// public static uint ERROR_LDAP_INVALID_CREDENTIALS = 49; //fix error CS0414: Warning as Error: is assigned but its value is never used
//
// This method maps some common COM Hresults to
// existing clr exceptions
//
internal static Exception GetExceptionFromCOMException(COMException e)
{
Exception exception;
int errorCode = e.ErrorCode;
string errorMessage = e.Message;
//
// Check if we can throw a more specific exception
//
if (errorCode == unchecked((int)0x80070005))
{
//
// Access Denied
//
exception = new UnauthorizedAccessException(errorMessage, e);
}
else if (errorCode == unchecked((int)0x800708c5) || errorCode == unchecked((int)0x80070056) || errorCode == unchecked((int)0x8007052))
{
//
// Password does not meet complexity requirements or old password does not match or policy restriction has been enforced.
//
exception = new PasswordException(errorMessage, e);
}
else if (errorCode == unchecked((int)0x800708b0) || errorCode == unchecked((int)0x80071392))
{
//
// Principal already exists
//
exception = new PrincipalExistsException(errorMessage, e);
}
else if (errorCode == unchecked((int)0x8007052e))
{
//
// Logon Failure
//
exception = new AuthenticationException(errorMessage, e);
}
else if (errorCode == unchecked((int)0x8007202f))
{
//
// Constraint Violation
//
exception = new InvalidOperationException(errorMessage, e);
}
else if (errorCode == unchecked((int)0x80072035))
{
//
// Unwilling to perform
//
exception = new InvalidOperationException(errorMessage, e);
}
else if (errorCode == unchecked((int)0x80070008))
{
//
// No Memory
//
exception = new OutOfMemoryException();
}
else if ((errorCode == unchecked((int)0x8007203a)) || (errorCode == unchecked((int)0x8007200e)) || (errorCode == unchecked((int)0x8007200f)))
{
exception = new PrincipalServerDownException(errorMessage, e, errorCode, null);
}
else
{
//
// Wrap the exception in a generic OperationException
//
exception = new PrincipalOperationException(errorMessage, e, errorCode);
}
return exception;
}
internal static Exception GetExceptionFromCOMException(COMException e)
{
Exception passwordException;
int errorCode = e.ErrorCode;
string message = e.Message;
if (errorCode != -2147024891)
{
if (errorCode == -2147022651 || errorCode == -2147024810 || errorCode == 0x8007052)
{
passwordException = new PasswordException(message, e);
}
else
{
if (errorCode == -2147022672 || errorCode == -2147019886)
{
passwordException = new PrincipalExistsException(message, e);
}
else
{
if (errorCode != -2147023570)
{
if (errorCode != -2147016657)
{
if (errorCode != -2147016651)
{
if (errorCode != -2147024888)
{
if (errorCode == -2147016646 || errorCode == -2147016690 || errorCode == -2147016689)
{
passwordException = new PrincipalServerDownException(message, e, errorCode, null);
}
else
{
passwordException = new PrincipalOperationException(message, e, errorCode);
}
}
else
{
passwordException = new OutOfMemoryException();
}
}
else
{
passwordException = new InvalidOperationException(message, e);
}
}
else
{
passwordException = new InvalidOperationException(message, e);
}
}
else
{
passwordException = new AuthenticationException(message, e);
}
}
}
}
else
{
passwordException = new UnauthorizedAccessException(message, e);
}
return passwordException;
}
// public const uint ERROR_LDAP_INVALID_CREDENTIALS = 49; //fix error CS0414: Warning as Error: is assigned but its value is never used
//
// This method maps some common COM Hresults to
// existing clr exceptions
//
internal static Exception GetExceptionFromCOMException(COMException e)
{
Exception exception;
int errorCode = e.ErrorCode;
string errorMessage = e.Message;
//
// Check if we can throw a more specific exception
//
if (errorCode == unchecked ((int)0x80070005))
{
//
// Access Denied
//
exception = new UnauthorizedAccessException(errorMessage, e);
}
else if (errorCode == unchecked ((int)0x800708c5) || errorCode == unchecked ((int)0x80070056) || errorCode == unchecked ((int)0x8007052))
{
//
// Password does not meet complexity requirements or old password does not match or policy restriction has been enforced.
//
exception = new PasswordException(errorMessage, e);
}
else if (errorCode == unchecked ((int)0x800708b0) || errorCode == unchecked ((int)0x80071392))
{
//
// Principal already exists
//
exception = new PrincipalExistsException(errorMessage, e);
}
else if (errorCode == unchecked ((int)0x8007052e))
{
//
// Logon Failure
//
exception = new AuthenticationException(errorMessage, e);
}
else if (errorCode == unchecked ((int)0x8007202f))
{
//
// Constraint Violation
//
exception = new InvalidOperationException(errorMessage, e);
}
else if (errorCode == unchecked ((int)0x80072035))
{
//
// Unwilling to perform
//
exception = new InvalidOperationException(errorMessage, e);
}
else if (errorCode == unchecked ((int)0x80070008))
{
//
// No Memory
//
exception = new OutOfMemoryException();
}
else if ((errorCode == unchecked ((int)0x8007203a)) || (errorCode == unchecked ((int)0x8007200e)) || (errorCode == unchecked ((int)0x8007200f)))
{
exception = new PrincipalServerDownException(errorMessage, e, errorCode, null);
}
else
{
//
// Wrap the exception in a generic OperationException
//
exception = new PrincipalOperationException(errorMessage, e, errorCode);
}
return(exception);
}
/// <summary>
/// Find all users whose e-mail address matches the given string.
