public static bool ValidateUser(string userName, string folderPath) { var section = GetAuthorizationSection(folderPath); foreach (AuthorizationRule rule in section.Rules) { foreach (string user in rule.Users) { if (user == "*") { return(rule.Action == AuthorizationRuleAction.Allow); } if (user == userName) { return(rule.Action == AuthorizationRuleAction.Allow); } } // Don't forget that users might belong to some roles! AD_Group group; if (rule.Roles.Cast <string>().Any(role => DirectoryServices.IsMemberInGroup(userName, role, out group))) { return(rule.Action == AuthorizationRuleAction.Allow); } } return(true); }
public void RemoveRole(string principal, string role, string adObject) { String id = null; String domain = DirectoryServices.GetDomain(principal, out id); Principal p = DirectoryServices.GetPrincipal(id, domain); DirectoryEntry target = DirectoryServices.GetDirectoryEntry(adObject); if (p == null) { throw new AdException($"Principal [{principal}] Can Not Be Found.", AdStatusType.DoesNotExist); } else if (target == null) { throw new AdException($"Target [{adObject}] Can Not Be Found.", AdStatusType.DoesNotExist); } if (Roles.ContainsKey(role)) { DirectoryServices.DeleteAccessRule(target, p, Roles[role].AdRights, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.All); } else { throw new AdException($"Role [{role}] Does Not Exist.", AdStatusType.DoesNotExist); } }
public async Task <IActionResult> Edit(int id, [Bind("DirectoryServicesID,Service")] DirectoryServices directoryServices) { if (id != directoryServices.DirectoryServicesID) { return(NotFound()); } if (ModelState.IsValid) { try { _context.Update(directoryServices); await _context.SaveChangesAsync(); } catch (DbUpdateConcurrencyException) { if (!DirectoryServicesExists(directoryServices.DirectoryServicesID)) { return(NotFound()); } else { throw; } } return(RedirectToAction(nameof(Index))); } return(View(directoryServices)); }
private void ProcessDelete(AdObject obj, bool returnObject = false) { ActiveDirectoryObjectResult result = new ActiveDirectoryObjectResult() { Type = obj.Type, Identity = obj.Identity }; ActiveDirectoryStatus status = new ActiveDirectoryStatus() { Action = config.Action, Status = AdStatusType.Success, Message = "Success", }; try { roleManager.CanPerformActionOrException(requestUser, ActionType.Delete, obj.Identity); switch (obj.Type) { case AdObjectType.User: AdUser user = (AdUser)obj; DirectoryServices.DeleteUser(user.Identity); result.Statuses.Add(status); break; case AdObjectType.Group: AdGroup group = (AdGroup)obj; DirectoryServices.DeleteGroup(group.Identity, isDryRun); result.Statuses.Add(status); break; case AdObjectType.OrganizationalUnit: AdOrganizationalUnit ou = (AdOrganizationalUnit)obj; DirectoryServices.DeleteOrganizationUnit(ou.Identity); result.Statuses.Add(status); break; default: throw new AdException("Action [" + config.Action + "] Not Implemented For Type [" + obj.Type + "]", AdStatusType.NotSupported); } String message = $"{obj.Type} [{obj.Identity}] Deleted."; OnLogMessage("ProcessDelete", message); } catch (AdException ex) { ProcessActiveDirectoryException(result, ex, status.Action); } catch (Exception e) { OnLogMessage("ProcessDelete", e.Message); OnLogMessage("ProcessDelete", e.StackTrace); AdException le = new AdException(e); ProcessActiveDirectoryException(result, le, status.Action); } results.Add(result); }
public static void DeleteWorkspace(string workspaceName) { Console.WriteLine($"Deleting Workspace : [{workspaceName}]"); DirectoryServices.DeleteDirectoryEntry("OrganizationalUnit", workspaceName); DirectoryEntry de = DirectoryServices.GetDirectoryEntry(workspaceName, "OrganizationalUnit"); Assert.That(de, Is.Null); }
public void Core_SearchTestBadFilter() { string[] properties = new string[] { "name", "objectGUID", "objectSid" }; AdException ex = Assert.Throws <AdException>(() => DirectoryServices.Search(workspaceName, @"((objectClass=GuyWaguespack)", properties)); Console.WriteLine($"Exception Message : {ex.Message}"); Assert.That(ex.Message, Contains.Substring("search filter is invalid")); }
