active-directory – Page 2

How do you authenticate against an Active Directory server using Spring Security?

December 23, 2023 by Tarik

I had the same banging-my-head-against-the-wall experience you did, and ended up writing a custom authentication provider that does an LDAP query against the Active Directory server. So my security-related beans are: <beans:bean id=”contextSource” class=”org.springframework.security.ldap.DefaultSpringSecurityContextSource”> <beans:constructor-arg value=”ldap://hostname.queso.com:389/” /> </beans:bean> <beans:bean id=”ldapAuthenticationProvider” class=”org.queso.ad.service.authentication.LdapAuthenticationProvider”> <beans:property name=”authenticator” ref=”ldapAuthenticator” /> <custom-authentication-provider /> </beans:bean> <beans:bean id=”ldapAuthenticator” class=”org.queso.ad.service.authentication.LdapAuthenticatorImpl”> <beans:property name=”contextFactory” ref=”contextSource” /> … Read more

How can I retrieve Active Directory users by Common Name more quickly?

December 21, 2023 by Tarik

You can call UserPrincipal.FindByIdentity inside System.DirectoryServices.AccountManagement: using System.DirectoryServices.AccountManagement; using (var pc = new PrincipalContext(ContextType.Domain, “MyDomainName”)) { var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, “MyDomainName\\” + userName); }

How to switch to another domain and get-aduser

December 21, 2023 by Tarik

Try specifying a DC in DomainB using the -Server property. Ex: Get-ADUser -Server “dc01.DomainB.local” -Filter {EmailAddress -like “*Smith_Karla*”} -Properties EmailAddress

Using PrincipalSearcher to find users with “or” parameters

December 17, 2023 by Tarik

It’s obviously not possible, here is a workaround: List<UserPrincipal> searchPrinciples = new List<UserPrincipal>(); searchPrinciples.Add(new UserPrincipal(context) { DisplayName=”tom*”}); searchPrinciples.Add(new UserPrincipal(context) { SamAccountName = “tom*” }); searchPrinciples.Add(new UserPrincipal(context) { MiddleName = “tom*” }); searchPrinciples.Add(new UserPrincipal(context) { GivenName = “tom*” }); List<Principal> results = new List<Principal>(); var searcher = new PrincipalSearcher(); foreach (var item in searchPrinciples) { searcher … Read more

Find Recursive Group Membership (Active Directory) using C#

December 16, 2023 by Tarik

Thirst thanks for this an interesting question. Next, just a correction, you say : I’ve looked into the following LDAP code to get all of the memberOf entries at once: (memberOf:1.2.840.113556.1.4.1941:={0}) You don’t make it work. I remember I make it work when I learnt about its existence, but it was in an LDIFDE.EXE filter. … Read more

using wildcards in LDAP search filters/queries

December 15, 2023 by Tarik

A filter argument with a trailing * can be evaluated almost instantaneously via an index lookup. A leading * implies a sequential search through the index, so it is O(N). It will take ages. I suggest you reconsider the requirement.

HttpServletRequest.getRemoteUser() vs HttpServletRequest.getUserPrincipal().getName()

December 14, 2023 by Tarik

A Principal represents someone who could potentially authenticate with your application. The Principal’s name depends on the authentication method used: a username such as “fred” (in the case of HTTP Basic authentication) a Distinguished Name such as “CN=bob,O=myorg” (in the case of X.509 client certificates – in which case a X500Principal may be returned) getRemoteUser() … Read more

Is LDAP DN case insensitive?

December 14, 2023 by Tarik

LDAP DNs and all attributes are case-insensitive by default. It is possible to define an attribute as case-sensitive in the schema, but this is rare, and it is also possible to override the default comparison rules, but again this is rare.

Getting current login from Active Directory using C# code

December 8, 2023 by Tarik

Simply, string Name = new System.Security.Principal.WindowsPrincipal(System.Security.Principal.WindowsIdentity.GetCurrent()).Identity.Name; OR string Name = System.Environment.UserName OR string Name = Environment.GetEnvironmentVariable(“USERNAME”); OR string Name = System.Security.Principal.WindowsIdentity.GetCurrent().Name; works 🙂

Checklist for IIS 6/ASP.NET Windows Authentication?

December 6, 2023 by Tarik

It sounds like you’ve covered all the server-side bases–maybe it’s a client issue? I assume your users have integrated authentication enabled in IE7? (Tools -> Internet Options -> Advanced -> Security). This is enabled by default. Also, is your site correctly recognized by IE7 as being in the Local Intranet zone? The IE7 default is … Read more