DirectoryEntry Help

[joe_pool_is]

I have some code that authenticates my users with Active Directory.

An employee first enters their badge number, and if this badge number corresponds to an employee that is part of a secure group (Managers, Supervisors, etc.), that employee is required to authenticate who they are by entering their username and password.

public bool Authenticate(string domain, string userName, string passWord) {
  string path = string.Format("[URL]ldap://{0[/URL]}", domain);
  string domUser = domain + @"\" + userName;
  DirectoryEntry entry = new DirectoryEntry(path, domUser, passWord);
  try {
    object nativeObj = entry.NativeObject;
    Console.WriteLine(string.Format("Username '{0}' Authenticated", userName));
    return true;
  } catch (COMException e) {
    MessageBox.Show(string.Format("Username '{0}' Not Authenticated:\n{1}", userName, e.Message), "Authentication Failed");
  } catch (Exception e) {
    MessageBox.Show(string.Format("Username '{0}' Not Authenticated:\n{1}", userName, e.Message), "Authentication Failed");
  }
  return false;
}

This seemed to work fine until someone realized they could enter a supervisor's or manager's badge number, then authenitcate with their own username and password.

I want to edit my authentication routine to allow me to get the name of the individual that was authenticated.

From an Internet search, it looks like I need to use IADsGroup:

IADsGroup igroup = (IADsGroup)entry.NativeObject;

I tried a straight copy/paste of the above line, but 'IADsGroup' is not defined.

Doing more research, I see that this is part of the IADs Interface, which inherits from IDispatch (MSDN: http://msdn.microsoft.com/en-us/library/aa705950(VS.85).aspx).

I've never used interfaces before, and I don't know how to do what I want.

Could someone please give me some guidance?

 

[joe_pool_is]

I got it to work (though I don't really understand this cryptic stuff).

If it helps anyone, here's what I used:

string path = string.Format("[URL]ldap://DC={0},DC=local[/URL]", txtDomain.Text);
string user = string.Format("{0}.local\\{1}", txtDomain.Text, UserNames.Text);
try {
  DirectoryEntry rootEntry = new DirectoryEntry(path, user, txtPassword.Text);
  DirectorySearcher Searcher = new DirectorySearcher(rootEntry);
  Searcher.PropertiesToLoad.AddRange(new string[] { "cn", "mail" });
  Searcher.Filter = string.Format("(&(anr={0})(objectCategory=person))", UserNames.Text);
  SearchResultCollection Results = Searcher.FindAll();
  foreach (SearchResult result in Results) {
    Console.WriteLine("Name = " + result.Properties["cn"][0] + ", E-mail = " + result.Properties["mail"][0]);
    _adName = result.Properties["cn"][0].ToString();
  }
} catch (Exception err) {
  Console.WriteLine(err.ToString());
}

 

[joe_pool_is]

Hmmm... CS code formatting looks horrible, doesn't it?

Let's try it this way:

string path = string.Format(@"[URL]ldap://DC={0},DC=local[/URL]", txtDomain.Text);
string user = string.Format("{0}.local\\{1}", txtDomain.Text, UserNames.Text);
try {
  DirectoryEntry rootEntry = new DirectoryEntry(path, user, txtPassword.Text);
  DirectorySearcher Searcher = new DirectorySearcher(rootEntry);
  Searcher.PropertiesToLoad.AddRange(new string[] { "cn", "mail" });
  Searcher.Filter = string.Format("(&(anr={0})(objectCategory=person))", UserNames.Text);
  SearchResultCollection Results = Searcher.FindAll();
  foreach (SearchResult result in Results) {
    Console.WriteLine("Name = " + result.Properties["cn"][0] + ", E-mail = " + result.Properties["mail"][0]);
    _adName = result.Properties["cn"][0].ToString();
  }
} catch (Exception err) {
  Console.WriteLine(err.ToString());
}

Not as pretty, but at least you can read the correct text.