public void Core_SearchTestBadSearchBase() { string[] properties = new string[] { "name", "objectGUID", "objectSid" }; AdException ex = Assert.Throws <AdException>(() => DirectoryServices.Search($"ou=BadOuName,{workspaceName}", @"(objectClass=User)", properties)); Console.WriteLine($"Exception Message : {ex.Message}"); Assert.That(ex.Message, Contains.Substring("no such object on the server")); }
public static void DeleteGroup(string identity) { Console.WriteLine($"Deleting Group [{identity}]"); DirectoryServices.DeleteGroup(identity); GroupPrincipalObject gpo = DirectoryServices.GetGroup(identity, false, false, false); Assert.That(gpo, Is.Null); }
public static void DeleteUser(string identity) { Console.WriteLine($"Deleting User [{identity}]"); DirectoryServices.DeleteUser(identity); UserPrincipalObject upo = DirectoryServices.GetUser(identity, false, false, false); Assert.That(upo, Is.Null); }
public void Core_CreateOrgUnitBadDistName() { // Get OrgUnit That Does Not Exist String ouName = $"testou_{Utility.GenerateToken( 8 )}"; String ouDistinguishedName = $"GW={ouName},{workspaceName}"; Console.WriteLine($"Create OrgUnit [{ouDistinguishedName}] With Bad DistinguishedName"); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.CreateOrganizationUnit(ouDistinguishedName, null)); }
public void Core_RemoveGroupFromGroupWhenNotMember() { GroupPrincipal gp = Utility.CreateGroup(workspaceName); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.RemoveGroupFromGroup(gp.DistinguishedName, group.DistinguishedName)); Console.WriteLine($"Exception Message : {ex.Message}"); Assert.That(ex.Message, Contains.Substring("does not exist in the parent group")); Utility.DeleteGroup(gp.DistinguishedName); }
public void Handler_SearchTestsSuccess() { Dictionary <string, string> parameters = new Dictionary <string, string>(); // Create Objects To Search UserPrincipal up1 = Utility.CreateUser(workspaceName); UserPrincipal up2 = Utility.CreateUser(workspaceName); UserPrincipal up3 = Utility.CreateUser(workspaceName); UserPrincipal up4 = Utility.CreateUser(workspaceName); GroupPrincipal gp1 = Utility.CreateGroup(workspaceName); GroupPrincipal gp2 = Utility.CreateGroup(workspaceName); // Search For Users Console.WriteLine($"Searching For All Users In : [{workspaceName}]"); parameters.Clear(); parameters.Add("searchbase", workspaceName); parameters.Add("filter", "(objectClass=User)"); parameters.Add("attributes", @"[ ""objectGUID"", ""objectSid"" ]"); ActiveDirectoryHandlerResults result = Utility.CallPlan("Search", parameters); Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success)); Assert.That(result.Results[0].SearchResults.Results.Count, Is.EqualTo(4)); // Search For Groups Console.WriteLine($"Searching For All Groups In : [{workspaceName}]"); parameters.Clear(); parameters.Add("searchbase", workspaceName); parameters.Add("filter", "(objectClass=Group)"); parameters.Add("attributes", @"[ ""objectGUID"", ""objectSid"" ]"); result = Utility.CallPlan("Search", parameters); Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success)); Assert.That(result.Results[0].SearchResults.Results.Count, Is.EqualTo(2)); // Check Group Membership (GetAllGroups) DirectoryServices.AddGroupToGroup(gp1.DistinguishedName, gp2.DistinguishedName); DirectoryServices.AddUserToGroup(up1.DistinguishedName, gp1.DistinguishedName); Console.WriteLine($"Searching For All Groups For User : [{up1.DistinguishedName}]"); parameters.Clear(); parameters.Add("distinguishedname", up1.DistinguishedName); result = Utility.CallPlan("GetAllGroups", parameters); Assert.That(result.Results[0].Statuses[0].Status, Is.EqualTo(AdStatusType.Success)); Assert.That(result.Results[0].SearchResults.Results.Count, Is.EqualTo(3)); // Delete Search Objects Utility.DeleteUser(up1.DistinguishedName); Utility.DeleteUser(up2.DistinguishedName); Utility.DeleteUser(up3.DistinguishedName); Utility.DeleteUser(up4.DistinguishedName); Utility.DeleteGroup(gp1.DistinguishedName); Utility.DeleteGroup(gp2.DistinguishedName); }
