Skip to main content

Programming AD with C#.NET – part 2

To work around the memory leaking issues in the .NET classes is in theory quite simple, do not use those classes. That is the starting point we had. Instead what we want to do is, by minimizing the affection on all our projects, rebuild our AD classes to use a beter way to communicate with the Active Directory.

In .NET 2.0 the System.DirectoryServices.Protocols was introduced, which is a collection of general classes to communicate with practically any directory over LDAP. Unlike System.DirectoryServices which builds on ADSI, the System.DirectoryServices.Protocols builds on the newer and better wldap32.dll.

Heres an overview of the different namespaces and what teqniques they rely on, taken from Introduction to System.DirectoryServices.Protocols.


In .NET 3.5 yet another namespace arrived, namely System.DirectoryServices.AccountManagement. This is excactly as it sounds a set of classes for account management. In theory this is exactly what we need. The classes are very easy to use and you do not have to do any LDAP programming at all.

Unfortunately there are some direct disadvantages with System.DirectoryServices.AccountManagement. The classes build on a mix of System.DirectoryServices and System.DirectoryServices.Protocols, which means that we will still be stuck with the memory leak that we are trying to get away from. Another issue is performance, which is not really a problem when a user is changing the password, but is a big problem when making large searches.

Comments

Popular posts from this blog

LEAP Sweden - Identity & Access Management

Today was the third day of the Swedish Lead Enterprise Architect Program at Microsoft in Kista. It has been a day filled with sessions on security and identity with a kind of unavoidable focus on federated identities in the cloud. Overall it has been an awesome day with seminars from Henrik Nilsson , Barry O'Reilly and Sergio Molero among others. A lot of Microsoft technologies was mentioned, Forefront Identity Manager , Active Directory Federation Services 2.0 , Forefront Unified Access Gateway , Direct Access ,  Windows Identity Framework and of course  Azure Access Control Service . Microsoft really has a great suite of applications regarding Identity & Access Management. I just wish there was a project or two where I could utilize all of these amazing technologies. I have had a plan to add a login feature to the Cornball using federated identities, so that might happen in the near future. Besides, Björn Eriksen provided a tip for all of us thursty for e...

The Cornball goes to Brunch with Chaplin

Lately I've been working pretty hard on different projects but not really stumbling upon anything blogworthy. The most recent project is quite interesting though, a single page, touch friendly, web application using the latest and greatest technologies. We've ended up with using Brunch with Chaplin , which is a very neat way of setting up a Backbone based single page web project with Brunch and Chaplin . Aside from this, I have my own little project that has lived on for almost 15 years already, The Cornball . From being a plain Windows application written i C an Win32 API, it has been ported to .NET using WPF, and is currently a Silverlight application hosted on Windows Azure. I could not find a better time to reanimate this project and create a new web based version, touch friendly, super optimized, awesome in any way. So I did... So please follow my journey at Github . It's going to take a while, I assure you, but I already have some ground work done. Meanwhile,...

Using ASP.NET MVC with MEF

I wrote this post almost a year ago, but never published it for some reason. Anyway, here is a little MVC/MEF magic. By default a controller in MVC must have a parameterless constructor. When using MEF a good practice is to inject the services via constructor parameters. These two in combination obviously creates an issue where the following scenario will not work out of the box, since there is no parameterless constructor for  MVC  to use. Note that the PartCreationPolicy is set to NonShared since a new controller have to be initialized for each request. [Export] [PartCreationPolicy(CreationPolicy.NonShared)] public class HomeController : Controller {     private readonly IServiceClient _service;     [ImportingConstructor]     public HomeController(IServiceClient service)     {         _service = service;     }     public ActionResult Index()     {         ...