Access a ADSI / Network Directory using C#
The main .NET class for working with network directory services objects is the DirectoryEntry class, found in the System.DirectoryServices namespace. The DirectoryEntry class allows you to bind to a d
July 27, 2004
The main .NET class for working with network directory services objects is the DirectoryEntry class, found in the System.DirectoryServices namespace. The DirectoryEntry class allows you to bind to a directory object and perform operations to retrieve, add, delete, and modify information about the object.
The DirectoryEntry class has many constructor formats, depending on your requirements within the database.
Anonymous Directory Login
Many network directory services allow either all or some database objects to be read by anyone on the network, regardless of network permissions. This allows network users to look up resources on the network, such as a user phone number and address, without requiring advanced privileges on the directory server.
To create a DirectoryEntry instance to reference a directory object without using privileges, you use the following constructor format:
DirectyoryEntry(string ldappath)
The ldappath parameter is a string value that represents the location of the database object. The object must be referenced using a URI-like syntax, which includes the access method, the network directory service server address, and the distinguished name of the object.
The ADSI library offers various access methods for connecting to different types of network directory services. Each access method is specified in a URI format. Following table lists the access methods available to use.
Access Method | Accesses |
---|---|
WinNT | Windows NT Domains |
IIS | A Microsoft Internet Information Services |
LDAP | Any LDAP – complaint network directory (Including Active Directory) |
NDS | Novell Netware Directory Service Server |
NWCOMPAT | Novell Netware 3.x bindary service |
For AD access we should use the LDAP access method because it offers the most robust access methods including the search capabilities.
After the access method, the address of the desired directory server should be specified, along with the full distinguished name of the object to reference. A few examples of proper LDAP paths would be:
LDAP://server1.ispnet1.net/dc=ispnet1, dc=net
LDAP://server1.ispnet1.net/cn=kblum, ou=sales, dc=ispnet1, dc=net
LDAP://192.168.1.100/ou=accounting, dc=ispnet1, dc=net
Let us have a look at the sample code which binds a variable to a directory object and displays the LDAP path associated with the object.
using System;
using System.DirectoryServices;
class BindObject
{
public static void Main()
{
DirectoryEntry de = new DirectoryEntry(
"LDAP://192.168.1.100/dc=ispnet1, dc=net");
string ldappath = de.Path;
Console.WriteLine("The LDAP path is: {0}", ldappath);
de.Close();
}
}
Logging into a Directory
For database actions that require user authentication, two formats can be used. The following constructor allows you to specify a username and password to use to login into the directory service:
DirectoryEntry(string ldappath, string username, string password)
Once the connection is authenticated, you can perform the actions that the username specified is allowed to perform, including adding, deleting, or modifying objects.
The second constructor allows you to specify a specific authentication type used for the login:
DirectoryEntry(string ldappath, string username, string password, AuthenticationTypes authtype)
The AuthenticationTypes enumerator specifies the authentication type used for logging into the directory service server
Let us have a look at the table for the authentication types available.
Authentication Type | Description |
---|---|
Anonymous | No authentication is performed (not supported under Windows NT) |
Delegation | Enables the ADSI to delegate the user's security context |
Encryption | Uses encryption for all data exchanged with the server |
FastBind | Does not attempt to query the objectClass property, exposing only the base interfaces supported by ADSI |
None | Used as a null reference |
ReadOnlyServer | Indicates that read-only access is required to the server |
Sealing | Encrypts data using Kerberos encryption |
Secure | Requests secure authentication. |
SecureSocketsLayer | Uses the Secure Sockets Layer (SSL) encryption with a known certificate |
ServerBind | Used to log the session into a specific server when server is specified in the LDAP path |
Signing | Signs all packets to verify data integrity |
An example of using authentication to access a directory object is:
DirectoryEntry de = DirectoryEntry("LDAP://192.168.1.100/dc=ispnet1, dc=net",
"rich", "password", AuthenticationTypes.ServerBind);
This example uses the server username 'rich' and the appropriate password to log into the directory services server.
Happy Learning !!!
About the Author
You May Also Like