/// </summary>
/// <param name="email">E-mail address (full or partial) to match.</param>
/// <param name="pageIndex">Zero-based index of page to return, or null for all results.</param>
/// <param name="pageSize">Number of items per page to return, or null for all results.</param>
/// <param name="sortOrder">Sort order for results, or null to sort by configuration IdentityType.</param>
/// <returns>Collection of all users.</returns>
public ICollection<Principal> FindUsersByEmail(string email, int? pageIndex = null, int? pageSize = null, Nullable<IdentityType> sortOrder = null)
{
// Ensure search criteria was specified.
if (String.IsNullOrWhiteSpace(email))
{
throw new ArgumentException("Invalid search criteria specified.");
}
// Loop to re-attempt.
for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++)
{
// Get new principal context.
var context = this.GetPrincipalContext(attempt);
try
{
// Get user principal.
var userPrincipal = new UserPrincipal(context);
// Set user principal to search. Pad with asterisks.
userPrincipal.EmailAddress = "*" + email + "*";
return this.GetAllPrincipals(userPrincipal, pageIndex, pageSize, sortOrder);
}
catch (Exception ex)
{
// If it is a server down exception, catch it. Otherwise, rethrow.
if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException)
{
// Determine IP of connected server and record failure if known.
IPAddress serverIP = null;
if (IPAddress.TryParse(context.ConnectedServer, out serverIP))
{
this.Dns.RecordFailure(this.Config.Server, serverIP);
}
}
else
{
throw;
}
}
}
// If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception.
var pe = new PrincipalServerDownException(this.Config.Server);
throw pe;
}
internal static Exception GetExceptionFromCOMException(COMException e)
{
Exception passwordException;
int errorCode = e.ErrorCode;
string message = e.Message;
if (errorCode != -2147024891)
{
if (errorCode == -2147022651 || errorCode == -2147024810 || errorCode == 0x8007052)
{
passwordException = new PasswordException(message, e);
}
else
{
if (errorCode == -2147022672 || errorCode == -2147019886)
{
passwordException = new PrincipalExistsException(message, e);
}
else
{
if (errorCode != -2147023570)
{
if (errorCode != -2147016657)
{
if (errorCode != -2147016651)
{
if (errorCode != -2147024888)
{
if (errorCode == -2147016646 || errorCode == -2147016690 || errorCode == -2147016689)
{
passwordException = new PrincipalServerDownException(message, e, errorCode, null);
}
else
{
passwordException = new PrincipalOperationException(message, e, errorCode);
}
}
else
{
passwordException = new OutOfMemoryException();
}
}
else
{
passwordException = new InvalidOperationException(message, e);
}
}
else
{
passwordException = new InvalidOperationException(message, e);
}
}
else
{
passwordException = new AuthenticationException(message, e);
}
}
}
}
else
{
passwordException = new UnauthorizedAccessException(message, e);
}
return(passwordException);
}
/// <summary>
/// Validate that user is authorized.
/// </summary>
/// <param name="username">Username to check.</param>
/// <param name="password">Password to check.</param>
/// <returns>True/false if user can be validated.</returns>
public bool ValidateUser(string username, string password)
{
// Loop to re-attempt.
for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++)
{
// Get new principal context.
var context = this.GetPrincipalContext(attempt);
try
{
// Get group.
var validCredentials = context.ValidateCredentials(username, password);
return validCredentials;
}
catch (Exception ex)
{
// If it is a server down exception, catch it. Otherwise, rethrow.
if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException)
{
// Determine IP of connected server and record failure if known.
IPAddress serverIP = null;
if (IPAddress.TryParse(context.ConnectedServer, out serverIP))
{
this.Dns.RecordFailure(this.Config.Server, serverIP);
}
}
else
{
throw;
}
}
}
// If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception.
var pe = new PrincipalServerDownException(this.Config.Server);
throw pe;
}
/// <summary>
/// Get users within a group.
/// </summary>
/// <param name="group">Group to test.</param>
/// <param name="recursive">Recursively search children.</param>
/// <returns>Collection of users of group.</returns>
public ICollection<Principal> GetUsersForGroup(string group, bool recursive = true)
{
// Loop to re-attempt.
for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++)
{
// Get new principal context.
var context = this.GetPrincipalContext(attempt);
try
{
// Get group object.
var groupPrincipal = GroupPrincipal.FindByIdentity(context, this.Config.IdentityType, group);
// If group doesn't exist, return empty list.
if (groupPrincipal == null)
{
return new List<Principal>();
}
// Get and process results.
var users = new List<Principal>();
var principalResults = groupPrincipal.GetMembers(recursive);
foreach (Principal user in principalResults)
{
if (user != null)
{
// Add valid user object to results.
users.Add(user);
}
}
return users;
}
catch (Exception ex)
{
// If it is a server down exception, catch it. Otherwise, rethrow.
if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException)
{
// Determine IP of connected server and record failure if known.
