/// <summary>
/// Performs a search for AD users using ambiguous name resolution (i.e. searches can be done using partial names).
/// </summary>
/// <param name="searchText">The search text.</param>
/// <param name="propertiesToLoad">Restricts the properties to load when searching for AD users. If collection is empty, all properties are loaded.</param>
/// <returns>
/// An collection containing multiple ActiveDirectoryUser objects.
/// </returns>
public Collection <ActiveDirectoryUser> SearchForUsers(string searchText, IList <string> propertiesToLoad)
{
this._userCollection = null;
searchText = StripDomainFromSearchTerm(searchText);
string filter;
if (_searchBylogonFlag)
{
filter = "(&(saMAccountName=" + searchText + ")(objectClass=user)(objectCategory=Person))";
}
else
{
filter = "(&(anr=" + searchText + ")(objectClass=user)(objectCategory=Person))";
}
string[] propertyNames = null;
if (propertiesToLoad != null && propertiesToLoad.Count > 0)
{
propertyNames = new string[propertiesToLoad.Count];
propertiesToLoad.CopyTo(propertyNames, 0);
}
// Combine the parameters into a cache key and check the cache
var cacheKey = HashKeyForCache(_ldapPath + filter + (propertyNames != null ? String.Join(String.Empty, propertyNames) : String.Empty) + MaximumResults);
if (_cache != null)
{
_userCollection = _cache.CheckForSavedValue <Collection <ActiveDirectoryUser> >(cacheKey);
}
if (_userCollection == null)
{
// Get results from Active Directory and save them to the cache
_userCollection = new Collection <ActiveDirectoryUser>();
using (var ent = new DirectoryEntry(_ldapPath))
{
ent.Username = this._adUser;
ent.Password = this._adPassword;
using (DirectorySearcher ds = new DirectorySearcher())
{
ds.SearchRoot = ent;
ds.Filter = filter;
// If possible, restrict the properties to load to make the query faster
if (propertyNames != null)
{
ds.PropertiesToLoad.AddRange(propertyNames);
}
// Restrict the size too, again to make it faster
if (this.MaximumResults > 0)
{
ds.SizeLimit = this.MaximumResults;
}
SearchResultCollection results = ds.FindAll();
if (results.Count > 0)
{
if (propertyNames != null && propertyNames.Length > 0)
{
CreateUserCollection(results, propertyNames);
}
else
{
CreateUserCollectionAllProperties(results);
}
}
}
}
if (_cache != null)
{
_cache.SaveValue(cacheKey, _userCollection);
}
}
// Fire events
if (_userCollection.Count > 1)
{
OnUsersFound();
}
if (_userCollection.Count == 1)
{
OnUserFound();
}
return(this._userCollection);
}
/// <summary>
/// Tests whether the user is in one of the specified security groups
/// </summary>
/// <param name="groupNames">The group names.</param>
/// <exception cref="System.ArgumentNullException">groupMembershipProvider</exception>
/// <returns></returns>
public bool UserIsInGroup(IList <string> groupNames)
{
if (groupNames == null || groupNames.Count == 0)
{
throw new ArgumentNullException(nameof(groupNames), "groupNames cannot be null or an empty list");
}
// If we've already done the check, return the previous result
string cacheKey = CreateCacheKey(groupNames);
if (_cache != null)
{
var storedResult = _cache.CheckForSavedValue <BooleanResult>(cacheKey);
if (storedResult != null)
{
return(storedResult.Result);
}
}
var len = groupNames.Count;
for (var i = 0; i < len; i++)
{
groupNames[i] = groupNames[i].ToUpper(CultureInfo.CurrentCulture);
if (!String.IsNullOrEmpty(_defaultDomain) && groupNames[i].StartsWith(_defaultDomain, StringComparison.Ordinal))
{
groupNames[i] = groupNames[i].Substring(_defaultDomain.Length);
}
}
var groupsForUser = GetGroupNames();
foreach (string group in groupsForUser)
{
var groupName = group;
if (!String.IsNullOrEmpty(_defaultDomain) && groupName.StartsWith(_defaultDomain, StringComparison.Ordinal))
{
groupName = groupName.Substring(_defaultDomain.Length);
}
if (groupNames.Contains(groupName))
{
// Stash the result so we don't have to do this check again
if (_cache != null)
{
_cache.SaveValue(cacheKey, new BooleanResult()
{
Result = true
});
}
return(true);
}
}
if (_cache != null)
{
_cache.SaveValue(cacheKey, new BooleanResult()
{
Result = false
});
}
return(false);
}
