Access a ADSI / Network Directory using C#

The main .NET class for working with network directory services objects is the DirectoryEntry class, found in the System.DirectoryServices namespace. The DirectoryEntry class allows you to bind to a directory object and perform operations to retrieve, add, delete, and modify information about the object.

The DirectoryEntry class has many constructor formats, depending on your requirements within the database.

Anonymous Directory Login

Many network directory services allow either all or some database objects to be read by anyone on the network, regardless of network permissions. This allows network users to look up resources on the network, such as a user phone number and address, without requiring advanced privileges on the directory server.

To create a DirectoryEntry instance to reference a directory object without using privileges, you use the following constructor format:

DirectyoryEntry(string ldappath)

The ldappath parameter is a string value that represents the location of the database object. The object must be referenced using a URI-like syntax, which includes the access method, the network directory service server address, and the distinguished name of the object.

The ADSI library offers various access methods for connecting to different types of network directory services. Each access method is specified in a URI format. Following table lists the access methods available to use.

For AD access we should use the LDAP access method because it offers the most robust access methods including the search capabilities.

After the access method, the address of the desired directory server should be specified, along with the full distinguished name of the object to reference. A few examples of proper LDAP paths would be:

LDAP://server1.ispnet1.net/dc=ispnet1, dc=net

LDAP://server1.ispnet1.net/cn=kblum, ou=sales, dc=ispnet1, dc=net

LDAP://192.168.1.100/ou=accounting, dc=ispnet1, dc=net

Let us have a look at the sample code which binds a variable to a directory object and displays the LDAP path associated with the object.

using System;

using System.DirectoryServices;

class BindObject

{

  public static void Main()

  {

   DirectoryEntry de = new DirectoryEntry(

     "LDAP://192.168.1.100/dc=ispnet1, dc=net");

   string ldappath = de.Path;

   Console.WriteLine("The LDAP path is: {0}", ldappath);

   de.Close();

  }

}

Logging into a Directory

For database actions that require user authentication, two formats can be used. The following constructor allows you to specify a username and password to use to login into the directory service:

DirectoryEntry(string ldappath, string username, string password)

Once the connection is authenticated, you can perform the actions that the username specified is allowed to perform, including adding, deleting, or modifying objects.

The second constructor allows you to specify a specific authentication type used for the login:

DirectoryEntry(string ldappath, string username, string password, AuthenticationTypes authtype)

The AuthenticationTypes enumerator specifies the authentication type used for logging into the directory service server

Let us have a look at the table for the authentication types available.

An example of using authentication to access a directory object is:

DirectoryEntry de = DirectoryEntry("LDAP://192.168.1.100/dc=ispnet1, dc=net",

  "rich", "password", AuthenticationTypes.ServerBind);

This example uses the server username 'rich' and the appropriate password to log into the directory services server.

Happy Learning !!!