B
Brian Watkins
Does anyone know a way to list all the users in a particular windows
security group on a .aspx web page? Thanks in advance!
security group on a .aspx web page? Thanks in advance!
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
How can I list all the users in a particular security group with ASP.NET?
J
Joe Kaplan \(MVP - ADSI\)
The first question is whether the group is a local machine group, an NT4
domain group or an Active Directory group. If it is an AD group, the other
question is whether you need nested membership or just direct membership.
In either case, you should be using System.DirectoryServices to do these
kinds of lookups. If you do some Google searches on
microsoft.public.adsi.general you should see many many posts that will give
you a good start.
Another thing to consider is that it is often better to calculate a user's
total group membership and compare the group to the user instead of
comparing the user to the group.
Joe K.
domain group or an Active Directory group. If it is an AD group, the other
question is whether you need nested membership or just direct membership.
In either case, you should be using System.DirectoryServices to do these
kinds of lookups. If you do some Google searches on
microsoft.public.adsi.general you should see many many posts that will give
you a good start.
Another thing to consider is that it is often better to calculate a user's
total group membership and compare the group to the user instead of
comparing the user to the group.
Joe K.
B
Brian Watkins
Joe,
It is an Active Directory group. And I have yet to find an ASP.net specific
example.
I wrote a nifty app in VB.net that allowed me to search the AD for users and
their departments. Of course when I convert the code to ASP.net and run it
through the browser. Here is the code:
<%@ Language="vb" Debug="True" %>
<%@ Import Namespace="System" %>
<%@ import namespace="System.Security.Principal" %>
<%@ import namespace="System.DirectoryServices" %>
<%@ import namespace="System.Web" %>
<%@ Assembly name="System.DirectoryServices, Version=1.0.3300.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"%>
<HTML>
<HEAD>
<script runat="server" >
Dim queryResults As SearchResultCollection
Sub Page_Load()
Dim rootEntry As New DirectoryEntry("LDAP://mydomain")
Dim searcher As New DirectorySearcher(rootEntry)
Dim result As SearchResult
searcher.PropertiesToLoad.Add("cn")
searcher.PropertiesToLoad.Add("mail")
searcher.PropertiesToLoad.Add("SAMAccountName")
searcher.PropertiesToLoad.Add("department")
searcher.PropertiesToLoad.Add("MemberOf")
searcher.PageSize = 5 'return 5 entries at a time
searcher.ServerTimeLimit = New TimeSpan(0, 1, 0) 'tell the server to stop
after one minute
searcher.ClientTimeout = New TimeSpan(0, 2, 0)
'server should stop before this time, but if not... client will timeout
searcher.Sort.Direction = SortDirection.Ascending
searcher.Sort.PropertyName = "Department"
queryResults = searcher.FindAll()
Call Print_Dept_List()
End Sub
Sub Print_Dept_List()
Dim result As SearchResult, strDept As String, strOldDept As String
Dim intX as integer = 0
strOldDept = ""
Dim myResultPropColl As ResultPropertyCollection
For Each result In queryResults
myResultPropColl = result.Properties
Response.write("<p>The properties of the 'mySearchResult' are :")
Dim myKey As String
For Each myKey In myResultPropColl.PropertyNames
Dim tab1 As String = " "
Response.write("<p>" & myKey + " = ")
Dim myCollection As Object
For Each myCollection In myResultPropColl(myKey)
response.write("<p>" & tab1 + myCollection & "</p>")
Next myCollection
Response.Write("</P>")
Next myKey
Response.Write("</P>")
Next result
End Sub
</script>
</Head>
<body bgcolor="#FFFFFF"></body>
</html>
In my VB.net application runnning on my machine as me this code returns the
properties I included in the searcher.PropertiesToLoad.Add statements.
With the above code running on a webserver the only property that is
returned is the adspath.
Any idea why this is happening?
It is an Active Directory group. And I have yet to find an ASP.net specific
example.
