// public static uint ERROR_LDAP_INVALID_CREDENTIALS = 49; //fix error CS0414: Warning as Error: is assigned but its value is never used // // This method maps some common COM Hresults to // existing clr exceptions // internal static Exception GetExceptionFromCOMException(COMException e) { Exception exception; int errorCode = e.ErrorCode; string errorMessage = e.Message; // // Check if we can throw a more specific exception // if (errorCode == unchecked((int)0x80070005)) { // // Access Denied // exception = new UnauthorizedAccessException(errorMessage, e); } else if (errorCode == unchecked((int)0x800708c5) || errorCode == unchecked((int)0x80070056) || errorCode == unchecked((int)0x8007052)) { // // Password does not meet complexity requirements or old password does not match or policy restriction has been enforced. // exception = new PasswordException(errorMessage, e); } else if (errorCode == unchecked((int)0x800708b0) || errorCode == unchecked((int)0x80071392)) { // // Principal already exists // exception = new PrincipalExistsException(errorMessage, e); } else if (errorCode == unchecked((int)0x8007052e)) { // // Logon Failure // exception = new AuthenticationException(errorMessage, e); } else if (errorCode == unchecked((int)0x8007202f)) { // // Constraint Violation // exception = new InvalidOperationException(errorMessage, e); } else if (errorCode == unchecked((int)0x80072035)) { // // Unwilling to perform // exception = new InvalidOperationException(errorMessage, e); } else if (errorCode == unchecked((int)0x80070008)) { // // No Memory // exception = new OutOfMemoryException(); } else if ((errorCode == unchecked((int)0x8007203a)) || (errorCode == unchecked((int)0x8007200e)) || (errorCode == unchecked((int)0x8007200f))) { exception = new PrincipalServerDownException(errorMessage, e, errorCode, null); } else { // // Wrap the exception in a generic OperationException // exception = new PrincipalOperationException(errorMessage, e, errorCode); } return exception; }
internal static Exception GetExceptionFromCOMException(COMException e) { Exception passwordException; int errorCode = e.ErrorCode; string message = e.Message; if (errorCode != -2147024891) { if (errorCode == -2147022651 || errorCode == -2147024810 || errorCode == 0x8007052) { passwordException = new PasswordException(message, e); } else { if (errorCode == -2147022672 || errorCode == -2147019886) { passwordException = new PrincipalExistsException(message, e); } else { if (errorCode != -2147023570) { if (errorCode != -2147016657) { if (errorCode != -2147016651) { if (errorCode != -2147024888) { if (errorCode == -2147016646 || errorCode == -2147016690 || errorCode == -2147016689) { passwordException = new PrincipalServerDownException(message, e, errorCode, null); } else { passwordException = new PrincipalOperationException(message, e, errorCode); } } else { passwordException = new OutOfMemoryException(); } } else { passwordException = new InvalidOperationException(message, e); } } else { passwordException = new InvalidOperationException(message, e); } } else { passwordException = new AuthenticationException(message, e); } } } } else { passwordException = new UnauthorizedAccessException(message, e); } return passwordException; }
// public const uint ERROR_LDAP_INVALID_CREDENTIALS = 49; //fix error CS0414: Warning as Error: is assigned but its value is never used // // This method maps some common COM Hresults to // existing clr exceptions // internal static Exception GetExceptionFromCOMException(COMException e) { Exception exception; int errorCode = e.ErrorCode; string errorMessage = e.Message; // // Check if we can throw a more specific exception // if (errorCode == unchecked ((int)0x80070005)) { // // Access Denied // exception = new UnauthorizedAccessException(errorMessage, e); } else if (errorCode == unchecked ((int)0x800708c5) || errorCode == unchecked ((int)0x80070056) || errorCode == unchecked ((int)0x8007052)) { // // Password does not meet complexity requirements or old password does not match or policy restriction has been enforced. // exception = new PasswordException(errorMessage, e); } else if (errorCode == unchecked ((int)0x800708b0) || errorCode == unchecked ((int)0x80071392)) { // // Principal already exists // exception = new PrincipalExistsException(errorMessage, e); } else if (errorCode == unchecked ((int)0x8007052e)) { // // Logon Failure // exception = new AuthenticationException(errorMessage, e); } else if (errorCode == unchecked ((int)0x8007202f)) { // // Constraint Violation // exception = new InvalidOperationException(errorMessage, e); } else if (errorCode == unchecked ((int)0x80072035)) { // // Unwilling to perform // exception = new InvalidOperationException(errorMessage, e); } else if (errorCode == unchecked ((int)0x80070008)) { // // No Memory // exception = new OutOfMemoryException(); } else if ((errorCode == unchecked ((int)0x8007203a)) || (errorCode == unchecked ((int)0x8007200e)) || (errorCode == unchecked ((int)0x8007200f))) { exception = new PrincipalServerDownException(errorMessage, e, errorCode, null); } else { // // Wrap the exception in a generic OperationException // exception = new PrincipalOperationException(errorMessage, e, errorCode); } return(exception); }
