Skip to main content

Programming AD with C#.NET – part 3

So far we have managed to exclude System.DirectoryServices because of our original issues, and System.DirectoryServices.AccountManagement because of performance issues. What is left for us now is System.DirectoryServices.Protocols, and that is the namespace of our choice.

Generally the System.DirectoryServices.Protocols is pretty similar to System.DirectoryServices, so it is not a big deal to rebuild our existing classes to a newer version. But there are always some small obsacles that need to be conquered. A very good guide to get started with these classes is written by Ethan Wilansky and published on MSDN, Introduction to System.DirectoryServices.Protocols.

An small issue is that you always have to know if an attribute exists before you try to remove it. The same thing applies when an attribute is saved, you must know if it is a new attribute to be created or an existing attribute that should be updated. If an incorrect action is taken a DirectoryOperationException will be thrown. A simple solution for this problem is to add a PermissiveModifyControl to the request. This will make sure that add, edit and remove events is handled nicely without throwing any exceptions.

Paging a search result is another thing that could be a little tricky. With System.DirectoryServices you only had to set the PageSize on a DirectorySearcher and the paging was automatically handled. With System.DirectoryServices.Protocols we have got to deal with the paging ourselves. There are a lot more information about this in the article mention above, Introduction to System.DirectoryServices.Protocols.

One third little quirk I had was when creating user accounts.We need to be able to set the password, and with System.DirectoryServices.Protocols it is possible to modify the value unicodePwd. However there are a couple of things to keep in mind.:
  • A 128 bit encrypted channel must be used.
  • The password must be a byte array containing the password surrounded by quotation marks.
Here is a simple code sample that meets both of these demands:

LdapDirectoryIdentifier identifier = new LdapDirectoryIdentifier("server");
NetworkCredential credential = new NetworkCredential("user", "password", "domain");
using(LdapConnection connection = new LdapConnection(identifier, credential))
{
    connection.SessionOptions.Signed = true;
    connection.SessionOptions.Sealed = true;
    DirectoryAttribute[] attributes = new DirectoryAttribute[] {
        new DirectoryAttribute("objectClass", "user"),
        new DirectoryAttribute("userPrincipalName", "newAdAccount@domain.com"),
        new DirectoryAttribute("samAccountName", "newAdAccount"),
        new DirectoryAttribute("unicodePwd", Encoding.Unicode.GetBytes("\"passw0rd\""))
    };
    AddRequest request = new AddRequest("CN=newAdAccount,OU=Test,DN=domain,DN=com", attributes);
    connection.SendRequest(request);
}
Labels:

Comments

Post a Comment

Popular posts from this blog

Binding a HTML-formatted string to a WPF WebBrowser control

Sometimes there is a need to display a HTML formatted string in a WPF application. There are a couple of ways to do this, but the most stright forward is to use a WebBrowser control and the NavigateToString method. This approach has one big flaw, you cannot use binding to a string out of the box, but I found a great solution through Stack Overflow which adds a bindable property to the  WebBrowser  control using  NavigateToString . The following class is all that is needed to add that behavior. A new depencency property named Html is introduced to the  WebBrowser  and the proper change action is performed in the OnHtmlChanged method. public class BrowserBehavior { public static readonly DependencyProperty HtmlProperty = DependencyProperty.RegisterAttached( "Html", typeof(string), typeof(BrowserBehavior), new FrameworkPropertyMetadata(OnHtmlChanged)); [AttachedPropertyBrowsableForType(typeof(WebBrowser))] public static string GetHtml(WebBrowser bro
1 comment
Read more

User.Identity returns old login name after name change

When a person gets married or makes a name change for some other reason this usually means that the login name for the Active Directory-account changes as well. This is rarely a problem, but it turned out to cause some issues on our web server, where the  User.Identity  property was still returning the old login name. The user logged on with the new login name, but was identified by the web application as the old login name. The reason this occurs is because the  User.Identity  property relies on the  LsaLookupSids  method to convert the user SID to a login name. The method first calls the local  LSA-cache , which is not synchronized with the Active Directory. For this purpose a simple reboot of the web server to clear the  LSA-cache  propably would have sufficed. But since we didn't want to take the application offline rebooting was not an option. Instead, it is possible to set the registry value  LsaLookupCacheMaxSize in HKLM\SYSTEM\CurrentControlSet\Control\Lsa. If this val
Post a Comment
Read more

Using Bootstrap Tooltip to show Parsley validation errors

I'm currently working on a web application using a variety of different frameworks, such as Backbone for the back-end, Bootstrap for the front-end and Parsley for client side form validation.  Parsley is a really powerful validation toolkit, but it takes some tweaking to make it blend with the Bootstrap front-end. Fortunately this is a one time fix, which can be re-used all over our project. Since there will be some custom options in our  Parsley  object, we can't use the default parsley-validate attribute on the form. Instead we have to initialize the validation with the jQuery syntax: $('#my-form').parsley(parsleyOptions); The options are were the magic happens, and in our case we have a global options object that our forms use to get the same experience all over the application. Here's what it looks like: var parsleyOptions = {  // Sets success and error class to Bootstrap class names  successClass: 'has-success',  errorClass: 'has-er
2 comments
Read more