I had a problem integrating my ASP.NET web service with setting up Active Directory and using it for authentication and verification users with the AD groups that they are members of and if they have permissions to use my user application.
My custom application has its own permissions, and administrators configure Active Directory groups that allow the use of the custom application.
The problem I am encountering is when a user from another AD Trusted Forest, with full trust in two ways, tries to log in, I cannot get a list of his groups from the AD server that ASP Web Services interacts with. NET The ASP.NET Web service has access only to the AD server (AD Main), and not to the AD trust controller (AD Secondary).
A user is a member of a domain (AD Secondary), and I can authenticate this user in a domain (AD Main), but I cannot get a list of groups from the AD Main domain when the user is in (AD secondary domain).
Ive tried this code.
StringCollection groupids = new StringCollection(); try { DirectoryLibrary dirLib = new DirectoryLibrary(); DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://" + domain,username, password); if (directoryEntry != null) { //Enum the properties so we can see what is in them foreach (string propname in directoryEntry.Properties.PropertyNames) { Debug.WriteLine(propname); } object obGroups = directoryEntry.Invoke("Groups"); foreach (object ob in (IEnumerable)obGroups) { // Create object for each group. DirectoryEntry obGpEntry = new DirectoryEntry(ob); groupids.Add(obGpEntry.NativeGuid); } } } catch (DirectoryServicesCOMException ex) { throw ex; }
Ive tried to move away from the DirectoryEntry object, something like this.
List<GroupPrincipal> result = new List<GroupPrincipal>(); StringCollection groupids = new StringCollection(); PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain, domain, userName, password); // find your user UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, userName); // if found - grab its groups if (user != null) { PrincipalSearchResult<Principal> groups = user.GetGroups(); // iterate over all groups foreach (Principal p in groups) { // make sure to add only group principals if (p is GroupPrincipal) { groupids.Add(p.DisplayName); } } }
But I am not getting the user, and I cannot get the list of groups for this user in another domain. Any help would be appreciated.