Access a ADSI / Network Directory using C#

The main .NET class for working with network directory services objects is the DirectoryEntry class, found in the System.DirectoryServices namespace. The DirectoryEntry class allows you to bind to a directory object and perform operations to retrieve, add, delete, and modify information about the object.

The DirectoryEntry class has many constructor formats, depending on your requirements within the database.

 

Anonymous Directory Login

Many network directory services allow either all or some database objects to be read by anyone on the network, regardless of network permissions. This allows network users to look up resources on the network, such as a user phone number and address, without requiring advanced privileges on the directory server.

To create a DirectoryEntry instance to reference a directory object without using privileges, you use the following constructor format:

DirectyoryEntry(string ldappath)

The ldappath parameter is a string value that represents the location of the database object. The object must be referenced using a URI-like syntax, which includes the access method, the network directory service server address, and the distinguished name of the object.

The ADSI library offers various access methods for connecting to different types of network directory services. Each access method is specified in a URI format. Following table lists the access methods available to use.

 

Access Method

Accesses

WinNT

Windows NT Domains

IIS

A Microsoft Internet Information Services

LDAP

Any LDAP – complaint network directory (Including Active Directory)

NDS

Novell Netware Directory  Service Server

NWCOMPAT

Novell Netware 3.x bindary service

For AD access we should use the LDAP access method because it offers the most robust access methods including the search capabilities.

After the access method, the address of the desired directory server should be specified, along with the full distinguished name of the object to reference. A few examples of proper LDAP paths would be:

LDAP://server1.ispnet1.net/dc=ispnet1, dc=net

LDAP://server1.ispnet1.net/cn=kblum, ou=sales, dc=ispnet1, dc=net

LDAP://192.168.1.100/ou=accounting, dc=ispnet1, dc=net

Let us have a look at the sample code which binds a variable to a directory object and displays the LDAP path associated with the object.

using System;

using System.DirectoryServices;

class BindObject

{

  public static void Main()

  {

   DirectoryEntry de = new DirectoryEntry(

     "LDAP://192.168.1.100/dc=ispnet1, dc=net");

   string ldappath = de.Path;

   Console.WriteLine("The LDAP path is: {0}", ldappath);

   de.Close();

  }

}

Logging into a Directory

For database actions that require user authentication, two formats can be used. The following constructor allows you to specify a username and password to use to login into the directory service:

DirectoryEntry(string ldappath, string username, string password)

Once the connection is authenticated, you can perform the actions that the username specified is allowed to perform, including adding, deleting, or modifying objects.

The second constructor allows you to specify a specific authentication type used for the login:

DirectoryEntry(string ldappath, string username, string password, AuthenticationTypes authtype)

The AuthenticationTypes enumerator specifies the authentication type used for logging into the directory service server

Let us have a look at the table for the authentication types available.

 

Authentication Type

Description

Anonymous

No authentication is performed (not supported under Windows NT)

Delegation

Enables the ADSI to delegate the user's security context

Encryption

Uses encryption for all data exchanged with the server

FastBind

Does not attempt to query the objectClass property, exposing only the base interfaces supported by ADSI

None

Used as a null reference

ReadOnlyServer

Indicates that read-only access is required to the server

Sealing

Encrypts data using Kerberos encryption

Secure

Requests secure authentication.

SecureSocketsLayer

Uses the Secure Sockets Layer (SSL) encryption with a known certificate

ServerBind

Used to log the session into a specific server when  server is specified in the LDAP path

Signing

Signs all packets to verify data integrity

An example of using authentication to access a directory object is:

DirectoryEntry de = DirectoryEntry("LDAP://192.168.1.100/dc=ispnet1, dc=net",

  "rich", "password", AuthenticationTypes.ServerBind);

This example uses the server username 'rich' and the appropriate password to log into the directory services server.

Happy Learning !!!

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish