Trying to figure out how to get the current User's Full Name as entered in Active Directory from a BLL class in my ASP.Net application. So far I have:
public static string Username
{
get
{
var name = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
if (name.Contains("\\"))
{
var start = name.IndexOf("\\");
if (name.Length > start)
{
name = name.Substring(start + 1);
}
}
return name;
}
}
The problem with this is that this will return the Username, but I am also in need of the Full Name. Anyone know if this is possible?
Use a DirectorySearcher ...
var search = new DirectorySearcher( new DirectoryEntry("LDAP://YourDomain") );
search.Filter = "(sAMAccountName=UserNameHere)"; // put the identity name here
var res = search.FindOne();
var name = res["displayName"]; // I believe this is the right property
Related
My web application uses Active Directory Authentication when a user logs in. I use the following code for audit columns. It works perfectly fine for the CreatedAt and ModifiedAt dates but the currentUsername is hardcoded.
public override int SaveChanges()
{
var entities = ChangeTracker.Entries().Where(x => x.Entity is BaseClass && (x.State == EntityState.Added || x.State == EntityState.Modified));
var currentUsername = "T";
foreach (var entity in entities)
{
if (entity.State == EntityState.Added)
{
((BaseClass)entity.Entity).CreatedAt = DateTime.Now;
((BaseClass)entity.Entity).CreatedBy = currentUsername;
}
((BaseClass)entity.Entity).ModifiedAt = DateTime.Now;
((BaseClass)entity.Entity).ModifiedBy = currentUsername;
}
return base.SaveChanges();
}
How can I get the current username logged in Active Directory?
If you're on .NET 4.5 or higher, just use the System.DirectoryServices.AccountManagement namespace and the UserPrincipal class in that context:
// you'll need to add a reference to this .NET assembly in your project
// so that you can use this namespace
using System.DirectoryServices.AccountManagement;
public string GetLoggedInUser()
{
// establish the PrincipalContext - this will grab the default domain, default containers
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
// get the currently active user
UserPrincipal currentUser = UserPrincipal.Current;
if (currentUser != null)
{
// this will return "first name last name" separated by a space,
// e.g. "John Doe" or "Jane Tarzan"
return $"{currentUser.GivenName} {currentUser.Surname}";
}
}
return string.Empty;
}
I'm wondering how I could get a list of members of an AD group.
Checking if an entered password of a user is correct works perfectly fine. For this I'm using Novell's Ldap.NetStandard:
private bool IsUserValid(string userName,string userPassword)
{
try{
using (var connection = new LdapConnection { SecureSocketLayer = false })
{
connection.Connect("test.local", LdapConnection.DEFAULT_PORT);
connection.Bind(userDn, userPassword);
if (connection.Bound)
{
return true;
}
}
}
catch (LdapException ex)
{
Console.WriteLine(ex.Massage);
}
return false;
}
What I want now is something like this:
bool isUserInGroup("testUser","testGroup");
The problem is I can't get my method working:
public bool IsUserMemberOfGroup(string userName,string groupName)
{
var ldapConn = GetConnection();
var searchBase = "";
var filter = $"(&(objectClass=group)(cn={groupName}))";
var search = ldapConn.Search(searchBase, LdapConnection.SCOPE_BASE, filter, null, false);
while (search.hasMore())
{
var nextEntry = search.next();
if (nextEntry.DN == userName)
return true;
}
return false;
}
What ever I'm doing, I'm not getting back any value from my Ldap.Search()...
Now there is an implementation of System.DirectoryServices.AccountManagement for .NET Core 2. It is available via nuget.
With this package you are able to things like that:
using (var principalContext = new PrincipalContext(ContextType.Domain, "YOUR AD DOMAIN"))
{
var domainUsers = new List<string>();
var userPrinciple = new UserPrincipal(principalContext);
// Performe search for Domain users
using (var searchResult = new PrincipalSearcher(userPrinciple))
{
foreach (var domainUser in searchResult.FindAll())
{
if (domainUser.DisplayName != null)
{
domainUsers.Add(domainUser.DisplayName);
}
}
}
}
This performs a search for the user in your domain.Nearly the same is possible for searching your group. The way I used to search my AD (description in my question) is now obsolet:
Checking if an entered password of a user is correct works perfectly
fine. For this I'm using Novell's Ldap.NetStandard:
How about:
HttpContext.User.IsInRole("nameOfYourAdGroup");
(namespace System.Security.Claims)
I have the Presentation Web Script (script A) and the Data Web Script (script B).
In the script A I build the dialog that interacts with the script B.
