Search Results

Search found 21 results on 1 pages for 'userprincipal'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/1 | 1 

  • AccountManagement.UserPrincipal.Current takes 5 seconds

    - by Adel Hazzah
    I'm using the new .NET 3.5 System.DirectoryServices.AccountManagement API. In my code, I need to determine the current System.DirectoryServices.AccountManagement.UserPrincipal. My naive approach was to do this: using AccountManagement = System.DirectoryServices.AccountManagement; ... // Determine current UserPrincipal. // (On my machine, this blocks for 5 seconds) // AccountManagement.UserPrincipal principal = AccountManagement.UserPrincipal.Current; My computer is a stand-alone machine running Vista. I am not part of any domain, etc. Any ideas on how to improve the performance?

    Read the article

  • AD - Using UserPrincipal.FindByIdentity and PrincipalContext with nested OU - C#

    - by Solid Snake
    Here is what I am trying to achieve: I have a nested OU structure that is about 5 levels deep. OU=Portal,OU=Dev,OU=Apps,OU=Grps,OU=Admin,DC=test,DC=com I am trying to find out if the user has permissions/exists at OU=Portal. Here's a snippet of what I currently have: PrincipalContext domain = new PrincipalContext( ContextType.Domain, "test.com", "OU=Portal,OU=Dev,OU=Apps,OU=Grps,OU=Admin,DC=test,DC=com"); UserPrincipal user = UserPrincipal.FindByIdentity(domain, myusername); PrincipalSearchResult<Principal> group = user.GetAuthorizationGroups(); For some unknown reason, the value user generated from the above code is always null. However, if I were to drop all the OU as follows: PrincipalContext domain = new PrincipalContext( ContextType.Domain, "test.com", "DC=test,DC=com"); UserPrincipal user = UserPrincipal.FindByIdentity(domain, myusername); PrincipalSearchResult<Principal> group = user.GetAuthorizationGroups(); this would work just fine and return me the correct user. I am simply trying to reduce the number of results as opposed to getting everything from AD. Is there anything that I am doing wrong? I've googled for hours and tested various combinations without much luck. Any help is appreciated. Thanks. Dan

    Read the article

  • Why does "request.getUserPrincipal().getName()" sometimes return a blank string?

    - by Marcus
    Has somebody an idea, why the getName method of the requests getUserPrincipal Method sometimes provides an empty String? Most of the time it returns the correct user name but not every time. This behaviour does occur randonmly. I can start the application, run the command and it works. The next time I start the application and run the command (exactly the same way as before!) it does not work... Any ideas?

    Read the article

  • Changing a limited user account in XP fails

    - by javamonkey79
    I have the following: using System; using System.DirectoryServices.AccountManagement; public class ChangePassword { public static void Main() { PrincipalContext context = new PrincipalContext(ContextType.Machine); UserPrincipal user = UserPrincipal.FindByIdentity(context, "someLimitedAccount"); user.ChangePassword( "xxx", "zzz" ); } } This works just fine with administrator accounts, but seems to crash like so when I try to change limited accounts in XP: Unhandled Exception: System.NullReferenceException: Object reference not set to an instance of an object. at ChangePassword.Main() Is what I am trying to do possible? If so, how? EDIT #1: I added the following: Console.WriteLine( "user: " + user ); Below this line: UserPrincipal user = UserPrincipal.FindByIdentity(context, "someLimitedAccount"); And I get this: user: It doesn't look like user is null when I print it, but then again I'm not really a .Net guy - I seem to remember this being expected behavior.

