Good evening guys,
I need to login to AD using C #,
I've heard of a class called PrincipalContext, do you know how to use it?
I saw that I have to go through Domain, would not it work just like the DiretoryEntry using LDAPPath?
Sign in to AD
1
asked by anonymous 04.09.2015 / 05:47
1 answer
1
I have a Helper that can be useful for your case. As it's static class, it can be implemented in any solution and improved.
Notice that there are several ways to do a particular search. Some use PrincipalContext , others using% h. #. Deploy the code, make the necessary modifications, and run tests:
public static class ActiveDirectoryHelper
{
/// <summary>
/// Converte uma array de bytes do campo thumbnailPhoto do AD para uma foto.
/// </summary>
/// <param name="data"></param>
/// <returns></returns>
static Image ByteToPhoto(byte[] data)
{
if (data != null)
{
using (MemoryStream s = new MemoryStream(data))
{
return Bitmap.FromStream(s);
}
}
return null;
}
/// <summary>
/// Pesquisa o campo thumbnailPhoto do AD.
/// </summary>
/// <param name="userName"></param>
/// <returns></returns>
static Image GetUserPicture(string userName)
{
using (DirectorySearcher dsSearcher = new DirectorySearcher())
{
dsSearcher.Filter = "(&(objectClass=user) (cn=" + userName + "))";
SearchResult result = dsSearcher.FindOne();
using (DirectoryEntry user = new DirectoryEntry(result.Path))
{
byte[] data = user.Properties["thumbnailPhoto"].Value as byte[];
if (data != null)
{
using (MemoryStream s = new MemoryStream(data))
{
return Bitmap.FromStream(s);
}
}
return null;
}
}
}
/// <summary>
/// Traz um usuário do AD com algumas informações.
/// </summary>
/// <param name="search"></param>
/// <returns></returns>
public static ActiveDirectoryUserViewModel GetADUser(String search)
{
using (var context = new PrincipalContext(ContextType.Domain, "meudominio.com"))
{
var result = UserPrincipal.FindByIdentity(context, search);
return new ActiveDirectoryUserViewModel
{
Sid = result.Sid,
DisplayName = result.DisplayName,
Email = result.EmailAddress,
Mapped = true,
UserName = result.UserPrincipalName,
FirstName = result.GivenName,
MiddleName = result.MiddleName,
Surname = result.Surname,
VoiceTelephoneNumber = result.VoiceTelephoneNumber
};
}
}
/// <summary>
/// Traz todos os usuários das unidades organizacionais "Usuarios" e "SP".
/// </summary>
/// <returns></returns>
public static IEnumerable<ActiveDirectoryUserViewModel> GetADUsers()
{
using (var context = new PrincipalContext(ContextType.Domain, "meudominio.com", "OU=Usuarios,OU=SP,DC=meudominio,DC=com"))
{
UserPrincipalExtended userPrincipal = new UserPrincipalExtended(context);
userPrincipal.Enabled = true;
using (var searcher = new PrincipalSearcher(userPrincipal))
{
foreach (Principal result in searcher.FindAll().Where(r => r.DisplayName != ""))
{
// DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry;
UserPrincipalExtended upe = result as UserPrincipalExtended;
/* Debug.WriteLine("First Name: " + de.Properties["givenName"].Value);
Debug.WriteLine("Last Name : " + de.Properties["sn"].Value);
Debug.WriteLine("SAM account name : " + de.Properties["samAccountName"].Value);
Debug.WriteLine("User principal name: " + de.Properties["userPrincipalName"].Value);
Debug.WriteLine(); */
/* yield return new ActiveDirectoryUserViewModel
{
Sid = new System.Security.Principal.SecurityIdentifier((byte[])de.Properties["objectSid"].Value, 0),
DisplayName = (de.Properties["displayName"].Value ?? de.Properties["name"].Value).ToString(),
// UserName = de.Properties["name"].Value.ToString()
UserName = de.Properties["sAMAccountName"].Value.ToString(),
Department = de.Properties["department"].Value.ToString(),
VoiceTelephoneNumber = de.Properties["telephoneNumber"].Value.ToString()
}; */
if ((upe.VoiceTelephoneNumber ?? "").Trim() != "" && (upe.Department ?? "").Trim() != "")
{
yield return new ActiveDirectoryUserViewModel
{
Sid = upe.Sid,
DisplayName = upe.DisplayName,
// UserName = de.Properties["name"].Value.ToString()
UserName = upe.UserPrincipalName,
Department = upe.Department,
VoiceTelephoneNumber = upe.VoiceTelephoneNumber
};
}
}
}
}
}
/// <summary>
/// Traz um usuário do AD por login.
/// </summary>
/// <param name="name"></param>
/// <returns></returns>
public static ActiveDirectoryUserViewModel GetADUserByLogin(String name)
{
var filter = "(&(objectClass=user)(objectCategory=person)(samaccountname=" + name.Replace("DOMINIO\", "") + "))";
using (var context = new PrincipalContext(ContextType.Domain, "meudominio.com"))
{
var result = InternalSearch(filter);
result.Groups = UserPrincipal.FindByIdentity(context, name)
.GetGroups()
.Select(g => new ActiveDirectoryGroupViewModel { Sid = g.Sid, Name = g.Name, Description = g.Description })
.ToList();
return result;
};
}
/// <summary>
/// Traz um usuário do AD por Sid (security identifier).
