E
Eric Butler
I am trying to get user information out of AD (specifically the memberOf
property) from an ASP.net page and am having a strange problem. If the
user I query for is an administrator in the domain then I get a complete
list of all properties, including the one I need. However, if the user
that I query for is not an admin, I get back a much more limited set of
properties that doesn't include (among many other things) memberOf.
If I hard-code my username/password into the DirectoryEntry instance
that I use, I am able to get the complete property set for anyone, so I
figure there has to be an authentication issue somewhere. As far as I
can tell by default DirectoryEntry uses AuthenticationTypes.None, but I
am not sure exactly how AD treats this.
If I run this same code as a console application on the same server from
the same account that I tested hard-coding with above, everything works
great.
--
private void Page_Load(object sender, System.EventArgs e) {
string role = "accounting".ToLower();
DirectorySearcher ds = new DirectorySearcher(new DirectoryEntry(null));
ds.Filter = "(sAMAccountName=" + Request.QueryString["username"] + ")";
SearchResult sr = ds.FindOne();
DirectoryEntry de = sr.GetDirectoryEntry();
PropertyValueCollection dir = de.Properties["memberOf"];
Response.Write("<p>Group Count:" + dir.Count + "</p>");
for(int i = 0; i < dir.Count; ++i) {
string currentItem = dir.ToString();
currentItem = currentItem.Substring(currentItem.IndexOf("CN=")+3);
currentItem = currentItem.Substring(0,currentItem.IndexOf(","));
Response.Write("<p>" + currentItem + "</p>");
}
}
--
Please let me know if you have any ideas about what I can do to make
this work!
Thanks a lot in advance.
- Eric
property) from an ASP.net page and am having a strange problem. If the
user I query for is an administrator in the domain then I get a complete
list of all properties, including the one I need. However, if the user
that I query for is not an admin, I get back a much more limited set of
properties that doesn't include (among many other things) memberOf.
If I hard-code my username/password into the DirectoryEntry instance
that I use, I am able to get the complete property set for anyone, so I
figure there has to be an authentication issue somewhere. As far as I
can tell by default DirectoryEntry uses AuthenticationTypes.None, but I
am not sure exactly how AD treats this.
If I run this same code as a console application on the same server from
the same account that I tested hard-coding with above, everything works
great.
--
private void Page_Load(object sender, System.EventArgs e) {
string role = "accounting".ToLower();
DirectorySearcher ds = new DirectorySearcher(new DirectoryEntry(null));
ds.Filter = "(sAMAccountName=" + Request.QueryString["username"] + ")";
SearchResult sr = ds.FindOne();
DirectoryEntry de = sr.GetDirectoryEntry();
PropertyValueCollection dir = de.Properties["memberOf"];
Response.Write("<p>Group Count:" + dir.Count + "</p>");
for(int i = 0; i < dir.Count; ++i) {
string currentItem = dir.ToString();
currentItem = currentItem.Substring(currentItem.IndexOf("CN=")+3);
currentItem = currentItem.Substring(0,currentItem.IndexOf(","));
Response.Write("<p>" + currentItem + "</p>");
}
}
--
Please let me know if you have any ideas about what I can do to make
this work!
Thanks a lot in advance.
- Eric