ASP.Net Core : get members of Active Directory group

Question

I'm wondering how I could get a list of members of an AD group.

Checking if an entered password of a user is correct works perfectly fine. For this I'm using Novell's Ldap.NetStandard:

private bool IsUserValid(string userName,string userPassword)
{
    try{
        using (var connection = new LdapConnection { SecureSocketLayer = false })
        {
            connection.Connect("test.local", LdapConnection.DEFAULT_PORT);
            connection.Bind(userDn, userPassword);

            if (connection.Bound)
            {
                return true;
            }
        }
    }
    catch (LdapException ex)
    {
        Console.WriteLine(ex.Massage);
    }

    return false;
}

What I want now is something like this:

bool isUserInGroup("testUser","testGroup");

The problem is I can't get my method working:

public bool IsUserMemberOfGroup(string userName,string groupName)
{
    var ldapConn = GetConnection();

    var searchBase = "";
    var filter = $"(&(objectClass=group)(cn={groupName}))";
    var search = ldapConn.Search(searchBase, LdapConnection.SCOPE_BASE, filter, null, false);
    while (search.hasMore())
    {
        var nextEntry = search.next();
        if (nextEntry.DN == userName)
            return true;                    
    }

    return false;
}

What ever I'm doing, I'm not getting back any value from my Ldap.Search()...

Don't use need to specify your search base first before starting the search? i.e. `var searchBase = "DC=test,DC=local";` — David Liang, Nov 06 '17 at 23:29
@DavidLiang also tried that. The result is still the same... — Felix Gerber, Nov 13 '17 at 08:11
aww it's not easy to tell what's going on, as I can't ask much about your AD setup. I can just tell you what my setup looks up. Please look at my answer [here](https://stackoverflow.com/a/46854212/2410655). — David Liang, Nov 13 '17 at 17:37

score 2 · Accepted Answer · answered Nov 15 '19 at 08:00

Now there is an implementation of System.DirectoryServices.AccountManagement for .NET Core 2. It is available via nuget.

With this package you are able to things like that:

        using (var principalContext = new PrincipalContext(ContextType.Domain, "YOUR AD DOMAIN"))
        {
            var domainUsers = new List<string>();
            var userPrinciple = new UserPrincipal(principalContext);

            // Performe search for Domain users
            using (var searchResult = new PrincipalSearcher(userPrinciple))
            {
                foreach (var domainUser in searchResult.FindAll())
                {
                    if (domainUser.DisplayName != null)
                    {
                        domainUsers.Add(domainUser.DisplayName);
                    }
                }
            }
        }

This performs a search for the user in your domain.Nearly the same is possible for searching your group. The way I used to search my AD (description in my question) is now obsolet:

Checking if an entered password of a user is correct works perfectly fine. For this I'm using Novell's Ldap.NetStandard:

score 1 · Answer 2 · answered Dec 23 '22 at 08:50

1

How about:

HttpContext.User.IsInRole("nameOfYourAdGroup");

(namespace System.Security.Claims)

answered Dec 23 '22 at 08:50

lennoxGER

284
1
6

ASP.Net Core : get members of Active Directory group

2 Answers2