    Read the article

  • Different approaches for finding users within Active Directory

    - by EvilDr
    I'm a newbie to AD programming, but after a couple of weeks of research have found the following three ways to search for users in Active Directory using the account name as the search parameter: Option 1 - FindByIdentity Dim ctx As New PrincipalContext(ContextType.Domain, Environment.MachineName) Dim u As UserPrincipal = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, "MYDOMAIN\Administrator") If u Is Nothing Then Trace.Warn("No user found.") Else Trace.Warn("Name=" & u.Name) Trace.Warn("DisplayName=" & u.DisplayName) Trace.Warn("DistinguishedName=" & u.DistinguishedName) Trace.Warn("EmployeeId=" & u.EmployeeId) Trace.Warn("EmailAddress=" & u.EmailAddress) End If Option 2 - DirectorySearcher Dim connPath As String = "LDAP://" & Environment.MachineName Dim de As New DirectoryEntry(connPath) Dim ds As New DirectorySearcher(de) ds.Filter = String.Format("(&(objectClass=user)(anr={0}))", Split(User.Identity.Name, "\")(1)) ds.PropertiesToLoad.Add("name") ds.PropertiesToLoad.Add("displayName") ds.PropertiesToLoad.Add("distinguishedName") ds.PropertiesToLoad.Add("employeeId") ds.PropertiesToLoad.Add("mail") Dim src As SearchResult = ds.FindOne() If src Is Nothing Then Trace.Warn("No user found.") Else For Each propertyKey As String In src.Properties.PropertyNames Dim valueCollection As ResultPropertyValueCollection = src.Properties(propertyKey) For Each propertyValue As Object In valueCollection Trace.Warn(propertyKey & "=" & propertyValue.ToString) Next Next End If Option 3 - PrincipalSearcher Dim ctx2 As New PrincipalContext(ContextType.Domain, Environment.MachineName) Dim sp As New UserPrincipal(ctx2) sp.SamAccountName = "MYDOMAIN\Administrator" Dim s As New PrincipalSearcher s.QueryFilter = sp Dim p2 As UserPrincipal = s.FindOne() If p2 Is Nothing Then Trace.Warn("No user found.") Else Trace.Warn(p2.Name) Trace.Warn(p2.DisplayName) Trace.Warn(p2.DistinguishedName) Trace.Warn(p2.EmployeeId) Trace.Warn(p2.EmailAddress) End If All three of these methods return the same results, but I was wondering if any particular method is better or worse than the others? Option 1 or 3 seem to be the best as they provide strongly-typed property names, but I might be wrong? My overall objective is to find a single user within AD based on the user principal value passed via the web browser when using Windows Authentication on a site (e.g. "MYDOMAIN\MyUserAccountName")

    Read the article

  • Request a user's roles in AD when caller is not in domain

    - by grootjans
    I would like to get a user's group memberships in an ActiveDirectory, without being in the domain. When I run this inside the domain, all is well. var context = new PrincipalContext(ContextType.Domain); var principal = UserPrincipal.FindByIdentity(context, IdentityType.Name, "administrator"); foreach (var authorizationGroup in principal.GetAuthorizationGroups()) { Console.WriteLine(authorizationGroup.Name); } However, when I run outside the domain, I have to specify the PrincipalContext lie this: var context = new PrincipalContext(ContextType.Domain, "10.0.1.255", "DC=test,DC=ad,DC=be", "administrator", "password"); When I run this code, I get an exception when I execute principal.GetAuthorizationGroups(). The exception I get is: System.DirectoryServices.AccountManagement.PrincipalOperationException: Information about the domain could not be retrieved (1355). at System.DirectoryServices.AccountManagement.Utils.GetDcName(String computerName, String domainName, String siteName, Int32 flags) at System.DirectoryServices.AccountManagement.ADStoreCtx.LoadDomainInfo() at System.DirectoryServices.AccountManagement.ADStoreCtx.get_DnsDomainName() at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p) at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper() at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroups()

    Read the article

  • DirectoryServicesCOMException when working with System.DirectoryServices.AccountManagement

