If your Web server is a member of a Windows Active Directory-enabled domain, you may find that you need to be able to query (or even update) the directory from your ASP.NET code. This is most likely to be the case for intranet applications. Alternatively, you may wish to query other types of remote directory. The .NET Framework includes a series of classes in the System.DirectoryServices namespace that provide access to directories using one of four protocols:
In the example, you will see how you can use the most common of these, the LDAP protocol, to access Active Directory and get a list of values from one of the AD containers. However, for this to work, the account that ASP.NET is running under must have permission to access the Active Directory. If you are using Visual Studio or VWD, and running the page using the built-in Web server, you should find that it works. If not, try logging on to your machine with an account that has administrator permissions on the domain. If you want to access Active Directory from an application running under IIS, you will most likely need to disable anonymous access to the application in Internet Services Manager, so that users must provide domain credentials when accessing the application. Be careful if you decide to allocate the anonymous IUSR account or ASPNET permissions within the directory, and restrict these permissions to the minimum required. The main classes in the System.DirectoryServices namespace are the DirectoryEntry, which represents an individual item in a container within the directory; and DirectorySearcher and SearchResult, which you use to get a list of DirectoryEntry instances matching specific criteria. The starting point is to get a reference to the root of the directory. For this, you must specify the URI in the correct LDAP format. To access the local Active Directory, you require "LDAP://domain-name," for example: DirectoryEntry root = new DirectoryEntry("LDAP://mydomain.com")
Note that the protocol definition ("LDAP") must be uppercase. You can then search for containers using the DirectorySearcher class, specifying the node to start the search from and the query that selects a container or value: DirectorySearcher searcher = new DirectorySearcher(root, "CN=Users") SearchResult result = searcher.FindOne(); The result of a call to the FindOne method of the DirectorySearcher is a single SearchResult instance, while the result of a call to the FindAll method is a SearchResultCollection capable of containing more than one SearchResult. Each SearchResult exposes the path of the item it found and a set of properties for that item. If you want to access the item itself, perhaps to perform more searches starting from here, you use the GetdirectoryEntry method of the SearchResult. This is, of course, only a very brief overview of the capabilities of the System.DirectoryServices classes, but it is enough to demonstrate how useful they are. Getting a List of UsersThe GetADUserList method in the Ch15DataProcess.cs file returns a String value that is a list of the users found in the "Users" container of Active Directory within the local domain. Listing 15.31 shows the code used in the example. You can see that it first calls the static GetCurrentDomain method to get the local AD domain name, accesses the root of the Active Directory hierarchy for this domain, and then uses a DirectorySearcher from this point to find the first container with "CN=Users" in its name. This is the Users container, and so the code can get a reference to the "live" node in Active Directory for this entry and iterate through all the child nodes (the users). The Name property of each contains the LDAP protocol identifier, as "CN=username", so the code removes this to leave just the name. Listing 15.31. Listing Users from Active Directory
Figure 15.20 shows the result. You can see that it detects the domain name automatically and finds a complete list of users (some of which are hidden here). Figure 15.20. A list of users obtained from Active Directory |