/// <summary> /// Find all users whose e-mail address matches the given string. /// </summary> /// <param name="email">E-mail address (full or partial) to match.</param> /// <param name="pageIndex">Zero-based index of page to return, or null for all results.</param> /// <param name="pageSize">Number of items per page to return, or null for all results.</param> /// <param name="sortOrder">Sort order for results, or null to sort by configuration IdentityType.</param> /// <returns>Collection of all users.</returns> public ICollection<Principal> FindUsersByEmail(string email, int? pageIndex = null, int? pageSize = null, Nullable<IdentityType> sortOrder = null) { // Ensure search criteria was specified. if (String.IsNullOrWhiteSpace(email)) { throw new ArgumentException("Invalid search criteria specified."); } // Loop to re-attempt. for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++) { // Get new principal context. var context = this.GetPrincipalContext(attempt); try { // Get user principal. var userPrincipal = new UserPrincipal(context); // Set user principal to search. Pad with asterisks. userPrincipal.EmailAddress = "*" + email + "*"; return this.GetAllPrincipals(userPrincipal, pageIndex, pageSize, sortOrder); } catch (Exception ex) { // If it is a server down exception, catch it. Otherwise, rethrow. if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException) { // Determine IP of connected server and record failure if known. IPAddress serverIP = null; if (IPAddress.TryParse(context.ConnectedServer, out serverIP)) { this.Dns.RecordFailure(this.Config.Server, serverIP); } } else { throw; } } } // If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception. var pe = new PrincipalServerDownException(this.Config.Server); throw pe; }
internal static Exception GetExceptionFromCOMException(COMException e) { Exception passwordException; int errorCode = e.ErrorCode; string message = e.Message; if (errorCode != -2147024891) { if (errorCode == -2147022651 || errorCode == -2147024810 || errorCode == 0x8007052) { passwordException = new PasswordException(message, e); } else { if (errorCode == -2147022672 || errorCode == -2147019886) { passwordException = new PrincipalExistsException(message, e); } else { if (errorCode != -2147023570) { if (errorCode != -2147016657) { if (errorCode != -2147016651) { if (errorCode != -2147024888) { if (errorCode == -2147016646 || errorCode == -2147016690 || errorCode == -2147016689) { passwordException = new PrincipalServerDownException(message, e, errorCode, null); } else { passwordException = new PrincipalOperationException(message, e, errorCode); } } else { passwordException = new OutOfMemoryException(); } } else { passwordException = new InvalidOperationException(message, e); } } else { passwordException = new InvalidOperationException(message, e); } } else { passwordException = new AuthenticationException(message, e); } } } } else { passwordException = new UnauthorizedAccessException(message, e); } return(passwordException); }
/// <summary> /// Validate that user is authorized. /// </summary> /// <param name="username">Username to check.</param> /// <param name="password">Password to check.</param> /// <returns>True/false if user can be validated.</returns> public bool ValidateUser(string username, string password) { // Loop to re-attempt. for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++) { // Get new principal context. var context = this.GetPrincipalContext(attempt); try { // Get group. var validCredentials = context.ValidateCredentials(username, password); return validCredentials; } catch (Exception ex) { // If it is a server down exception, catch it. Otherwise, rethrow. if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException) { // Determine IP of connected server and record failure if known. IPAddress serverIP = null; if (IPAddress.TryParse(context.ConnectedServer, out serverIP)) { this.Dns.RecordFailure(this.Config.Server, serverIP); } } else { throw; } } } // If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception. var pe = new PrincipalServerDownException(this.Config.Server); throw pe; }
/// <summary> /// Get users within a group. /// </summary> /// <param name="group">Group to test.</param> /// <param name="recursive">Recursively search children.</param> /// <returns>Collection of users of group.</returns> public ICollection<Principal> GetUsersForGroup(string group, bool recursive = true) { // Loop to re-attempt. for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++) { // Get new principal context. var context = this.GetPrincipalContext(attempt); try { // Get group object. var groupPrincipal = GroupPrincipal.FindByIdentity(context, this.Config.IdentityType, group); // If group doesn't exist, return empty list. if (groupPrincipal == null) { return new List<Principal>(); } // Get and process results. var users = new List<Principal>(); var principalResults = groupPrincipal.GetMembers(recursive); foreach (Principal user in principalResults) { if (user != null) { // Add valid user object to results. users.Add(user); } } return users; } catch (Exception ex) { // If it is a server down exception, catch it. Otherwise, rethrow. if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException) { // Determine IP of connected server and record failure if known. IPAddress serverIP = null; if (IPAddress.TryParse(context.ConnectedServer, out serverIP)) { this.Dns.RecordFailure(this.Config.Server, serverIP); } } else { throw; } } } // If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception. var pe = new PrincipalServerDownException(this.Config.Server); throw pe; }