    - by antik
    I'm attempting to determine whether a user is a member of a given group using System.DirectoryServices.AccountManagment. I'm doing this inside a SharePoint WebPart in SharePoint 2007 on a 64-bit system. Project targets .NET 3.5 Impersonation is enabled in the web.config. The IIS Site in question is using an IIS App Pool with a domain user configured as the identity. I am able to instantiate a PrincipalContext as such: PrincipalContext pc = new PrincipalContext(ContextType.Domain) Next, I try to grab a principal: using (PrincipalContext pc = new PrincipalContext(ContextType.Domain)) { GroupPrincipal group = GroupPrincipal.FindByIdentity(pc, "MYDOMAIN\somegroup"); // snip: exception thrown by line above. } Both the above and UserPrincipal.FindByIdentity with a user SAM throw a DirectoryServicesCOMException: "Logon failure: Unknown user name or bad password" I've tried passing in a complete SAMAccountName to either FindByIdentity (in the form of MYDOMAIN\username) or just the username with no change in behavior. I've tried executing the code with other credentials using both the HostingEnvironment.Impersonate and SPSecurity.RunWithElevatedPrivileges approaches and also experience the same result. I've also tried instantiating my context with the domain name in place: Principal Context pc = new PrincipalContext(ContextType.Domain, "MYDOMAIN"); This throws a PrincipalServerDownException: "The server could not be contacted." I'm working on a reasonably hardened server. I did not lock the system down so I am unsure exactly what has been done to it. If there are credentials I need to allocate to my pool identity's user or in the domain security policy in order for these to work, I can configure the domain accordingly. Are there any settings that would be preventing my code from running? Am I missing something in the code itself? Is this just not possible in a SharePoint web? EDIT: Given further testing, my code functions correctly when tested in a Console application targeting .NET 4.0. I targeted a different framework because I didn't have AccountManagement available to me in the console app when targeting .NET 3.5 for some reason. using (PrincipalContext pc = new PrincipalContext(ContextType.Domain)) using (UserPrincipal adUser = UserPrincipal.FindByIdentity(pc, "MYDOMAIN\joe.user")) using (GroupPrincipal adGroup = GroupPrincipal.FindByIdentity(pc, "MYDOMAIN\user group")) { if (adUser.IsMemberOf(adGroup)) { Console.WriteLine("User is a member!"); } else { Console.WriteLine("User is NOT a member."); } } What varies in my SharePoint environment that might prohibit this function from executing?

    Read the article

  • C# : Error while accessing Active Directory

    - by Mohsan
    hi. i am facing some problems in accessing Active Directory from my winform app. what I want is to create a user and query user from Active Directory. here is code snippet for find user public bool FindUser(string username) { using (PrincipalContext context = new PrincipalContext(ContextType.Domain, this.domainName, this.DomainUserName, this.DomainPassword)) { UserPrincipal user = UserPrincipal.FindByIdentity(context, username); return (user != null) ? true : false; } } i am unable to create object of PrincipalContext based on given arguments. i am getting this exception "{"The server could not be contacted."}" and inner exception states that "{"The LDAP server is unavailable."}" where as domain is running. i can ping to it and can also connect to this domain. any suggestion about these exceptions?

    Read the article

  • Check if user exists in Active Directory

    - by K.R.
    Hello, I need to check if an user exists in AD and if so, retrieve some user information. I have been able to do this as shown below. But, it is very slow. Is there any way to do this faster? Thanks! using System; using System.DirectoryServices; using System.DirectoryServices.AccountManagement; namespace ConsoleApplication1 { class Program { static void Main() { Console.WriteLine("Enter AD account name..."); string strADLoginName = Console.ReadLine(); using(PrincipalContext context = new PrincipalContext(ContextType.Domain,"DEVMC")) { using (UserPrincipal user = UserPrincipal.FindByIdentity(context, strADLoginName)) { bool userExists = (user != null); if (userExists) { Console.WriteLine("User exists"); Console.WriteLine(user.EmailAddress); } else { Console.WriteLine("User doesn't exist"); } } } Console.ReadKey(); } } }

    Read the article

  • Finding the groups of a user in WLS with OPSS

    - by user12587121
    How to find the group memberships for a user from a web application running in Weblogic server ?  This is useful for building up the profile of the user for security purposes for example. WLS as a container offers an identity store service which applications can access to query and manage identities known to the container.  This article for example shows how to recover the groups of the current user, but how can we find the same information for an arbitrary user ? It is the Oracle Platform for Securtiy Services (OPSS) that looks after the identity store in WLS and so it is in the OPSS APIs that we can find the way to recover this information. This is explained in the following documents.  Starting from the FMW 11.1.1.5 book list, with the Security Overview document we can see how WLS uses OPSS: Proceeding to the more detailed Application Security document, we find this list of useful references for security in FMW. We can follow on into the User/Role API javadoc. The Application Security document explains how to ensure that the identity store is configured appropriately to allow the OPSS APIs to work.  We must verify that the jps-config.xml file where the application  is deployed has it's identity store configured--look for the following elements in that file: <serviceProvider type="IDENTITY_STORE" name="idstore.ldap.provider" class="oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider">             <description>LDAP-based IdentityStore Provider</description>  </serviceProvider> <serviceInstance name="idstore.ldap" provider="idstore.ldap.provider">             <property name="idstore.config.provider" value="oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider"/>             <property name="CONNECTION_POOL_CLASS" value="oracle.security.idm.providers.stdldap.JNDIPool"/></serviceInstance> <serviceInstanceRef ref="idstore.ldap"/> The document contains a code sample for using the identity store here. Once we have the identity store reference we can recover the user's group memberships using the RoleManager interface:             RoleManager roleManager = idStore.getRoleManager();            SearchResponse grantedRoles = null;            try{                System.out.println("Retrieving granted WLS roles for user " + userPrincipal.getName());                grantedRoles = roleManager.getGrantedRoles(userPrincipal, false);                while( grantedRoles.hasNext()){                      Identity id = grantedRoles.next();                      System.out.println("  disp name=" + id.getDisplayName() +                                  " Name=" + id.getName() +                                  " Principal=" + id.getPrincipal() +                                  "Unique Name=" + id.getUniqueName());                     // Here, we must use WLSGroupImpl() to build the Principal otherwise                     // OES does not recognize it.                      retSubject.getPrincipals().add(new WLSGroupImpl(id.getPrincipal().getName()));                 }            }catch(Exception ex) {                System.out.println("Error getting roles for user " + ex.getMessage());                ex.printStackTrace();            }        }catch(Exception ex) {            System.out.println("OESGateway: Got exception instantiating idstore reference");        } This small JDeveloper project has a simple servlet that executes a request for the user weblogic's roles on executing a get on the default URL.  The full code to recover a user's goups is in the getSubjectWithRoles() method in the project.

    Read the article

  • ASP. NET MVC2: Where abouts do I set Current.User from a Session variable?

    - by Adam Brown
    Hi, I'm trying to get authentication and authorisation working in an ASP .NET MVC2 site. I've read loads of tutorials and some books which explain how you can use attributes to require authorisation (and membership in a role) like this: [Authorize(Roles="Admin")] public ActionResult Index() { return View(); } I've made classes that implement IIdentity and IPrincipal, I create a userPrincipal object once the user has successfully logged in and I add it to a session variable. When the user goes to another page I want it to set the HttpContext.Current.User to the object that I stored in the session, something like this: if (Session["User"] != null) { HttpContext.Current.User = Session["User"] as MyUser; } My question is: Where abouts do I put the code directly above? I tried Application_AuthenticateRequest but it tells me Session state is not available in this context. Many thanks.

    Read the article

  • System.DirectoryServices.AccountManagement functions fail to probe some machines (but not others)

    - by JCCyC
    Both the working and failing targets are machines in the same domain. Code is down below. When I use it against some machines in my domain, I get a System.DirectoryServices.AccountManagement.PrincipalOperationException with a message: "While trying to retrieve the authorization groups, an error (1332) occurred." The error is thrown by GetAuthorizationGroups(). Note: The username I use to connect is a local admin to the machine in both cases. PrincipalContext ctx = new PrincipalContext(ContextType.Machine, machineName, domainname + "\\" + adminusername, pass); List<Principal> retList = new List<Principal>(); using (var user = UserPrincipal.FindByIdentity(ctx, probedusername)) { if (user != null) { PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups(); foreach (Principal group in groups) { retList.Add(group); } } }

    Read the article

  • What is the easiest way to get the primary groupName from AD in C#?

    - by madhatter84gn
    I am currently using PrincipalContext and UserPrincipal to return the users primary groupid. How can I take this id and find the actual group name? Also I have code that works correctly to assign the user's primary group, but once I assign them to the group I can not delete them from Domain Users which is the default primary group prior to my change. I have called Save() before trying to remove the domain users group. My requirements state I must add the user to AD then assign their primary group and then remove them as a member of Domain Users.

    Read the article

  • Authenticating your windows domain users in the cloud

    - by cibrax
    Moving to the cloud can represent a big challenge for many organizations when it comes to reusing existing infrastructure. For applications that drive existing business processes in the organization, reusing IT assets like active directory represent good part of that challenge. For example, a new web mobile application that sales representatives can use for interacting with an existing CRM system in the organization. In the case of Windows Azure, the Access Control Service (ACS) already provides some integration with ADFS through WS-Federation. That means any organization can create a new trust relationship between the STS running in the ACS and the STS running in ADFS. As the following image illustrates, the ADFS running in the organization should be somehow exposed out of network boundaries to talk to the ACS. This is usually accomplish through an ADFS proxy running in a DMZ. This is the official story for authenticating existing domain users with the ACS.  Getting an ADFS up and running in the organization, which talks to a proxy and also trust the ACS could represent a painful experience. It basically requires  advance knowledge of ADSF and exhaustive testing to get everything right.  However, if you want to get an infrastructure ready for authenticating your domain users in the cloud in a matter of minutes, you will probably want to take a look at the sample I wrote for talking to an existing Active Directory using a regular WCF service through the Service Bus Relay Binding. You can use the WCF ability for self hosting the authentication service within a any program running in the domain (a Windows service typically). The service will not require opening any port as it is opening an outbound connection to the cloud through the Relay Service. In addition, the service will be protected from being invoked by any unauthorized party with the ACS, which will act as a firewall between any client and the service. In that way, we can get a very safe solution up and running almost immediately. To make the solution even more convenient, I implemented an STS in the cloud that internally invokes the service running on premises for authenticating the users. Any existing web application in the cloud can just establish a trust relationship with this STS, and authenticate the users via WS-Federation passive profile with regular http calls, which makes this very attractive for web mobile for example. This is how the WCF service running on premises looks like, [ServiceBehavior(Namespace = "http://agilesight.com/active_directory/agent")] public class ProxyService : IAuthenticationService { IUserFinder userFinder; IUserAuthenticator userAuthenticator;   public ProxyService() : this(new UserFinder(), new UserAuthenticator()) { }   public ProxyService(IUserFinder userFinder, IUserAuthenticator userAuthenticator) { this.userFinder = userFinder; this.userAuthenticator = userAuthenticator; }   public AuthenticationResponse Authenticate(AuthenticationRequest request) { if (userAuthenticator.Authenticate(request.Username, request.Password)) { return new AuthenticationResponse { Result = true, Attributes = this.userFinder.GetAttributes(request.Username) }; }   return new AuthenticationResponse { Result = false }; } } Two external dependencies are used by this service for authenticating users (IUserAuthenticator) and for retrieving user attributes from the user’s directory (IUserFinder). The UserAuthenticator implementation is just a wrapper around the LogonUser Win Api. The UserFinder implementation relies on Directory Services in .NET for searching the user attributes in an existing directory service like Active Directory or the local user store. public UserAttribute[] GetAttributes(string username) { var attributes = new List<UserAttribute>();   var identity = UserPrincipal.FindByIdentity(new PrincipalContext(this.contextType, this.server, this.container), IdentityType.SamAccountName, username); if (identity != null) { var groups = identity.GetGroups(); foreach(var group in groups) { attributes.Add(new UserAttribute { Name = "Group", Value = group.Name }); } if(!string.IsNullOrEmpty(identity.DisplayName)) attributes.Add(new UserAttribute { Name = "DisplayName", Value = identity.DisplayName }); if(!string.IsNullOrEmpty(identity.EmailAddress)) attributes.Add(new UserAttribute { Name = "EmailAddress", Value = identity.EmailAddress }); }   return attributes.ToArray(); } As you can see, the code is simple and uses all the existing infrastructure in Azure to simplify a problem that looks very complex at first glance with ADFS. All the source code for this sample is available to download (or change) in this GitHub repository, https://github.com/AgileSight/ActiveDirectoryForCloud

    Read the article

  • How to check whether a user belongs to an AD group and nested groups?

    - by elsharpo
    hi guys, I have an ASP.NET 3.5 application using Windows Authentication and implementing our own RoleProvider. Problem is we want to restrict access to a set of pages to a few thousand users and rathern than inputing all of those one by one we found out they belong to an AD group. The answer is simple if the common group we are checking membership against the particular user is a direct member of it but the problem I'm having is that if the group is a member of another group and then subsequently member of another group then my code always returns false. For example: Say we want to check whether User is a member of group E, but User is not a direct member of *E", she is a member of "A" which a member of "B" which indeed is a member of E, therefore User is a member of *E" One of the solutions we have is very slow, although it gives the correct answer using (var context = new PrincipalContext(ContextType.Domain)) { using (var group = GroupPrincipal.FindByIdentity(context, IdentityType.Name, "DL-COOL-USERS")) { var users = group.GetMembers(true); // recursively enumerate return users.Any(a => a.Name == "userName"); } } The original solution and what I was trying to get to work, using .NET 3.5 System.DirectoryServices.AccountManagement and it does work when users are direct members of the group in question is as follows: public bool IsUserInGroup(string userName, string groupName) { var cxt = new PrincipalContext(ContextType.Domain, "DOMAIN"); var user = UserPrincipal.FindByIdentity(cxt, IdentityType.SamAccountName, userName); if (user == null) { return false; } var group = GroupPrincipal.FindByIdentity(cxt, groupName); if (group == null) { return false; } return user.IsMemberOf(group); } The bottom line is, we need to check for membership even though the groups are nested in many levels down. Thanks a lot!

    Read the article

  • Trigger JavaScript action after Datatable is loaded

    - by perissf
    In a JSF 2.1 + PrimeFaces 3.2 web application, I need to trigger a JavaScript function after a p:dataTable is loaded. I know that there is no such event in this component, so I have to find a workaround. In order to better understand the scenario, on page load the dataTable is not rendered. It is rendered after a successful login: <p:commandButton value="Login" update=":aComponentHoldingMyDataTable" action="#{loginBean.login}" oncomplete="handleLoginRequest(xhr, status, args)"/> As you can see from the above code, I have a JavaScript hook after the successful login, if it can be of any help. Immediately after the oncomplete action has finished, the update attribute renders the dataTable: <p:dataTable var="person" value="#{myBean.lazyModel}" rendered="#{p:userPrincipal() != null}" /> After the datatable is loaded, I need to run a JavaScript function on each row item, in order to subscribe to a cometD topic. In theory I could use the oncomplete attribute of the login Button for triggering a property from myBean in order to retrieve once again the values to be displayed in the dataTable, but it doesn't seem very elegant. The JavaScript function should do something with the rowKey of each row of the dataTable: function javaScriptFunctionToBeTriggered(rowKey) { // do something }

    Read the article

  • User to be validated against nested security groups in Windows.

    - by user412272
    Hi, This is my first post here and after much looking around I have come here with my question. Will really appreciate a fast response. I am faced with a problem to validate user credentials of the currently logged on user against a group in Windows. The user membership to a group can be through other groups also ie nested membership. Eg. User U is a part of group G1. Group G1 is a part of another group G2. The requirement is that when the user is validated against group G2, the validations should succeed. The user can be a local or AD user but the group will always be a local group ( or domain local group if created directly on a DC). I have tried using WindowsPrincipal.IsInRole() method, but it seems to be checking only for direct membership to a group. I also tried UserPrincipal.GetAuthorizationGroups() for the current user, but it also doesnt seem to be doing recursive search. I am posting a code snippet of the working code below, but this code is taking much more than acceptable time. bool CheckUserPermissions(string groupName) { WindowsIdentity currentUserIdentity = System.Security.Principal.WindowsIdentity.GetCurrent(); bool found = false; PrincipalContext context= new PrincipalContext(ContextType.Machine); GroupPrincipal group = GroupPrincipal.FindByIdentity(context, IdentityType.Name, groupName); if (group!= null) { foreach (Principal p in group.GetMembers(true)) { if (p.Sid == currentUserIdentity.User) { found = true; break; } } group.Dispose(); } return found; }