I wrote a nifty app in VB.net that allowed me to search the AD for users and
their departments. Of course when I convert the code to ASP.net and run it
through the browser. Here is the code:
<%@ Language="vb" Debug="True" %>
<%@ Import Namespace="System" %>
<%@ import namespace="System.Security.Principal" %>
<%@ import namespace="System.DirectoryServices" %>
<%@ import namespace="System.Web" %>
<%@ Assembly name="System.DirectoryServices, Version=1.0.3300.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"%>
<HTML>
<HEAD>
<script runat="server" >
Dim queryResults As SearchResultCollection
Sub Page_Load()
Dim rootEntry As New DirectoryEntry("LDAP://mydomain")
Dim searcher As New DirectorySearcher(rootEntry)
Dim result As SearchResult
searcher.PropertiesToLoad.Add("cn")
searcher.PropertiesToLoad.Add("mail")
searcher.PropertiesToLoad.Add("SAMAccountName")
searcher.PropertiesToLoad.Add("department")
searcher.PropertiesToLoad.Add("MemberOf")
searcher.PageSize = 5 'return 5 entries at a time
searcher.ServerTimeLimit = New TimeSpan(0, 1, 0) 'tell the server to stop
after one minute
searcher.ClientTimeout = New TimeSpan(0, 2, 0)
'server should stop before this time, but if not... client will timeout
searcher.Sort.Direction = SortDirection.Ascending
searcher.Sort.PropertyName = "Department"
queryResults = searcher.FindAll()
Call Print_Dept_List()
End Sub
Sub Print_Dept_List()
Dim result As SearchResult, strDept As String, strOldDept As String
Dim intX as integer = 0
strOldDept = ""
Dim myResultPropColl As ResultPropertyCollection
For Each result In queryResults
myResultPropColl = result.Properties
Response.write("<p>The properties of the 'mySearchResult' are :")
Dim myKey As String
For Each myKey In myResultPropColl.PropertyNames
Dim tab1 As String = " "
Response.write("<p>" & myKey + " = ")
Dim myCollection As Object
For Each myCollection In myResultPropColl(myKey)
response.write("<p>" & tab1 + myCollection & "</p>")
Next myCollection
Response.Write("</P>")
Next myKey
Response.Write("</P>")
Next result
End Sub
</script>
</Head>
<body bgcolor="#FFFFFF"></body>
</html>
In my VB.net application runnning on my machine as me this code returns the
properties I included in the searcher.PropertiesToLoad.Add statements.
With the above code running on a webserver the only property that is
returned is the adspath.
Any idea why this is happening?
J
Joe Kaplan \(MVP - ADSI\)
Most errors in ASP.NET applications where serverless binding and default
credentials are used are the result of anonymous binds being performed that
limit you access to AD. Since ASP.NET runs a local machine account by
default, ADSI and S.DS cannot use the current security context to infer a
domain controller and domain credentials to use the for the bind.
This is explained in much detail here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;329986
http://msdn.microsoft.com/library/d...tication_problems_on_asp_pages.asp?frame=true
If you add a DNS name in your path. a la LDAP://yourserver.com/path and add
a username, password and AuthenticationTypes.Secure or
AuthenticationTypesServerBind to your DirectoryEntry constructor, you will
likely be successful.
To read a groups membership, you just need to find the group and read it
member attribute.
If you want to get a user's complete security group membership, you need to
look at the tokenGroups attribute. This is much prefered to memberOf for
security purposes. I've written about this extensively in the other
newsgroup, so doing a google groups search for Kaplan and tokenGroups in
micrsoft.public.adsi.general should give you lots of hits and some good
code.
HTH,
Joe K.
credentials are used are the result of anonymous binds being performed that
limit you access to AD. Since ASP.NET runs a local machine account by
default, ADSI and S.DS cannot use the current security context to infer a
domain controller and domain credentials to use the for the bind.
This is explained in much detail here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;329986
http://msdn.microsoft.com/library/d...tication_problems_on_asp_pages.asp?frame=true
If you add a DNS name in your path. a la LDAP://yourserver.com/path and add
a username, password and AuthenticationTypes.Secure or
AuthenticationTypesServerBind to your DirectoryEntry constructor, you will
likely be successful.
To read a groups membership, you just need to find the group and read it
member attribute.
If you want to get a user's complete security group membership, you need to
look at the tokenGroups attribute. This is much prefered to memberOf for
security purposes. I've written about this extensively in the other
newsgroup, so doing a google groups search for Kaplan and tokenGroups in
micrsoft.public.adsi.general should give you lots of hits and some good
code.
HTH,
Joe K.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Similar Threads
Forum statistics
Latest Threads
-
How to Merge to div with each other as shadow effect?
- Started by treekmostly22
-
Syntax error
- Started by RGIANNETTI
-
SYNTAX ERROR
- Started by RGIANNETTI
-
Right or wrong
- Started by Tobi1987
-
Hello , Im Emilio
- Started by Mercury_Dev
-
Anyone want to balance my browser-based clicker game?
- Started by timo
-
DNS Disaster: The Server Downfall
- Started by Infinityhost
-
Web-Based RAM Management: Real-Time Server Control in Windows 10
- Started by Infinityhost
-
Create and Preview HTML & PDF with Custom Encryption and Micro Cloud Storage
- Started by Infinityhost
-
Demonstration of a Self-Written HTTP Server for an Online Store
- Started by Infinityhost