Here I am forming some path where the some file will be uploaded (group, year and number parameters define this path):
...
var submitHandler = function() {
var dataWebScriptUrl = window.location.protocol + '//' +
window.location.host + "/alfresco/s/ms-ws/script-b?guest=true";
var yearCombo = document.getElementById("year");
var year = yearCombo.options[yearCombo.selectedIndex].value;
var groupCombo = document.getElementById("group");
var group = groupCombo.options[groupCombo.selectedIndex].value;
var numberCombo = document.getElementById("number");
var number = numberCombo.value;
var uploadedFile = document.getElementById("uploadedFile");
var file = uploadedFile.files[0];
var formData = new FormData();
formData.append("year", year);
formData.append("group", group);
formData.append("number", number);
formData.append("uploadedFile", file);
var xhr = new XMLHttpRequest();
xhr.open("POST", dataWebScriptUrl);
xhr.send(formData);
};
...
In script B, I'm using the Apache Chemistry OpenCMIS API to create a path in the CMIS-compatible Alfresco repository:
public class CustomFileUploader extends DeclarativeWebScript implements OpenCmisConfig {
...
private void retrievePostRequestParams(WebScriptRequest req) {
String groupName = null, year = null, number = null;
FormData formData = (FormData) req.parseContent();
FormData.FormField[] fields = formData.getFields();
for(FormData.FormField field : fields) {
String fieldName = field.getName();
String fieldValue = field.getValue();
if(fieldName.equalsIgnoreCase("group")) {
if(fieldValue.equalsIgnoreCase("services")) {
groupName = "Услуги";
...
}
firstLevelFolderName = "/" + groupName;
secondLevelFolderName = groupName + " " + year;
thirdLevelFolderName = number;
}
...
Folder firstLevelFolder =
createFolderIfNotExists(cmisSession, docLibFolder, firstLevelFolderName);
...
private Folder createFolderIfNotExists(Session cmisSession,
Folder parentFolder, String folderName) {
Folder subFolder = null;
for(CmisObject child : parentFolder.getChildren()) {
if(folderName.equalsIgnoreCase(child.getName())) {
subFolder = (Folder) child;
}
}
if(subFolder == null) {
Map<String, Object> props = new HashMap<>();
props.put("cmis:objectTypeId", "cmis:folder");
props.put("cmis:name", folderName);
subFolder = parentFolder.createFolder(props);
}
return subFolder;
}
private Folder getDocLibFolder(Session cmisSession, String siteName) {
String path = "/Sites/" + siteName + "/documentLibrary";
return (Folder) cmisSession.getObjectByPath(path);
}
private Session getCmisSession() {
SessionFactory factory = SessionFactoryImpl.newInstance();
Map<String, String> conf = new HashMap<>();
// http://localhost:8080/alfresco/api/-default-/public/cmis/versions/1.1/atom
conf.put(SessionParameter.ATOMPUB_URL, ATOMPUB_URL);
conf.put(SessionParameter.BINDING_TYPE, BindingType.ATOMPUB.value());
conf.put(SessionParameter.USER, USER_NAME);
conf.put(SessionParameter.PASSWORD, PASSWORD);
// "org.alfresco.cmis.client.impl.AlfrescoObjectFactoryImpl"
conf.put(SessionParameter.OBJECT_FACTORY_CLASS, OBJECT_FACTORY_CLASS);
conf.put(SessionParameter.REPOSITORY_ID, "-default-");
Session session = factory.createSession(conf);
return session;
}
...
It's all works well... But I need to create the directory structure on a specific site, e.g. "contracts-site", here:
/site/contracts-site/documentlibrary
When I specifying the following:
/Sites/contracts-site/documentLibrary/Услуги
/Sites/contracts-site/Услуги
/site/contracts-site/documentlibrary/Услуги
I get the following exception (depending on the path):
org.apache.chemistry.opencmis.commons.exceptions.CmisObjectNotFoundException: Object not found: /Sites/contracts-site/Услуги
When I specifying the following:
"/Услуги"
Everything works, but the directory structure is created outside the site...
How to create a folder on the Alfresco site by using OpenCMIS API?
Arn't you missing /company_home/ ?
This would lead to
/company_home/Sites/contracts-site/documentLibrary/Услуги
Just accidentally found the solution. Works perfectly if specify the following path:
// locate the document library
String path = "/Сайты/contracts-site/documentLibrary";
Ie, "Сайты" instead of "Sites"... (Cyrillic alphabet)
I'm using ru_RU locale and UTF-8 encoding. Then this example also works.
Is it possible to create a page (View) that is strictly controlled by an Active Directory Group?
There is no login for this page, if you are a member of the "VIP" Active Directory group, then the page is rendered, otherwise if not then you can't see it.
