public static UsuarioActiveDirectoryBD AutenticarAD(string login, string senha, string nomGrupo)
{
bool valido = false;
DirectoryEntry de = null;
DirectoryEntry deUser = null;
DirectoryEntry deGroup = null;
DirectorySearcher deSearchUser = null;
DirectorySearcher deSearchGroup = null;
UsuarioActiveDirectoryBD usuarioAD = null;
List<GrupoActiveDirectoryBD> listaGruposAD = new List<GrupoActiveDirectoryBD>();
WS.srvParametros srvParametros = new WS.srvParametros();
using (de = GetDirectoryObject("LDAP://" + srvParametros.ActiveDirectoryIP(), login, senha))
{
using (deSearchUser = new DirectorySearcher())
{
deSearchUser.SearchRoot = de;
deSearchUser.Filter = "(&(objectClass=user)(objectCategory=person)(SamAccountName=" + login + "))";
deSearchUser.SearchScope = SearchScope.Subtree;
try
{
SearchResult results = deSearchUser.FindOne();
if (results != null)
{
using (deUser = new DirectoryEntry(results.Path, login, senha, AuthenticationTypes.Secure))
{
System.DirectoryServices.PropertyCollection propertiesUser = deUser.Properties;
//512 - Conta habilitada 514 - Conta desabilitada
if (propertiesUser["UserAccountControl"].ToString() == "514")
{
new Exception("Conta desabilitada.");
}
if (propertiesUser["UserAccountControl"].ToString() == "8388608")
{
new Exception("Senha expirada.");
}
SecurityIdentifier sidUser = new SecurityIdentifier(propertiesUser["objectSid"][0] as byte[], 0);
usuarioAD = new UsuarioActiveDirectoryBD();
usuarioAD.sid = sidUser.ToString();
usuarioAD.nome = propertiesUser["displayname"].Value.ToString();
usuarioAD.login = login;
usuarioAD.senha = senha;
string dominio = srvParametros.DominioFrescatto();
string ActiveDirectoryIP = srvParametros.ActiveDirectoryIP();
PrincipalContext context = new PrincipalContext(ContextType.Domain, ActiveDirectoryIP, login + "@" + dominio, senha);
{
using (UserPrincipal user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, login))
{
foreach (Principal p in user.GetGroups())
{
if (p.Name.IndexOf(nomGrupo) != -1)
{
GrupoActiveDirectoryBD grupoAD = new GrupoActiveDirectoryBD();
grupoAD.sidGrupo = p.Sid.ToString();
grupoAD.nomGrupo = p.Name;
listaGruposAD.Add(grupoAD);
valido = true;
}
//if (!valido)
if (valido)
{
foreach (Principal m in p.GetGroups(context))
{
GroupPrincipal group2 = GroupPrincipal.FindByIdentity(context, IdentityType.Name, m.Name);
if (group2 != null)
{
valido = true;
SecurityIdentifier sidGroup = group2.Sid;
GrupoActiveDirectoryBD grupoAD = new GrupoActiveDirectoryBD();
grupoAD.sidGrupo = sidGroup.Value;
grupoAD.nomGrupo = m.Name;
listaGruposAD.Add(grupoAD);
}
}
string grupo = string.Empty;
using (deGroup = new DirectoryEntry(results.Path + "/" + p.Name, login, senha, AuthenticationTypes.Secure))
{
string memberOf = p.Name;
deSearchGroup = new DirectorySearcher();
deSearchGroup.SearchRoot = new DirectoryEntry("LDAP://" + srvParametros.ActiveDirectoryIP() + "/" + memberOf, login, senha);
deSearchGroup.SearchScope = SearchScope.Subtree;
deSearchGroup.Filter = String.Format("(&(ObjectCategory=group)(SamAccountName={0}))", memberOf);