/// </summary>
/// <param name="sid"></param>
/// <returns></returns>
public static ActiveDirectoryUserViewModel GetADUserBySid(String sid)
{
var filter = "(&(objectClass=user)(objectCategory=person)(objectSid=" + sid + "))";
return InternalSearch(filter);
}
/// <summary>
/// Método auxiliar para montar pesquisas do AD.
/// </summary>
/// <param name="filter"></param>
/// <returns></returns>
static ActiveDirectoryUserViewModel InternalSearch(String filter)
{
using (DirectoryEntry entry = new DirectoryEntry("LDAP://meudominio.com"))
{
DirectorySearcher search = new DirectorySearcher(entry);
// search.Filter = "(&(objectClass=user)(l=" + name + "))";
search.Filter = filter;
search.PropertiesToLoad.AddRange(new string[] {"samaccountname", "mail", "usergroup", "department", "displayname", "cn", "givenName", "initials",
"sn", "homePostalAddress", "title", "company", "st", "l", "co", "postalcode", "telephoneNumber", "otherTelephone", "facsimileTelephoneNumber", "mail",
"extensionAttribute1", "extensionAttribute2", "extensionAttribute3", "extensionAttribute4", "extensionAttribute5", "extensionAttribute6",
"extensionAttribute7", "extensionAttribute8", "extensionAttribute9", "extensionAttribute10", "extensionAttribute11", "extensionAttribute12",
"whenChanged", "whenCreated", "thumbnailPhoto", "objectSid", "objectGUID"}
);
foreach (SearchResult sResultSet in search.FindAll())
{
/* Debug.WriteLine("samaccountname: " + GetProperty(sResultSet, "samaccountname"));
// Login Name
Debug.WriteLine("cn: " + GetProperty(sResultSet, "cn"));
// First Name
Debug.WriteLine("givenName: " + GetProperty(sResultSet, "givenName"));
// Middle Initials
Debug.WriteLine("initials: " + GetProperty(sResultSet, "initials"));
// Last Name
Debug.WriteLine("sn: " + GetProperty(sResultSet, "sn"));
// Address
string tempAddress = GetProperty(sResultSet, "homePostalAddress");
if (tempAddress != string.Empty)
{
string[] addressArray = tempAddress.Split(';');
string taddr1, taddr2;
taddr1 = addressArray[0];
Debug.WriteLine(taddr1);
taddr2 = addressArray[1];
Debug.WriteLine(taddr2);
}
// title
Debug.WriteLine("title: " + GetProperty(sResultSet, "title"));
// company
Debug.WriteLine("company: " + GetProperty(sResultSet, "company"));
//state
Debug.WriteLine("st: " + GetProperty(sResultSet, "st"));
//city
Debug.WriteLine("l: " + GetProperty(sResultSet, "l"));
//country
Debug.WriteLine("co: " + GetProperty(sResultSet, "co"));
//postal code
Debug.WriteLine("postalCode: " + GetProperty(sResultSet, "postalCode"));
// telephonenumber
Debug.WriteLine("telephoneNumber: " + GetProperty(sResultSet, "telephoneNumber"));
//extention
Debug.WriteLine("otherTelephone: " + GetProperty(sResultSet, "otherTelephone"));
//fax
Debug.WriteLine("facsimileTelephoneNumber: " + GetProperty(sResultSet, "facsimileTelephoneNumber"));
// email address
Debug.WriteLine("mail: " + GetProperty(sResultSet, "mail"));
// Challenge Question
Debug.WriteLine("extensionAttribute1: " + GetProperty(sResultSet, "extensionAttribute1"));
// Challenge Response
Debug.WriteLine("extensionAttribute2: " + GetProperty(sResultSet, "extensionAttribute2"));
//Member Company
Debug.WriteLine("extensionAttribute3: " + GetProperty(sResultSet, "extensionAttribute3"));
// Company Relation ship Exits
Debug.WriteLine("extensionAttribute4: " + GetProperty(sResultSet, "extensionAttribute4"));
//status
Debug.WriteLine("extensionAttribute5: " + GetProperty(sResultSet, "extensionAttribute5"));
// Assigned Sales Person
Debug.WriteLine("extensionAttribute6: " + GetProperty(sResultSet, "extensionAttribute6"));
// Accept T and C
Debug.WriteLine("extensionAttribute7: " + GetProperty(sResultSet, "extensionAttribute7"));
// jobs
Debug.WriteLine("extensionAttribute8: " + GetProperty(sResultSet, "extensionAttribute8"));
String tEmail = GetProperty(sResultSet, "extensionAttribute9");
// email over night
if (tEmail != string.Empty)
{
string em1, em2, em3;
string[] emailArray = tEmail.Split(';');
em1 = emailArray[0];
em2 = emailArray[1];
em3 = emailArray[2];
Debug.WriteLine(em1 + em2 + em3);
}
// email daily emerging market
Debug.WriteLine("extensionAttribute10: " + GetProperty(sResultSet, "extensionAttribute10"));
// email daily corporate market
Debug.WriteLine("extensionAttribute11: " + GetProperty(sResultSet, "extensionAttribute11"));
