Accessing Active Directory from ASP.Net MVC using C#

c# asp.net-mvc security active-directory
Russ Clark picture Russ Clark · Jun 2, 2010 · Viewed 36.4k times · Source

I need to access Active Directory to get information about groups that customers belong to. The project I have is an ASP.Net MVC application using C#. I've never programmed against Active Directory before, and need some advice on what the best way to get started is, what security model to use to access the information, and maybe point me to some good tutorials.

Answer

tvanfosson picture tvanfosson · Jun 2, 2010

Since you're using MVC, you have access to the new System.DirectoryServices.AccountManagement namespace in .NET 3.5. These classes should be preferred over the older classes in DirectoryServices itself as they are much simpler to use. There are a couple of gotchas that haven't been solved in 3.5 (1500 member limit when querying groups, for instance), but I'm assured that these have been fixed in .NET 4.0. For most tasks, the new classes work very well.

 using (var context = new PrincipalContext( ContextType.Domain )) 
 {
      using (var user = UserPrincipal.FindByIdentity( context, "username" ))
      {
          var groups = user.GetAuthorizationGroups();
          ...
      }
 }

Related questions

Why is JsonRequestBehavior needed?

Why is Json Request Behavior needed? If I want to restrict the HttpGet requests to my action I can decorate the action with the [HttpPost] attribute Example: [HttpPost] public JsonResult Foo() { return Json("Secrets"); } // Instead of: public JsonResult Foo() { return …

Read More
Restrict access to a specific controller by IP address in ASP.NET MVC Beta

I have an ASP.NET MVC project containing an AdminController class and giving me URls like these: http://example.com/admin/AddCustomer http://examle.com/Admin/ListCustomers I want to configure the server/app so that URIs containing /Admin are …

Read More
How to make Authorize attribute return custom 403 error page instead of redirecting to the Logon page

[Authorize] attribute is nice and handy MS invention, and I hope it can solve the issues I have now To be more specific: When current client isn't authenticated - [Authorize] redirects from secured action to logon page and after logon …

Read More