October 22, 2014
Hot Topics:
RSS RSS feed Download our iPhone app

Accessing Directory Services

  • August 8, 2003
  • By Mark Strawmyer
  • Send Email »
  • More Articles »

Welcome to the next installment of the .NET Nuts & Bolts column. In this installment, we'll explore how to access directory services from within .NET. Specifically, we'll focus on Microsoft's directory service called Active Directory. The topics covered will include how to use the Active Directory for items such as searching and providing authentication services for an application. It will involve using classes in the System.DirectoryServices namespace.

Directory Services

A directory service is a centralized data source that contains information relevant to an organization's computing environment. It provides access to network resource information without the client having to know the specifics of how or where the resource is connected. A directory service is commonly used to store information regarding computers, network devices such as printers, and information on users such as security credentials and application preferences.

Active Directory (AD)

Microsoft Active Directory, originally introduced in Windows 2000, is a directory service introduced by Microsoft to replace the aging Windows NT 4.0 domain architecture. It allows an organization to have a structure that more closely matches the company environment by allowing for a flexible hierarchy, support for a much larger number of network users and resources than what NT could allow, and a whole lot more. It serves as the central security point for controlling access to resources within the network. There are many concepts and designs involved with the AD. For this article, I'm going to assume you are already familiar with the AD object structure. If not, click here to visit Microsoft's site and learn more about the Active Directory.

Active Directory Services Interface (ADSI)

Active Directory Services Interface (ADSI) is a single interface from Microsoft that can be used to administer directory services. It abstracts the capabilities of directory services from different providers so that the same interface can be used regardless of the environment. Directory services that can be accessed through ADSI include, but are not limited to, the following:

  • Novell Netware Directory Service (NDS)
  • Netware 3 bindery
  • Windows NT 4.0 directory
  • Microsoft Active Directory
  • Microsoft directory capable server products: Exchange 5.5 and above, Internet Information Services, Microsoft Commerce Server, and more.

Click here to visit Microsoft's site and learn more about ADSI.

System.DirectoryServices Namespace

The Microsoft .NET Framework includes a System.DirectoryServices namespace contained in the System.DirectoryServices.dll that must be added as a reference in order to use it. It contains the DirectorySearcher and DirectoryEntry classes. These classes utilize the Active Directory Services Interface (ADSI) to interact with and manipulate the directory from within managed code and allow you to access any ADSI provider, including Active Directory.

Each object in a directory service is represented as a DirectoryEntry. It allows you the capability to access information about the directory item such as its name, modify its properties, or even rename or move it to another location in the directory.

The DirectorySearcher is used to execute a query against the directory service. You can search for a single object that matches or multiple matches. It returns a collection of DirectoryEntry objects that are read only.

Connecting to a Directory Service

The first step in doing anything with a directory service, much like a database, is to create a connection it. The act of connecting to a directory service is often referred to as binding. The connection string, known as a path, used to connect to the directory service is dependent upon the provider to which you are connecting. While Windows NT requires that you connect to a specific server, the Active Directory example allows you to bind to the name of the domain instead. A couple of sample paths are listed below.

  • Windows NT 4.0: Connect to the current machine
  • string path = "WinNT://" + Environment.MachineName                         + ",computer";
  • Active Directory: Connect to a dev.codeguru.com domain
  • string path = "LDAP://CN=Users,DC=dev,DC=codeguru,DC=com";
    or
    string path = "LDAP://dev.codeguru.com";

Once the path statement is worked out for the appropriate provider, all that remains to bind to the directory is to pass it as a parameter to the constructor of a new instance of the DirectoryEntry class.

  • DirectoryEntry entry = new DirectoryEntry(path);

Authenticating

The DirectoryEntry class can be used to authenticate a user login and password against a directory service. Bind to the directory and pass the user login and password of the user you wish to authenticate. You force authentication to occur by retrieving the NativeObject property.

Active Directory Authentication Sample

string path = "LDAP://dev.codeguru.com";DirectoryEntry entry = new DirectoryEntry( path,"dev.codeguru.com\\administrator", "");try{ // Bind to the native object to force authentication to happenObject native = entry.NativeObject;Console.WriteLine("User authenticated!");}catch( Exception ex ){throw new Exception("User not authenticated: " + ex.Message);}




Page 1 of 2



Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Sitemap | Contact Us

Rocket Fuel