First get your current users windows log in
var windowsUserName= HttpContext.Current.User.Identity.WindowsLogin();
Then get all the AD groups for your user using the System.DirectoryServices
using System.DirectoryServices;
public List<string> GetUsersActiveDirectoryGroups(string windowsUserName)
{
try
{
var allUserGroups = new List<string>();
if (windowsUserName == null) return allUserGroups;
var domainConnection = new DirectoryEntry();
var samSearcher = new DirectorySearcher
{
SearchRoot = domainConnection,
Filter = "(samAccountName=" + windowsUserName + ")"
};
samSearcher.PropertiesToLoad.Add("displayName");
var samResult = samSearcher.FindOne();
if (samResult == null) return allUserGroups;
var theUser = samResult.GetDirectoryEntry();
theUser.RefreshCache(new[] { "tokenGroups" });
_bet365EmployeeFullName = theUser.Properties["CN"].Value.ToString();
foreach (byte[] resultBytes in theUser.Properties["tokenGroups"])
{
var mySid = new SecurityIdentifier(resultBytes, 0);
var sidSearcher = new DirectorySearcher
{
SearchRoot = domainConnection,
Filter = "(objectSid=" + mySid.Value + ")"
};
sidSearcher.PropertiesToLoad.Add("name");
var sidResult = sidSearcher.FindOne();
if (sidResult != null)
{
allUserGroups.Add((string)sidResult.Properties["name"][0]);
}
}
return allUserGroups;
}
You now need to map which groups have access to which view in the application.
Once done, the next step is the restricting of the viewing of "Views".
You need to set up a permissions filter that uses the MVC AuthorizeAttribute. Something like the below.
public class PermissionsFilter : AuthorizeAttribute
{
private readonly string _viewName;
public PermissionsFilter(string viewName)
{
_viewName = viewName;
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
//Check to see if users groups has access to the view
//If not redirect to unauthorized page
}
}
I accomplish the above by have a user object held in session. This contains a list of all the application permissions my user has access too. This is the mapping you need to do. I have all my view names stored in the database along with an ID of which AD groups can access them.
Then finally in the controller, decorate the get action for the view accordingly.
[HttpGet]
[PermissionsFilter("ViewName")]
public ActionResult ReturnMyView(int currentFolderID)
{
return View(); //Etc..
}
Well hope that helps!
In an aspx page I get the Windows username with the function Request.LogonUserIdentity.Name. This function returns a string in the format "domain\user".
Is there some function to only get the username, without resorting to the IndexOf and Substring, like this?
public static string StripDomain(string username)
{
int pos = username.IndexOf('\\');
return pos != -1 ? username.Substring(pos + 1) : username;
}
If you are using Windows Authentication.
This can simply be achieved by calling System.Environment.UserName which will give you the user name only.
If you want only the Domain name you can use System.Environment.UserDomainName
I don't believe so. I have got the username using these methods before-
var user = System.Web.HttpContext.Current.User;
var name = user.Identity.Name;
var slashIndex = name.IndexOf("\\");
return slashIndex > -1
? name.Substring(slashIndex + 1)
: name.Substring(0, name.IndexOf("#"));
or
var name = Request.LogonUserIdentity.Name;
var slashIndex = name.IndexOf("\\");
return slashIndex > -1
? name.Substring(slashIndex + 1)
: name.Substring(0, name.IndexOf("#"));
Getting parts[1] is not a safe approach. I would prefer use LINQ .Last():
WindowsIdentity windowsIdentity = WindowsIdentity.GetCurrent();
if (windowsIdentity == null)
throw new InvalidOperationException("WindowsIdentity is null");
string nameWithoutDomain = windowsIdentity.Name.Split('\\').Last();
If you are using .NET 3.5 you could always create an extension method to the WindowsIdentity class that does this work for you.
public static string NameWithoutDomain( this WindowsIdentity identity )
{
string[] parts = identity.Name.Split(new char[] { '\\' });
//highly recommend checking parts array for validity here
//prior to dereferencing
return parts[1];
}
that way all you have to do anywhere in your code is reference:
Request.LogonUserIdentity.NameWithoutDomain();
static class IdentityHelpers
{
public static string ShortName(this WindowsIdentity Identity)
{
if (null != Identity)
{
return Identity.Name.Split(new char[] {'\\'})[1];
}
return string.Empty;
}
}
If you include this code, you could then just do something like:
WindowsIdentity a = WindowsIdentity.GetCurrent();
Console.WriteLine(a.ShortName);
Obviously in a web environment, you wouldn't write to the console - just an example...
An alternative way of doing the same thing as the other answers:
var usernameWithoutDomain = Path.GetFileName(#"somedomain\someusername")
It is just unsafe as not checking for the # variant of usernames.
I was suggesting to use regexpes but they would be overkill.
[System.String.Split](http://msdn.microsoft.com/en-us/library/b873y76a(VS.80).aspx) do the job.
string[] parts= username.Split( new char[] {'\\'} );
return parts[1];