/// <summary>
/// Get users within a group.
/// </summary>
/// <param name="group">Group to test.</param>
/// <param name="recursive">Recursively search children.</param>
/// <returns>Collection of users of group.</returns>
public IEnumerable <Principal> GetUsersForGroup(string group, bool recursive = true)
{
// Loop to re-attempt.
for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++)
{
// Get new principal context.
var context = this.GetPrincipalContext(attempt);
try
{
// Get group object.
var groupPrincipal = GroupPrincipal.FindByIdentity(context, this.Config.IdentityType, group);
// If group doesn't exist, return empty list.
if (groupPrincipal == null)
{
return(Enumerable.Empty <Principal>());
}
// Get and process results.
var users = new List <Principal>();
var principalResults = groupPrincipal.GetMembers(recursive);
foreach (Principal user in principalResults)
{
if (user != null)
{
// Add valid user object to results.
users.Add(user);
}
}
return(users);
}
catch (Exception ex)
{
// If it is a server down exception, catch it. Otherwise, rethrow.
if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException)
{
// Determine IP of connected server and record failure if known.
IPAddress serverIP = null;
if (IPAddress.TryParse(context.ConnectedServer, out serverIP))
{
this.Dns.RecordFailure(this.Config.Server, serverIP);
}
}
else
{
throw;
}
}
}
// If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception.
var pe = new PrincipalServerDownException(this.Config.Server);
throw pe;
}
/// <summary>
/// Find all users whose e-mail address matches the given string.
/// </summary>
/// <param name="email">E-mail address (full or partial) to match.</param>
/// <param name="pageIndex">Zero-based index of page to return, or null for all results.</param>
/// <param name="pageSize">Number of items per page to return, or null for all results.</param>
/// <param name="sortOrder">Sort order for results, or null to sort by configuration IdentityType.</param>
/// <returns>Collection of all users.</returns>
public IEnumerable <Principal> FindUsersByEmail(string email, int?pageIndex = null, int?pageSize = null, Nullable <IdentityType> sortOrder = null)
{
// Ensure search criteria was specified.
if (String.IsNullOrWhiteSpace(email))
{
throw new ArgumentException("Invalid search criteria specified.");
}
// Loop to re-attempt.
for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++)
{
// Get new principal context.
var context = this.GetPrincipalContext(attempt);
try
{
// Get user principal.
var userPrincipal = new UserPrincipal(context);
// Set user principal to search. Pad with asterisks.
userPrincipal.EmailAddress = "*" + email + "*";
return(this.GetAllPrincipals(userPrincipal, pageIndex, pageSize, sortOrder));
}
catch (Exception ex)
{
// If it is a server down exception, catch it. Otherwise, rethrow.
if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException)
{
// Determine IP of connected server and record failure if known.
IPAddress serverIP = null;
if (IPAddress.TryParse(context.ConnectedServer, out serverIP))
{
this.Dns.RecordFailure(this.Config.Server, serverIP);
}
}
else
{
throw;
}
}
}
// If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception.
var pe = new PrincipalServerDownException(this.Config.Server);
throw pe;
}
/// <summary>
/// Validate that user is authorized.
/// </summary>
/// <param name="username">Username to check.</param>
/// <param name="password">Password to check.</param>
/// <returns>True/false if user can be validated.</returns>
public bool ValidateUser(string username, string password)
{
// Loop to re-attempt.
for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++)
{
// Get new principal context.
var context = this.GetPrincipalContext(attempt);
try
{
// Get group.
var validCredentials = context.ValidateCredentials(username, password);
return(validCredentials);
}
catch (Exception ex)
{
// If it is a server down exception, catch it. Otherwise, rethrow.
if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException)
{
// Determine IP of connected server and record failure if known.
IPAddress serverIP = null;
if (IPAddress.TryParse(context.ConnectedServer, out serverIP))
{
this.Dns.RecordFailure(this.Config.Server, serverIP);
}
}
else
{
throw;
}
}
}
// If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception.
var pe = new PrincipalServerDownException(this.Config.Server);
throw pe;
}
/// <summary>
/// Get all groups.
/// </summary>
/// <param name="pageIndex">Zero-based index of page to return, or null for all results.</param>
/// <param name="pageSize">Number of items per page to return, or null for all results.</param>
/// <param name="sortOrder">Sort order for results, or null to sort by configuration IdentityType.</param>
/// <returns>Collection of all groups.</returns>
public IEnumerable <Principal> GetAllGroups(int?pageIndex = null, int?pageSize = null, IdentityType?sortOrder = null)
{
// Loop to re-attempt.
for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++)
{
// Get new principal context.
var context = this.GetPrincipalContext(attempt);
try
{
// Get group principal.
var groupPrincipal = new GroupPrincipal(context);
return(this.GetAllPrincipals(groupPrincipal, pageIndex, pageSize, sortOrder));
}
catch (Exception ex)
{
// If it is a server down exception, catch it. Otherwise, rethrow.
if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException)
{
// Determine IP of connected server and record failure if known.
IPAddress serverIP = null;
if (IPAddress.TryParse(context.ConnectedServer, out serverIP))
{
this.Dns.RecordFailure(this.Config.Server, serverIP);
}
}
else
{
throw;
}
}
}
// If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception.
var pe = new PrincipalServerDownException(this.Config.Server);
throw pe;
}
/// <summary>
/// Load the listed group.
/// </summary>
/// <param name="group">Group to load.</param>
/// <returns>Object representing group or null if doesn't exist.</returns>
public GroupPrincipal GetGroup(string group)
{
// Loop to re-attempt.
for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++)
{
// Get new principal context.
var context = this.GetPrincipalContext(attempt);
try
{
// Get group.
var groupPrincipal = GroupPrincipal.FindByIdentity(context, this.Config.IdentityType, group);
return(groupPrincipal);
}
catch (Exception ex)
{
// If it is a server down exception, catch it. Otherwise, rethrow.
if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException)
{
// Determine IP of connected server and record failure if known.
IPAddress serverIP = null;
if (IPAddress.TryParse(context.ConnectedServer, out serverIP))
{
this.Dns.RecordFailure(this.Config.Server, serverIP);
}
}
else
{
throw;
}
}
}
// If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception.
var pe = new PrincipalServerDownException(this.Config.Server);
throw pe;
}
/// <summary>
/// Get list of groups for this user is a member.
/// </summary>
/// <param name="username">Username to check.</param>
/// <param name="recursive">Recursive search for groups.</param>
/// <returns>Collection of groups for which this user is a member.</returns>
public IEnumerable <Principal> GetGroupsForUser(string username, bool recursive = true)
{
// Loop to re-attempt.
for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++)
{
// Get new principal context.
var context = this.GetPrincipalContext(attempt);
try
{
// Get user object.
var userPrincipal = UserPrincipal.FindByIdentity(context, this.Config.IdentityType, username);
// If user doesn't exist, return empty list.
if (userPrincipal == null)
{
return(Enumerable.Empty <Principal>());
}
// Get and process results.
var groups = new List <Principal>();
PrincipalSearchResult <Principal> principalResults;
// Depending on values, perform direct or recursive search.
if (recursive)
{
principalResults = userPrincipal.GetAuthorizationGroups();
}
else
{
principalResults = userPrincipal.GetGroups();
}
// Use group enumerator to loop because of issues with errors on sometimes-returned invalid SIDs.
// See: http://social.msdn.microsoft.com/Forums/en/csharpgeneral/thread/9dd81553-3539-4281-addd-3eb75e6e4d5d
var groupEnum = principalResults.GetEnumerator();
while (groupEnum.MoveNext())
{
Principal group = null;
try
{
group = groupEnum.Current;
if (group != null)
{
// Add group object to results.
groups.Add(group);
}
}
catch (PrincipalOperationException)
{
continue;
}
}
return(groups);
}
catch (Exception ex)
{
// If it is a server down exception, catch it. Otherwise, rethrow.
if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException)
{
// Determine IP of connected server and record failure if known.
IPAddress serverIP = null;
if (IPAddress.TryParse(context.ConnectedServer, out serverIP))
{
this.Dns.RecordFailure(this.Config.Server, serverIP);
}
}
else
{
throw;
}
}
}
// If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception.
var pe = new PrincipalServerDownException(this.Config.Server);
throw pe;
}
