I have a test domain controller on another machine, but my development machine is not joined to that domain.
Reading a few stack overflow posts it seemed the best method of communicating with AD is via System.DirectoryServices.AccountManagement . This under the hood uses the older, domain communicate API but makes it all a little bit more accessible to
It's relatively simple:
Set-up your context
var ctx = new PrincipalContext(ContextType.Domain, "server", "DC=doom,DC=home", ContextOptions.SimpleBind, username,password);
I discovered 'ContextOptions' very important in my testing as the default bind option didn't work for me.
Validate your credentials
var validCredentials = ctx.ValidateCredentials(username, password, ContextOptions.SimpleBind);
This is how I determine if the user has passed me valid credentials
Pull out the user details from the AD
var user = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, username);
However, the above will not work if your development machine is not joined to the domain. The workaround is to open up your network settings and use the domain server as your only DNS server, otherwise your application will not be able to locate the domain and associated services to complete the request.
Finally, you're really going to want to put all this on a separate thread. LDAP queries take an age!
No comments:
Post a Comment