}
}
}
Notice that I use some Viewmodels there. I made it to an ASP.NET MVC system, but you can use it to any other system without problems. Their implementation is below:
public class ActiveDirectoryGroupViewModel
{
[DisplayName("Identificador de Segurança")]
public SecurityIdentifier Sid { get; set; }
[DisplayName("Nome")]
public String Name { get; set; }
[DisplayName("Descrição")]
public String Description { get; set; }
}
public class ActiveDirectoryUserViewModel
{
[DisplayName("SID")]
public SecurityIdentifier Sid { get; set; }
[DisplayName("Guid")]
public String Guid { get; set; }
[DisplayName("Login")]
public string Login { get; set; }
[DisplayName("Endereço de E-Mail")]
public string Email { get; set; }
[DisplayName("Nome de Usuário")]
public string UserName { get; set; }
[DisplayName("Nome de Exibição")]
public string DisplayName { get; set; }
[DisplayName("Mapeado?")]
public bool Mapped { get; set; }
[DisplayName("Unidade Organizacional")]
public string OrganizationalUnit { get; set; }
[DisplayName("Primeiro Nome")]
public string FirstName { get; set; }
[DisplayName("Nome do Meio")]
public string MiddleName { get; set; }
[DisplayName("Sobrenome")]
public string Surname { get; set; }
[DisplayName("Telefone")]
public string VoiceTelephoneNumber { get; set; }
[DisplayName("Cargo")]
public String JobTitle { get; set; }
[DisplayName("Departamento")]
public String Department { get; set; }
[DisplayName("Foto")]
public byte[] Photo { get; set; }
[DisplayName("Grupos")]
public List<ActiveDirectoryGroupViewModel> Groups { get; set; }
}
Browser other questions tagged c# active-directory
You are not signed in. Login or sign up in order to post.
Your application is what, exactly? Some types of applications run this login automatically.
– Leonel Sanches da Silva
@Gypsy I am in an identity management project, where our system will migrate all users of AD, AD2, AD3, IDENTITY1, etc. to our base, we will leave several systems that have multiple login screens with only one, it accesses our base, checks which directory belongs to and accesses the AD or IDENTITY, so now I need to do the Login part to access the AD, Identity is already done, I’m trying to access via Principalcontext,
– AleBabaloff