Active Directory (AD) and Microsoft .Net Technology
This article will talk about the Active Directory and its relation with the Microsoft .Net technology. In the article, we will see by using the Microsoft .Net how can we communicate with the system's Active Directory- like retrieving the user information, saving the user related data to the Active Directory, accessing the system components etc.
Active Directory (AD) and Microsoft .Net Technology
In this article we will go through the details of the Active Directory, it's use and how to communicate with the .net classes and methods to do the various tasks in the Active Directory database.
We will also see few examples related to the communication with AD (Active Directory) and .Net to get the user related data using the .Net classes and methods.
We will also go through few examples which are related to validating the user, updating the user account, retrieving the password of the user by the user name, synchronization of database with the Active Directory (AD) etc.
Question: What is Active Directory (AD)?
Active Directory is a database which can contain the user related essential information like user name, password or some small details related to the user. Keeping all these information related to the user in the Config file is vulnerable so we can keep this information in the Active Directory database. We can create a Group in the Active Directory database and then we can provide the security to that group so that the other users will not be able to access the information to the users which are belongs to the group.
Question: Why Active Directory (AD)?
The answer for this question is to provide more security to the application.
Like in general, we used to keep the user name, password or other related information to the web.config file. The web.config file is simple xml file which can be opened by the end user and they can modify this information. So the information which is in web.config file is always vulnerable. To provide the security to the confidential data, we can keep this data in the Active Directory database.
To use the Classes, Methods, properties related to Active Directory, we need to import the namespace
. System.DirectoryServices
This namespace enables the classes, methods, properties, events etc. to interact with the Active Directory database.
Now we will see few examples related to Active Directory and how the .Net classes and methods are useful:
1. Creating Connection to AD (Active Directory)
Creating a connection to the Active Directory means, we are creating an entry point to the Active Directory database for the new user details.
// Method is used to create an entry point to the Active Directory
database for the user details.
public static DirectoryEntry GetDirectoryEntry()
{
DirectoryEntry directoryEntry = new DirectoryEntry();
directoryEntry.Path = "LDAP://192.168.1.1/CN=Users;DC=CORP";
directoryEntry.Username = @"CORP\HXPAAW";
directoryEntry.Password = "Kina@123";
return directoryEntry;
}
Here in this example we have create the object of the DirectoryEntry class and then provide the path of our Active directory with the Domain name as CORP.
After that we have added the user name and password to the Active Directory.
In the next example, we will see how to create the secure connection to the AD (Active Directory), provided the user should have the access credentials of the domain administrator user.
Only the users who are having the permission of domain administrator or who are the user of the Domain administrator group, will be able to create the new users in the Active Directory database.
2. Creating secure connection to AD (Active Directory)
// Secure Connection to Active Directory.
public static DirectoryEntry GetDirectoryEntry()
{
DirectoryEntry directoryEntry = new DirectoryEntry();
directoryEntry.Path = "LDAP://192.168.1.1/CN=Users;DC=CORP";
directoryEntry.AuthenticationType = AuthenticationTypes.Secure;
return directoryEntry;
}
In this code, we are providing the security to the domain-group so that whoever user in this domain will be able to connect the Active Directory database and then create the user.
As we have seen in the code, to make the secure connection, we need to have the AuthenticationType as Secure in the above example.
In the next example, we will see how we can validate the existing user which is in the Active Directory database. ADHelper is the class in the .Net Framework which will be used to get the DirectoryEntry and then by using the DirectorySearcher class, we can search the user in that directory using the Filter property.
3. Validating the exiting user in Active Directory database.
// Validate the existing user in the Active Directory database.
public bool IsExistingUser(string userName)
{
DirectoryEntry directoryEntry = ADHelper.GetDirectoryEntry();
DirectorySearcher directorySearcher = new DirectorySearcher();
directorySearcher.SearchRoot = directoryEntry;
directorySearcher.Filter = "(&(objectClass=user) (cn=" + userName + "))";
SearchResultCollection resultsCollection = directorySearcher.FindAll();
return (resultsCollection.Count == 0 ? false : true)
}
In the above code, the user name is passed as the input parameter and then checking the user is existing or not.
Till now we have seen the examples related to retrieval of user related information.
Now in the next examples we will see he how can we set the user details to the Active Directory database.
To set the user related information to the Active Directory, we will use the Add method if the DirectoryEntry class.
1. Setting the user's related information in the Active Directory(AD) database
// Method to set the user related information to the AD.
public static void SetProperty(DirectoryEntry directoryEntry, string property, string value)
{
if (value != null)
{
if (directoryEntry.Properties.Contains(property))
directoryEntry.Properties[property][0] = value;
else
directoryEntry.Properties[property].Add(value);
}
}
This method is first checking the parameter value and if the value is not null, then it's checking the property existence in the Active Directory database.
If the property exists in the Active Directory database, then its replacing its value with the new parameter value which is provided, else it creates the new property and set its value.
For example, if we want to set the user's City to the Active Directory database, then we can use this method as:SetProperty(directoryEntry, "HYD", "Hyderabad");
In the next example, we will see how to enable the user account once it is locked or expired in the Active Directory database.
Enable/Disable the account is done based on a property. This property store's the boolean value for locked/unlocked of the user account.
Here we need to pass the user details as the input. Based on this user details, it will check in the Active Directory database and if the user exists then accordingly enable/disable the locked account.
1. Enable the locked user account
// Method to enable the locked user account in the Active Directory.
private static void EnableLockedADAccount(DirectoryEntry directoryEntry)
{
bool isLocked = (bool)directoryEntry.Properties["LockedFlag"].Value;
if (isLocked)
directoryEntry.Properties["LockedFlag"].Value = !isLocked;
directoryEntry.CommitChanges();
}
Hope it will give you some idea about using the Active Directory related classes in Microsoft .Net Technology.
By using this article, we can setup the user's in the Active directory database and then from the application, we can retrieve and validate to access the particular application.
Hope this article will be helpful to us to learn the Active Directory concepts...