    Read the article

  • AD Password About to Expire check problem with ASP.Net

    - by Vince
    Hello everyone, I am trying to write some code to check the AD password age during a user login and notify them of the 15 remaining days. I am using the ASP.Net code that I found on the Microsoft MSDN site and I managed to add a function that checks the if the account is set to change password at next login. The login and the change password at next login works great but I am having some problems with the check for the password age. This is the VB.Net code for the DLL file: Imports System Imports System.Text Imports System.Collections Imports System.DirectoryServices Imports System.DirectoryServices.AccountManagement Imports System.Reflection 'Needed by the Password Expiration Class Only -Vince Namespace FormsAuth Public Class LdapAuthentication Dim _path As String Dim _filterAttribute As String 'Code added for the password expiration added by Vince Private _domain As DirectoryEntry Private _passwordAge As TimeSpan = TimeSpan.MinValue Const UF_DONT_EXPIRE_PASSWD As Integer = &H10000 'Function added by Vince Public Sub New() Dim root As New DirectoryEntry("LDAP://rootDSE") root.AuthenticationType = AuthenticationTypes.Secure _domain = New DirectoryEntry("LDAP://" & root.Properties("defaultNamingContext")(0).ToString()) _domain.AuthenticationType = AuthenticationTypes.Secure End Sub 'Function added by Vince Public ReadOnly Property PasswordAge() As TimeSpan Get If _passwordAge = TimeSpan.MinValue Then Dim ldate As Long = LongFromLargeInteger(_domain.Properties("maxPwdAge")(0)) _passwordAge = TimeSpan.FromTicks(ldate) End If Return _passwordAge End Get End Property Public Sub New(ByVal path As String) _path = path End Sub 'Function added by Vince Public Function DoesUserHaveToChangePassword(ByVal userName As String) As Boolean Dim ctx As PrincipalContext = New PrincipalContext(System.DirectoryServices.AccountManagement.ContextType.Domain) Dim up = UserPrincipal.FindByIdentity(ctx, userName) Return (Not up.LastPasswordSet.HasValue) 'returns true if last password set has no value. End Function Public Function IsAuthenticated(ByVal domain As String, ByVal username As String, ByVal pwd As String) As Boolean Dim domainAndUsername As String = domain & "\" & username Dim entry As DirectoryEntry = New DirectoryEntry(_path, domainAndUsername, pwd) Try 'Bind to the native AdsObject to force authentication. Dim obj As Object = entry.NativeObject Dim search As DirectorySearcher = New DirectorySearcher(entry) search.Filter = "(SAMAccountName=" & username & ")" search.PropertiesToLoad.Add("cn") Dim result As SearchResult = search.FindOne() If (result Is Nothing) Then Return False End If 'Update the new path to the user in the directory. _path = result.Path _filterAttribute = CType(result.Properties("cn")(0), String) Catch ex As Exception Throw New Exception("Error authenticating user. " & ex.Message) End Try Return True End Function Public Function GetGroups() As String Dim search As DirectorySearcher = New DirectorySearcher(_path) search.Filter = "(cn=" & _filterAttribute & ")" search.PropertiesToLoad.Add("memberOf") Dim groupNames As StringBuilder = New StringBuilder() Try Dim result As SearchResult = search.FindOne() Dim propertyCount As Integer = result.Properties("memberOf").Count Dim dn As String Dim equalsIndex, commaIndex Dim propertyCounter As Integer For propertyCounter = 0 To propertyCount - 1 dn = CType(result.Properties("memberOf")(propertyCounter), String) equalsIndex = dn.IndexOf("=", 1) commaIndex = dn.IndexOf(",", 1) If (equalsIndex = -1) Then Return Nothing End If groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1)) groupNames.Append("|") Next Catch ex As Exception Throw New Exception("Error obtaining group names. " & ex.Message) End Try Return groupNames.ToString() End Function 'Function added by Vince Public Function WhenExpires(ByVal username As String) As TimeSpan Dim ds As New DirectorySearcher(_domain) ds.Filter = [String].Format("(&(objectClass=user)(objectCategory=person)(sAMAccountName={0}))", username) Dim sr As SearchResult = FindOne(ds) Dim user As DirectoryEntry = sr.GetDirectoryEntry() Dim flags As Integer = CInt(user.Properties("userAccountControl").Value) If Convert.ToBoolean(flags And UF_DONT_EXPIRE_PASSWD) Then 'password never expires Return TimeSpan.MaxValue End If 'get when they last set their password Dim pwdLastSet As DateTime = DateTime.FromFileTime(LongFromLargeInteger(user.Properties("pwdLastSet").Value)) ' return pwdLastSet.Add(PasswordAge).Subtract(DateTime.Now); If pwdLastSet.Subtract(PasswordAge).CompareTo(DateTime.Now) > 0 Then Return pwdLastSet.Subtract(PasswordAge).Subtract(DateTime.Now) Else Return TimeSpan.MinValue 'already expired End If End Function 'Function added by Vince Private Function LongFromLargeInteger(ByVal largeInteger As Object) As Long Dim type As System.Type = largeInteger.[GetType]() Dim highPart As Integer = CInt(type.InvokeMember("HighPart", BindingFlags.GetProperty, Nothing, largeInteger, Nothing)) Dim lowPart As Integer = CInt(type.InvokeMember("LowPart", BindingFlags.GetProperty, Nothing, largeInteger, Nothing)) Return CLng(highPart) << 32 Or CUInt(lowPart) End Function 'Function added by Vince Private Function FindOne(ByVal searcher As DirectorySearcher) As SearchResult Dim sr As SearchResult = Nothing Dim src As SearchResultCollection = searcher.FindAll() If src.Count > 0 Then sr = src(0) End If src.Dispose() Return sr End Function End Class End Namespace And this is the Login.aspx page: sub Login_Click(sender as object,e as EventArgs) Dim adPath As String = "LDAP://DC=xxx,DC=com" 'Path to your LDAP directory server Dim adAuth As LdapAuthentication = New LdapAuthentication(adPath) Try If (True = adAuth.DoesUserHaveToChangePassword(txtUsername.Text)) Then Response.Redirect("passchange.htm") ElseIf (True = adAuth.IsAuthenticated(txtDomain.Text, txtUsername.Text, txtPassword.Text)) Then Dim groups As String = adAuth.GetGroups() 'Create the ticket, and add the groups. Dim isCookiePersistent As Boolean = chkPersist.Checked Dim authTicket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, _ txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), isCookiePersistent, groups) 'Encrypt the ticket. Dim encryptedTicket As String = FormsAuthentication.Encrypt(authTicket) 'Create a cookie, and then add the encrypted ticket to the cookie as data. Dim authCookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket) If (isCookiePersistent = True) Then authCookie.Expires = authTicket.Expiration End If 'Add the cookie to the outgoing cookies collection. Response.Cookies.Add(authCookie) 'Retrieve the password life Dim t As TimeSpan = adAuth.WhenExpires(txtUsername.Text) 'You can redirect now. If (passAge.Days = 90) Then errorLabel.Text = "Your password will expire in " & DateTime.Now.Subtract(t) 'errorLabel.Text = "This is" 'System.Threading.Thread.Sleep(5000) Response.Redirect("http://somepage.aspx") Else Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, False)) End If Else errorLabel.Text = "Authentication did not succeed. Check user name and password." End If Catch ex As Exception errorLabel.Text = "Error authenticating. " & ex.Message End Try End Sub ` Every time I have this Dim t As TimeSpan = adAuth.WhenExpires(txtUsername.Text) enabled, I receive "Arithmetic operation resulted in an overflow." during the login and won't continue. What am I doing wrong? How can I correct this? Please help!! Thank you very much for any help in advance. Vince

