0

I'm trying to get group list while authenticating user. And still getting 0 results. I unfortunately have no environment for testing, so I cannot debug this code (only via logger). Have no results and no exceptions.

private LdapResponce IsAuthenticated(string ldap, string usr, string pwd, out List<string> groups)
{
    List<string> result = new List<string>();
    try
    {
        using (var searcher = new DirectorySearcher(new DirectoryEntry(ldap, usr, pwd)))
            {
            searcher.Filter = String.Format("(&(objectCategory=group)(member={0}))", usr);
            searcher.SearchScope = SearchScope.Subtree;
            searcher.PropertiesToLoad.Add("cn");
            _loggingService.Info(searcher.FindAll().Count.ToString());// here i'm getting 0
            foreach (SearchResult entry in searcher.FindAll())
            {
                try
                {
                    if (entry.Properties.Contains("cn"))
                       result.Add(entry.Properties["cn"][0].ToString());
                }
                catch (NoMatchingPrincipalException pex)
                {
                    continue;
                }
                catch (Exception pex)
                {
                    continue;
                }
             }

        }
        groups = result;
    }
    catch (DirectoryServicesCOMException cex)
    {
        groups = new List<string>();
        if (cex.ErrorCode == -2147023570) return LdapResponce.WrongPassword;
        return LdapResponce.Error;
    }
    catch (Exception ex)
    {
        groups = new List<string>();
        return LdapResponce.Error;
    }
    return LdapResponce.Passed;
}
Capitan Planet
  • 155
  • 3
  • 14
  • Possible duplicate of [How to get the groups of a user in Active Directory? (c#, asp.net)](https://stackoverflow.com/questions/5309988/how-to-get-the-groups-of-a-user-in-active-directory-c-asp-net) – mypsi Jul 24 '18 at 13:45
  • Yes - I wrote this code based on 3'rd answer on this topic... apparently something is wrong in my version – Capitan Planet Jul 24 '18 at 13:49

1 Answers1

1

Add this to the top of your program using System.DirectoryServices.AccountManagement;

Use this function and pass the username and the group you are looking to see if they are in. if the group has a group nested it will look in the nested group to see if the user is in that group too.

public static Boolean fctADIsInGroup(string LSUserName, string LSGroupName) { Boolean LBReturn = false;

        // set up domain context
        PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "Put your domain name here. Right click on My computer and go to properties to see the domain name");

        // find a user
        UserPrincipal user = UserPrincipal.FindByIdentity(ctx, LSUserName);

        // find the group in question
        GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, LSGroupName);

        if (user != null)
        {
            // check if user is member of that group
            if (user.IsMemberOf(group))
            {
                LBReturn = true;
            }
            else
            {
                var LSAllMembers = group.GetMembers(true);
                foreach(var LSName in LSAllMembers)
                {
                    string LSGPUserName = LSName.SamAccountName.ToUpper();

                    if (LSGPUserName == PSUserName.ToUpper())
                    {
                        LBReturn = true;
                    }
                }
            }
        }

        return LBReturn;
    }
user9039555
  • 9
  • 1