/// <summary> /// Load the listed user by SID. /// </summary> /// <param name="sid">SID to load.</param> /// <returns>Object representing user or null if doesn't exist.</returns> public UserPrincipal GetUserBySid(string sid) { // Loop to re-attempt. for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++) { // Get new principal context. var context = this.GetPrincipalContext(attempt); try { // Get user. var userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.Sid, sid); return userPrincipal; } catch (Exception ex) { // If it is a server down exception, catch it. Otherwise, rethrow. if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException) { // Determine IP of connected server and record failure if known. IPAddress serverIP = null; if (IPAddress.TryParse(context.ConnectedServer, out serverIP)) { this.Dns.RecordFailure(this.Config.Server, serverIP); } } else { throw; } } } // If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception. var pe = new PrincipalServerDownException(this.Config.Server); throw pe; }
/// <summary> /// Get list of groups for this user is a member. /// </summary> /// <param name="username">Username to check.</param> /// <param name="recursive">Recursive search for groups.</param> /// <returns>Collection of groups for which this user is a member.</returns> public ICollection<Principal> GetGroupsForUser(string username, bool recursive = true) { // Loop to re-attempt. for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++) { // Get new principal context. var context = this.GetPrincipalContext(attempt); try { // Get user object. var userPrincipal = UserPrincipal.FindByIdentity(context, this.Config.IdentityType, username); // If user doesn't exist, return empty list. if (userPrincipal == null) { return new List<Principal>(); } // Get and process results. var groups = new List<Principal>(); PrincipalSearchResult<Principal> principalResults; // Depending on values, perform direct or recursive search. if (recursive) { principalResults = userPrincipal.GetAuthorizationGroups(); } else { principalResults = userPrincipal.GetGroups(); } // Use group enumerator to loop because of issues with errors on sometimes-returned invalid SIDs. // See: http://social.msdn.microsoft.com/Forums/en/csharpgeneral/thread/9dd81553-3539-4281-addd-3eb75e6e4d5d var groupEnum = principalResults.GetEnumerator(); while (groupEnum.MoveNext()) { Principal group = null; try { group = groupEnum.Current; if (group != null) { // Add group object to results. groups.Add(group); } } catch (PrincipalOperationException poe) { continue; } } return groups; } catch (Exception ex) { // If it is a server down exception, catch it. Otherwise, rethrow. if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException) { // Determine IP of connected server and record failure if known. IPAddress serverIP = null; if (IPAddress.TryParse(context.ConnectedServer, out serverIP)) { this.Dns.RecordFailure(this.Config.Server, serverIP); } } else { throw; } } } // If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception. var pe = new PrincipalServerDownException(this.Config.Server); throw pe; }
/// <summary> /// Get all users. /// </summary> /// <param name="pageIndex">Zero-based index of page to return, or null for all results.</param> /// <param name="pageSize">Number of items per page to return, or null for all results.</param> /// <param name="sortOrder">Sort order for results, or null to sort by configuration IdentityType.</param> /// <returns>Collection of all users.</returns> public ICollection<Principal> GetAllUsers(int? pageIndex = null, int? pageSize = null, Nullable<IdentityType> sortOrder = null) { // Loop to re-attempt. for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++) { // Get new principal context. var context = this.GetPrincipalContext(attempt); try { // Get user principal. var userPrincipal = new UserPrincipal(context); return this.GetAllPrincipals(userPrincipal, pageIndex, pageSize, sortOrder); } catch (Exception ex) { // If it is a server down exception, catch it. Otherwise, rethrow. if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException) { // Determine IP of connected server and record failure if known. IPAddress serverIP = null; if (IPAddress.TryParse(context.ConnectedServer, out serverIP)) { this.Dns.RecordFailure(this.Config.Server, serverIP); } } else { throw; } } } // If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception. var pe = new PrincipalServerDownException(this.Config.Server); throw pe; }