Re: Active Directory Access from a Web App

---

• From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Mon, 28 Aug 2006 09:16:37 -0500

---

If you want to use LDAP/System.DirectoryServices directly, I wrote a whole
book about that stuff that might be useful to you (see link in the
signature). There's a free chapter and code samples available for download
if you want to try before you buy. :)

Essentially, if you have the SID of the user, you can create a binding
string for the DirectoryEntry like this:

LDAP://<SID=S-1-5-20-xxxxx>

Where the SID value shown there is the value you get from calling ToString
on the SecurityIdentifier object. Once you have that, then getting the
user's email is easy:

string mail = (string) entry.Properties["mail"].Value;

The main trick may be figuring out how to set up the security context
properly in ASP.NET to access the directory. This is covered in detail in
ch 8, and I've posted on numerous approaches to this problem in these
newsgroups over the years the Google will find for you.

Best of luck,

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Jon Schneider" <JonSchneider@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:81908DF6-EC1C-48D5-BB60-C5175EF35AFC@xxxxxxxxxxxxxxxx

I am trying to access employee information from Active Directory from my
ASP
.Net web application. I have tried several different methods and each
fail.

Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs)
Handles Me.Load

Dim user As MembershipUser = Membership.GetUser(User.Identity.Name)

userName.Text = user.UserName
emailAddress.Text = user.Email

End Sub

This method returns this error:

Object reference not set to an instance of an object.
at _Default.Page_Load(Object sender, EventArgs e)

The other method I was investigating is using WindowsIdentity. I can
access
the SID but I do not know how to utilize the DirectoryEntry, or what to
include to obtain the users email address.

Any help would be greatly appreciated.

--
Software Development Manager
GRG Inc.
Maitland, Florida 32751
www.grgce.com

.

---

• Prev by Date: MembershipProvider and ADAM
• Next by Date: I'm have problems to load Hosting .NET Windows Forms Controls in IE
• Previous by thread: MembershipProvider and ADAM
• Next by thread: I'm have problems to load Hosting .NET Windows Forms Controls in IE
• Index(es):
  • Date
  • Thread

---

Relevant Pages Writing DACL only with SetSecurityDescriptorSddlForm ... In a C# .Net web page I'm displaying some information from our AD. ... Furthermore I have a method allowing replacing a SID in an ACL of a user, ... I use the managedBy attribute a lot, but when this manager resigns, I must set a new user, and I prefer to give whatever rights the previous manager had to the newly designated one. ... The AccessControlSections.Access value ought to specify DACL only, ... (microsoft.public.dotnet.framework.aspnet) Re: Seller wont refund return postage ... Sid wrote: ... but you could have marked it 'return to sender' ... and not paid anything. ... Mike ... (uk.people.consumers.ebay)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2006-08