Introduction
Many times, we face a situation where we need to get details of the logged in user, such as - Manager, Department, Last Name, First Name, Email details etc. Although we can leverage PrincipalContext() and UserPrincipal() methods provided by namespace System.DirectoryServices, it would not provide details like Manager and Department of the logged in user.
In order to achieve this, I have found a way by using DirectorySearcher() and DirectoryEntry() methods which are provided by the same namespace System.DirectoryServices. These methods would get the details from the LDAP of the organization. Below is the step-by-step description on how to achieve this.
The following software/concepts are used in this document.
- Visual Studio 2019
- Razor Pages
- .Net Core 2.0
- LDAP
- Net Core Web Application
- C# Language
Open your project in Visual Studio 2019
In my case, I am opening the earlier created project where Razor pages are present.
In my example, I want to call a method with impersonation in a custom Razor page named “Index.cshtml.cs” under “Customers” folder.
Call method to get the current path of the LDAP ()
- Put the below code where you want to use the details. In my example, I am putting this code in OnGetAsync() method.
-
- DirectoryEntry rootDSE = new DirectoryEntry("LDAP://RootDSE");
- var defaultNamingContext = rootDSE.Properties["defaultNamingContext"].Value;
Here, we are using “RootDSE” to find out the current path of the LDAP where we can search for the logged in user. In case you already know the LDAP path for your domain, you can skip this step.
- Once we get the current path, we can use that to perform DirectorySearch using DirectorySearcher() method. We are performing the search based on the “sAMAccountName” property given by LDAP. Replace “ABCDEFGHI” with your user login ID.
-
- DirectorySearcher dssearch = new DirectorySearcher("LDAP://" + defaultNamingContext);
- dssearch.Filter = "(sAMAccountName=ABCDEFGHI)";
- SearchResult sresult = dssearch.FindOne();
- DirectoryEntry dsresult = sresult.GetDirectoryEntry();
- Once we search LDAP for the user, we can get the properties provided by LDAP. In my example, I am using FirstName, LastName, Email, Department and Manager.
-
- var FirstName = dsresult.Properties["givenName"][0].ToString();
- var LastName = dsresult.Properties["sn"][0].ToString();
- var Email = dsresult.Properties["mail"][0].ToString();
- var Department = dsresult.Properties["department"][0].ToString();
- var Manager = dsresult.Properties["manager"][0].ToString();
In order to get complete properties and on various other operations on Active Directory, you can refer to a very informative article by Dhananjay Kumar here.
- The complete code looks like below.
-
- DirectoryEntry rootDSE = new DirectoryEntry("LDAP://RootDSE");
- var defaultNamingContext = rootDSE.Properties["defaultNamingContext"].Value;
-
-
- DirectorySearcher dssearch = new DirectorySearcher("LDAP://" + defaultNamingContext);
- dssearch.Filter = "(sAMAccountName=ABCDEFGHI)";
- SearchResult sresult = dssearch.FindOne();
- DirectoryEntry dsresult = sresult.GetDirectoryEntry();
-
-
- var FirstName = dsresult.Properties["givenName"][0].ToString();
- var LastName = dsresult.Properties["sn"][0].ToString();
- var Email = dsresult.Properties["mail"][0].ToString();
- var Department = dsresult.Properties["department"][0].ToString();
- var Manager = dsresult.Properties["manager"][0].ToString();
- Test the files by putting a debug point at any of the properties and then, right-click on the Index file and open it with the browser. You will get the correct value from LDAP for the user.
That is it. I hope you have learned something new from this article and will utilize this in your work.