public void UpdateUserPrincipal( UserPrincipal user ) { if ( this.UserPrincipalName != null ) user.UserPrincipalName = SetValueOrNull( this.UserPrincipalName ); if ( this.SamAccountName != null ) user.SamAccountName = SetValueOrNull( this.SamAccountName ); if ( this.DisplayName != null ) user.DisplayName = SetValueOrNull( this.DisplayName ); if ( this.Description != null ) user.Description = SetValueOrNull( this.Description ); if ( this.Enabled != null ) user.Enabled = this.Enabled; if ( this.PermittedLogonTimes != null ) user.PermittedLogonTimes = this.PermittedLogonTimes; if ( this.AccountExpirationDate != null ) user.AccountExpirationDate = this.AccountExpirationDate; if ( this.SmartcardLogonRequired.HasValue) user.SmartcardLogonRequired = this.SmartcardLogonRequired.Value; if (this.DelegationPermitted.HasValue) user.DelegationPermitted = this.DelegationPermitted.Value; if ( this.HomeDirectory != null ) user.HomeDirectory = SetValueOrNull( this.HomeDirectory ); if ( this.ScriptPath != null ) user.ScriptPath = SetValueOrNull( this.ScriptPath ); if ( this.PasswordNotRequired.HasValue ) user.PasswordNotRequired = this.PasswordNotRequired.Value; if ( this.PasswordNeverExpires.HasValue ) user.PasswordNeverExpires = this.PasswordNeverExpires.Value; if ( this.UserCannotChangePassword.HasValue ) user.UserCannotChangePassword = this.UserCannotChangePassword.Value; if ( this.AllowReversiblePasswordEncryption.HasValue ) user.AllowReversiblePasswordEncryption = this.AllowReversiblePasswordEncryption.Value; if ( this.HomeDrive != null ) user.HomeDrive = SetValueOrNull( this.HomeDrive ); if ( this.GivenName != null ) user.GivenName = SetValueOrNull( this.GivenName ); if ( this.MiddleName != null ) user.MiddleName = SetValueOrNull( this.MiddleName ); if ( this.Surname != null ) user.Surname = (this.Surname == "") ? null : this.Surname; if ( this.EmailAddress != null ) user.EmailAddress = SetValueOrNull( this.EmailAddress ); if ( this.VoiceTelephoneNumber != null ) user.VoiceTelephoneNumber = SetValueOrNull( this.VoiceTelephoneNumber ); if ( this.EmployeeId != null ) user.EmployeeId = SetValueOrNull( this.EmployeeId ); if ( this.Password != null ) user.SetPassword( Password ); if (this.Properties?.Count > 0) if ( user.GetUnderlyingObjectType() == typeof( DirectoryEntry ) ) DirectoryServices.SetProperties( (DirectoryEntry)user.GetUnderlyingObject(), this.Properties ); }
public void Core_ModifyGroupBadData() { GroupPrincipal badGroup = Utility.CreateGroup(workspaceName); badGroup.GroupScope = 0; // Set To Invalid Group Scope Console.WriteLine($"Modify Group [{badGroup.DistinguishedName}] With Bad GroupScope [{badGroup.GroupScope}]"); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.SaveGroup(badGroup)); Utility.DeleteGroup(badGroup.Name); }
public void Core_CreateGroupBadDistName() { // Get User That Does Not Exist String groupName = $"testgroup_{Utility.GenerateToken( 8 )}"; String groupDistinguishedName = $"GW={groupName},{workspaceName}"; Console.WriteLine($"Create Group [{groupDistinguishedName}] With Bad DistinguishedName"); GroupPrincipal group = null; AdException ex = Assert.Throws <AdException>(() => group = DirectoryServices.CreateGroupPrincipal(groupDistinguishedName)); }
public void Core_CreateUserBadDistName() { // Get User That Does Not Exist String userName = $"testuser_{Utility.GenerateToken( 8 )}"; String userDistinguishedName = $"GW={userName},{workspaceName}"; Console.WriteLine($"Create User [{userDistinguishedName}] With Bad DistinguishedName"); UserPrincipal user = null; AdException ex = Assert.Throws <AdException>(() => user = DirectoryServices.CreateUserPrincipal(userDistinguishedName)); }
public void Core_ModifyUserBadData() { UserPrincipal badUser = Utility.CreateUser(workspaceName); badUser.SamAccountName = $"{badUser.Name}abcdefghij1234567890"; // SamAccountName Is Limited To 20 Characters Console.WriteLine($"Modify User [{badUser.DistinguishedName}] With Bad SamAccountName [{badUser.SamAccountName}]"); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.SaveUser(badUser)); Utility.DeleteUser(badUser.DistinguishedName); }