IPAddress serverIP = null;
if (IPAddress.TryParse(context.ConnectedServer, out serverIP))
{
this.Dns.RecordFailure(this.Config.Server, serverIP);
}
}
else
{
throw;
}
}
}
// If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception.
var pe = new PrincipalServerDownException(this.Config.Server);
throw pe;
}
/// <summary>
/// Load the listed user by SID.
/// </summary>
/// <param name="sid">SID to load.</param>
/// <returns>Object representing user or null if doesn't exist.</returns>
public UserPrincipal GetUserBySid(string sid)
{
// Loop to re-attempt.
for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++)
{
// Get new principal context.
var context = this.GetPrincipalContext(attempt);
try
{
// Get user.
var userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.Sid, sid);
return userPrincipal;
}
catch (Exception ex)
{
// If it is a server down exception, catch it. Otherwise, rethrow.
if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException)
{
// Determine IP of connected server and record failure if known.
IPAddress serverIP = null;
if (IPAddress.TryParse(context.ConnectedServer, out serverIP))
{
this.Dns.RecordFailure(this.Config.Server, serverIP);
}
}
else
{
throw;
}
}
}
// If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception.
var pe = new PrincipalServerDownException(this.Config.Server);
throw pe;
}
/// <summary>
/// Get list of groups for this user is a member.
/// </summary>
/// <param name="username">Username to check.</param>
/// <param name="recursive">Recursive search for groups.</param>
/// <returns>Collection of groups for which this user is a member.</returns>
public ICollection<Principal> GetGroupsForUser(string username, bool recursive = true)
{
// Loop to re-attempt.
for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++)
{
// Get new principal context.
var context = this.GetPrincipalContext(attempt);
try
{
// Get user object.
var userPrincipal = UserPrincipal.FindByIdentity(context, this.Config.IdentityType, username);
// If user doesn't exist, return empty list.
if (userPrincipal == null)
{
return new List<Principal>();
}
// Get and process results.
var groups = new List<Principal>();
PrincipalSearchResult<Principal> principalResults;
// Depending on values, perform direct or recursive search.
if (recursive)
{
principalResults = userPrincipal.GetAuthorizationGroups();
}
else
{
principalResults = userPrincipal.GetGroups();
}
// Use group enumerator to loop because of issues with errors on sometimes-returned invalid SIDs.
// See: http://social.msdn.microsoft.com/Forums/en/csharpgeneral/thread/9dd81553-3539-4281-addd-3eb75e6e4d5d
var groupEnum = principalResults.GetEnumerator();
while (groupEnum.MoveNext())
{
Principal group = null;
try
{
group = groupEnum.Current;
if (group != null)
{
// Add group object to results.
groups.Add(group);
}
}
catch (PrincipalOperationException poe)
{
continue;
}
}
return groups;
}
catch (Exception ex)
{
// If it is a server down exception, catch it. Otherwise, rethrow.
if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException)
{
// Determine IP of connected server and record failure if known.
IPAddress serverIP = null;
if (IPAddress.TryParse(context.ConnectedServer, out serverIP))
{
this.Dns.RecordFailure(this.Config.Server, serverIP);
}
}
else
{
throw;
}
}
}
// If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception.
var pe = new PrincipalServerDownException(this.Config.Server);
throw pe;
}
/// <summary>
/// Get all users.
/// </summary>
/// <param name="pageIndex">Zero-based index of page to return, or null for all results.</param>
/// <param name="pageSize">Number of items per page to return, or null for all results.</param>
/// <param name="sortOrder">Sort order for results, or null to sort by configuration IdentityType.</param>
/// <returns>Collection of all users.</returns>
public ICollection<Principal> GetAllUsers(int? pageIndex = null, int? pageSize = null, Nullable<IdentityType> sortOrder = null)
{
// Loop to re-attempt.
for (int attempt = 0; attempt < this.Config.MaxAttempts; attempt++)
{
// Get new principal context.
var context = this.GetPrincipalContext(attempt);
try
{
// Get user principal.
var userPrincipal = new UserPrincipal(context);
return this.GetAllPrincipals(userPrincipal, pageIndex, pageSize, sortOrder);
}
catch (Exception ex)
{
// If it is a server down exception, catch it. Otherwise, rethrow.
if (ex is PrincipalServerDownException || ex is ActiveDirectoryServerDownException)
{
// Determine IP of connected server and record failure if known.
IPAddress serverIP = null;
if (IPAddress.TryParse(context.ConnectedServer, out serverIP))
{
this.Dns.RecordFailure(this.Config.Server, serverIP);
}
}
else
{
throw;
}
}
}
// If we've reached this point, number of loop attempts have been exhausted because of caught PrincipalServerDownExceptions. Throw exception.
var pe = new PrincipalServerDownException(this.Config.Server);
throw pe;
}
