Validate domain against LDAP?
Posted
by lucian.jp
on Stack Overflow
See other posts from Stack Overflow
or by lucian.jp
Published on 2010-05-25T14:49:10Z
Indexed on
2010/05/25
14:51 UTC
Read the original article
Hit count: 351
I have a procedure to get the name of the logged user show on the site. I get it this way :
var winIdentity = (WindowsIdentity) HttpContext.Current.User.Identity;
if (winIdentity != null)
{
string domainUser = winIdentity.Name.Replace(@"\", "/");
string domain = winIdentity.Name.Split('\\')[0];
string user = winIdentity.Name.Split('\\')[1];
var myDe = new DirectoryEntry(ConfigurationManager.ConnectionStrings["LDAP"].ConnectionString, ConfigurationManager.AppSettings["LDAPCredentials"].Split(';')[0],
ConfigurationManager.AppSettings["LDAPCredentials"].Split(';')[1]);
var deSearcher = new DirectorySearcher(myDe) {Filter = "(&(sAMAccountName=" + user + "))"};
SearchResult result = deSearcher.FindOne();
if (result != null)
{
DirectoryEntry userDe = result.GetDirectoryEntry();
lblNameAD.Text = string.Format(lblNameAD.Text, userDe.Properties["givenName"].Value,
userDe.Properties["sn"].Value);
}
else
{
var adEntry = new DirectoryEntry("WinNT://" + domainUser);
string fullname = adEntry.Properties["FullName"].Value.ToString();
lblNameAD.Text = string.Format(lblNameAD.Text, !string.IsNullOrEmpty(fullname) ? fullname : user, null);
}
}
Probleme id that if I have a local useraccount with the same username that one from LDAP, it passes the check and return the name.
EX: local\MyUser domain\MyUser
Both return the name from AD even if the one from local isn't a domain account. It would be perfect if I could search in LDAP for domainuser
, but it seems I can't.
I also tried to restrict the DC with the DirectorySearcher but the domain name is "domain", but I only have "dc=dom" and "dc=com" and no DC for full domain name.
© Stack Overflow or respective owner