public void Core_SearchTestBadProperty() { string[] properties = new string[] { "name", "objectGUID", "doesNotExist" }; UserPrincipal up = Utility.CreateUser(workspaceName); SearchResultsObject results = DirectoryServices.Search(workspaceName, @"(objectClass=User)", properties); Assert.That(results.Results[0].Properties["doesNotExist"], Is.Null); Utility.DeleteUser(up.DistinguishedName); }
public async Task <IActionResult> Create([Bind("DirectoryServicesID,Service")] DirectoryServices directoryServices) { if (ModelState.IsValid) { _context.Add(directoryServices); await _context.SaveChangesAsync(); return(RedirectToAction(nameof(Index))); } return(View(directoryServices)); }
public void Core_RemoveNonExistantGroupFromGroup() { // Get Group That Does Not Exist String groupName = $"testgroup_{Utility.GenerateToken( 8 )}"; String groupDistinguishedName = $"OU={groupName},{workspaceName}"; Console.WriteLine($"Removing Group [{groupDistinguishedName}] Which Should Not Exist From Group [{group.DistinguishedName}]."); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.RemoveGroupFromGroup(groupDistinguishedName, group.DistinguishedName)); Console.WriteLine($"Exception Message : {ex.Message}"); Assert.That(ex.Message, Contains.Substring("cannot be found")); }
public void Core_DeleteUserDoesNotExist() { // Get User That Does Not Exist String userName = $"testuser_{Utility.GenerateToken( 8 )}"; String userDistinguishedName = $"CN={userName},{workspaceName}"; Console.WriteLine($"Deleting User [{userDistinguishedName}] Which Should Not Exist."); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.DeleteUser(userName)); Console.WriteLine($"Exception Message : {ex.Message}"); Assert.That(ex.Message, Contains.Substring("cannot be found")); }
public void Core_SetRuleBadUser() { // Get User That Does Not Exist String userName = $"testuser_{Utility.GenerateToken( 8 )}"; String userDistinguishedName = $"CN={userName},{workspaceName}"; Console.WriteLine($"Setting AccessRule For User [{userName}] Which Should Not Exist On User [{user.Name}]."); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.SetAccessRule(user.Name, userName, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None)); Console.WriteLine($"Exception Message : {ex.Message}"); Assert.That(ex.Message, Contains.Substring("Can Not Be Found")); }
public void Core_DeleteRuleBadTarget() { // Get Group That Does Not Exist String groupName = $"testgroup_{Utility.GenerateToken( 8 )}"; String groupDistinguishedName = $"CN={groupName},{workspaceName}"; Console.WriteLine($"Deleting AccessRule For Group [{group.Name}] From Group [{groupName}] Which Should Not Exist."); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.DeleteAccessRule(groupName, group.Name, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None)); Console.WriteLine($"Exception Message : {ex.Message}"); Assert.That(ex.Message, Contains.Substring("Can Not Be Found")); }
public void Core_PurgeRuleBadTarget() { // Get Group That Does Not Exist String groupName = $"testgroup_{Utility.GenerateToken( 8 )}"; String groupDistinguishedName = $"CN={groupName},{workspaceName}"; Console.WriteLine($"Purging AccessRule For Group [{group.Name}] From Group [{groupName}] Which Should Not Exist."); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.PurgeAccessRules(groupName, group.Name)); Console.WriteLine($"Exception Message : {ex.Message}"); Assert.That(ex.Message, Contains.Substring("Can Not Be Found")); }
public void Core_PurgeRuleBadUser() { // Get User That Does Not Exist String userName = $"testuser_{Utility.GenerateToken( 8 )}"; String userDistinguishedName = $"CN={userName},{workspaceName}"; Console.WriteLine($"Setting AccessRule For User [{userName}] Which Should Not Exist On User [{user.Name}]."); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.PurgeAccessRules(user.Name, userName)); Console.WriteLine($"Exception Message : {ex.Message}"); Assert.That(ex.Message, Contains.Substring("Can Not Be Found")); }