try
{
SearchResult sr = deSearchGroup.FindOne();
if (sr != null)
{
System.DirectoryServices.PropertyCollection groupProperties = deSearchGroup.SearchRoot.Properties;
for (int m = 0; m < groupProperties["memberOf"].Count; m++)
{
string grupoSistema = string.Empty;
string memberOfSistemas = groupProperties["memberOf"][m].ToString();
int pos_ = memberOfSistemas.IndexOf("CN=");
if (pos_ != -1)
{
for (int n = pos_ + 3; n < memberOfSistemas.Length; n++)
{
if (memberOfSistemas.Substring(n, 1) != ",")
{
grupoSistema += memberOfSistemas.Substring(n, 1);
}
else
{
n = memberOfSistemas.Length;
}
}
}
}
}
}
catch (Exception)
{
}
}
}
}
}
}
#region Obter grupos (antigo)
/*
for (int i = 0; i < propertiesUser["memberOf"].Count; i++)
{
string grupo = string.Empty;
using (deGroup = new DirectoryEntry(results.Path + "/" + propertiesUser["memberOf"][i], login, senha, AuthenticationTypes.Secure))
//using (deGroup = new DirectoryEntry(results.Path + "/" + p.Name, login, senha, AuthenticationTypes.Secure))
{
string memberOf = propertiesUser["memberOf"][i].ToString();
//string memberOf = p.Name;
int pos = memberOf.IndexOf("CN=");
if (pos != -1)
{
for (int j = pos + 3; j < memberOf.Length; j++)
{
if (memberOf.Substring(j, 1) != ",")
{
grupo += memberOf.Substring(j, 1);
}
else
{
j = memberOf.Length;
}
}
}
deSearchGroup = new DirectorySearcher();
deSearchGroup.SearchRoot = new DirectoryEntry("LDAP://" + FrescattoConnection.sPathAD + "/" + memberOf, login, senha);
deSearchGroup.SearchScope = SearchScope.Subtree;
deSearchGroup.Filter = String.Format("(&(ObjectCategory=group)(SamAccountName={0}))", grupo);
SearchResult sr = deSearchGroup.FindOne();
if (sr != null)
{
System.DirectoryServices.PropertyCollection groupProperties = deSearchGroup.SearchRoot.Properties;
for (int m = 0; m < groupProperties["memberOf"].Count; m++)
{
string grupoSistema = string.Empty;
string memberOfSistemas = groupProperties["memberOf"][m].ToString();
int pos_ = memberOfSistemas.IndexOf("CN=");
if (pos_ != -1)
{
for (int n = pos_ + 3; n < memberOfSistemas.Length; n++)
{
if (memberOfSistemas.Substring(n, 1) != ",")
{
grupoSistema += memberOfSistemas.Substring(n, 1);
}
else
{
n = memberOfSistemas.Length;
}
}
}
PrincipalContext ctx2 = new PrincipalContext(ContextType.Domain, FrescattoConnection.sPathAD, "OU=Sistemas,OU=Frescatto,DC=frescatto,DC=com", ContextOptions.SimpleBind, login + "@" + FrescattoConnection.sDominio, senha);
GroupPrincipal group2 = GroupPrincipal.FindByIdentity(ctx2, IdentityType.Name, grupoSistema);
if (group2 != null)
{
valido = true;
SecurityIdentifier sidGroup = group2.Sid;
GrupoActiveDirectoryBD grupoAD = new GrupoActiveDirectoryBD();
grupoAD.sidGrupo = sidGroup.Value;
grupoAD.nomGrupo = grupoSistema;
listaGruposAD.Add(grupoAD);
}
}
}
}
}*/
#endregion
}
}
}
catch (Exception ex)
{
//throw new Exception(Messages.message3);
throw new Exception("Erro na autenticação com o AD. " + ex.Message);
}
}
}
if (valido)
{
usuarioAD.grupos = listaGruposAD;
}
else
{
usuarioAD = null;
}
return usuarioAD;
}