// AssetMgt Range
Debug.WriteLine("extensionAttribute12: " + GetProperty(sResultSet, "extensionAttribute12"));
// date of account created
Debug.WriteLine("whenCreated: " + GetProperty(sResultSet, "whenCreated"));
// date of account changed
Debug.WriteLine("whenChanged " + GetProperty(sResultSet, "whenChanged"));
Debug.WriteLine("department: " + GetProperty(sResultSet, "department")); */
return new ActiveDirectoryUserViewModel
{
Sid = new System.Security.Principal.SecurityIdentifier((byte[])sResultSet.Properties["objectSid"][0], 0),
// Guid = GetProperty(sResultSet, "objectGUID"),
DisplayName = GetProperty(sResultSet, "displayname"),
Email = GetProperty(sResultSet, "mail"),
Mapped = true,
UserName = GetProperty(sResultSet, "samaccountname"),
FirstName = GetProperty(sResultSet, "givenName"),
Surname = GetProperty(sResultSet, "sn"),
VoiceTelephoneNumber = GetProperty(sResultSet, "telephoneNumber"),
JobTitle = GetProperty(sResultSet, "title"),
Department = GetProperty(sResultSet, "department"),
Photo = sResultSet.Properties["thumbnailPhoto"][0] as byte[]
};
}
}
return new ActiveDirectoryUserViewModel();
}
/// <summary>
/// Trz todos os grupos do AD.
/// </summary>
/// <returns></returns>
public static IEnumerable<ActiveDirectoryGroupViewModel> GetAllGroups()
{
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
GroupPrincipal qbeGroup = new GroupPrincipal(ctx);
PrincipalSearcher srch = new PrincipalSearcher(qbeGroup);
foreach (var found in srch.FindAll())
{
yield return new ActiveDirectoryGroupViewModel
{
Name = found.Name,
Sid = found.Sid,
Description = found.Description
};
}
}
/// <summary>
/// Traz um grupo do AD por Sid (security identifier).
/// </summary>
/// <param name="sid"></param>
/// <returns></returns>
public static ActiveDirectoryGroupViewModel GetGroup(String sid)
{
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
GroupPrincipal qbeGroup = new GroupPrincipal(ctx);
var search = GroupPrincipal.FindByIdentity(ctx, IdentityType.Sid, sid);
if (search != null)
{
return new ActiveDirectoryGroupViewModel {
Name = search.Name,
Description = search.Description,
Sid = search.Sid
};
/* foreach (Principal p in search.GetMembers())
{
Debug.WriteLine("{0}: {1}", p.StructuralObjectClass, p.DisplayName);
} */
}
return null;
}
/// <summary>
/// Método interno para tratamento de propriedade do AD.
/// </summary>
/// <param name="searchResult"></param>
/// <param name="PropertyName"></param>
/// <returns></returns>
private static string GetProperty(SearchResult searchResult, string PropertyName)
{
if (searchResult.Properties.Contains(PropertyName))
{
return searchResult.Properties[PropertyName][0].ToString();
}
else
{
return string.Empty;
}
}
}
Notice that I use some ViewModels there. I did for an ASP.NET MVC system, but you can use it for any other system with no problems. Their implementation is below:
public class ActiveDirectoryGroupViewModel
{
[DisplayName("Identificador de Segurança")]
public SecurityIdentifier Sid { get; set; }
[DisplayName("Nome")]
public String Name { get; set; }
[DisplayName("Descrição")]
public String Description { get; set; }
}
public class ActiveDirectoryUserViewModel
{
[DisplayName("SID")]
public SecurityIdentifier Sid { get; set; }
[DisplayName("Guid")]
public String Guid { get; set; }
[DisplayName("Login")]
public string Login { get; set; }
[DisplayName("Endereço de E-Mail")]
public string Email { get; set; }
[DisplayName("Nome de Usuário")]
public string UserName { get; set; }
[DisplayName("Nome de Exibição")]
public string DisplayName { get; set; }
[DisplayName("Mapeado?")]
public bool Mapped { get; set; }
[DisplayName("Unidade Organizacional")]
public string OrganizationalUnit { get; set; }
[DisplayName("Primeiro Nome")]
public string FirstName { get; set; }
[DisplayName("Nome do Meio")]
public string MiddleName { get; set; }
[DisplayName("Sobrenome")]
public string Surname { get; set; }
[DisplayName("Telefone")]
public string VoiceTelephoneNumber { get; set; }
[DisplayName("Cargo")]
public String JobTitle { get; set; }
[DisplayName("Departamento")]
public String Department { get; set; }
[DisplayName("Foto")]
public byte[] Photo { get; set; }
[DisplayName("Grupos")]
public List<ActiveDirectoryGroupViewModel> Groups { get; set; }
}
04.09.2015 / 16:21