public void Core_AddNonExistantUserToGroup() { // Get User That Does Not Exist String userName = $"testuser_{Utility.GenerateToken( 8 )}"; String userDistinguishedName = $"OU={userName},{workspaceName}"; Console.WriteLine($"Adding User [{userDistinguishedName}] Which Should Not Exist To Group [{group.DistinguishedName}]."); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.AddGroupToGroup(userDistinguishedName, group.DistinguishedName)); Console.WriteLine($"Exception Message : {ex.Message}"); Assert.That(ex.Message, Contains.Substring("cannot be found")); }
public GroupPrincipal CreateGroupPrincipal() { GroupPrincipal group = DirectoryServices.CreateGroupPrincipal(this.Identity, this.SamAccountName); if (this.Properties?.Count > 0) { group.Save(); // Group Must Exist Before Properties Can Be Updated } UpdateGroupPrincipal(group); return(group); }
public void Core_DeleteOrgUnitDoesNotExist() { // Get OrgUnit That Does Not Exist String ouName = $"testou_{Utility.GenerateToken( 8 )}"; String ouDistinguishedName = $"GW={ouName},{workspaceName}"; Console.WriteLine($"Deleting OrgUnuit [{ouDistinguishedName}] Which Should Not Exist."); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.DeleteOrganizationUnit(ouDistinguishedName)); Console.WriteLine($"Exception Message : {ex.Message}"); Assert.That(ex.Message, Contains.Substring("cannot be found")); }
public void Core_SearchTestSuccess() { // Create Users UserPrincipal up1 = Utility.CreateUser(workspaceName); UserPrincipal up2 = Utility.CreateUser(workspaceName); UserPrincipal up3 = Utility.CreateUser(workspaceName); // Create Groups GroupPrincipal gp1 = Utility.CreateGroup(workspaceName); GroupPrincipal gp2 = Utility.CreateGroup(workspaceName); // Search For Users Console.WriteLine($"Searching For Users In [{workspaceName}]."); string[] properties = new string[] { "name", "objectGUID", "objectSid" }; SearchResultsObject results = DirectoryServices.Search(workspaceName, @"(objectClass=User)", properties); Assert.That(results.Results.Count, Is.EqualTo(3)); foreach (SearchResultRow row in results.Results) { Console.WriteLine($" >> [{row.Path}]"); Assert.That(row.Properties.ContainsKey("name"), Is.True); Assert.That(row.Properties["name"], Is.Not.Null); Assert.That(row.Properties.ContainsKey("objectGUID"), Is.True); Assert.That(row.Properties["objectGUID"], Is.Not.Null); Assert.That(row.Properties.ContainsKey("objectSid"), Is.True); Assert.That(row.Properties["objectSid"], Is.Not.Null); } // Search For Groups Console.WriteLine($"Searching For Groups In [{workspaceName}]."); results = DirectoryServices.Search(workspaceName, @"(objectClass=Group)", properties); Assert.That(results.Results.Count, Is.EqualTo(2)); foreach (SearchResultRow row in results.Results) { Console.WriteLine($" >> [{row.Path}]"); Assert.That(row.Properties.ContainsKey("name"), Is.True); Assert.That(row.Properties["name"], Is.Not.Null); Assert.That(row.Properties.ContainsKey("objectGUID"), Is.True); Assert.That(row.Properties["objectGUID"], Is.Not.Null); Assert.That(row.Properties.ContainsKey("objectSid"), Is.True); Assert.That(row.Properties["objectSid"], Is.Not.Null); } // Delete Users Utility.DeleteUser(up1.DistinguishedName); Utility.DeleteUser(up2.DistinguishedName); Utility.DeleteUser(up3.DistinguishedName); // Delete Groups Utility.DeleteGroup(gp1.DistinguishedName); Utility.DeleteGroup(gp2.DistinguishedName); }
public void Core_PurgeRuleBadTarget() { // Get OrgUnit That Does Not Exist String ouName = $"testou_{Utility.GenerateToken( 8 )}"; String ouDistinguishedName = $"GW={ouName},{workspaceName}"; GroupPrincipal group = Utility.CreateGroup(workspaceName); Console.WriteLine($"Purging AccessRule For Group [{group.Name}] From OrgUnit [{ouName}] Which Should Not Exist."); AdException ex = Assert.Throws <AdException>(() => DirectoryServices.PurgeAccessRules(ouName, group.Name)); Console.WriteLine($"Exception Message : {ex.Message}"); Assert.That(ex.Message, Contains.Substring("Can Not Be Found")); }