    Read the article

  • How-to configure Spring Social via XML

    - by Matthias Steiner
    I spend a few hours trying to get Twitter integration to work with Spring Social using the XML configuration approach. All the examples I could find on the web (and on stackoverflow) always use the @Config approach as shown in the samples For whatever reason the bean definition to get an instance to the twitter API throws an AOP exception: Caused by: java.lang.IllegalStateException: Cannot create scoped proxy for bean 'scopedTarget.twitter': Target type could not be determined at the time of proxy creation. Here's the complete config file I have: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:context="http://www.springframework.org/schema/context" xmlns:util="http://www.springframework.org/schema/util" xmlns:cxf="http://cxf.apache.org/core" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:jee="http://www.springframework.org/schema/jee" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:jdbc="http://www.springframework.org/schema/jdbc" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.1.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd"> <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> <jee:jndi-lookup id="dataSource" jndi-name="java:comp/env/jdbc/DefaultDB" /> <!-- initialize DB required to store user auth tokens --> <jdbc:initialize-database data-source="dataSource" ignore-failures="ALL"> <jdbc:script location="classpath:/org/springframework/social/connect/jdbc/JdbcUsersConnectionRepository.sql"/> </jdbc:initialize-database> <bean id="connectionFactoryLocator" class="org.springframework.social.connect.support.ConnectionFactoryRegistry"> <property name="connectionFactories"> <list> <ref bean="twitterConnectFactory" /> </list> </property> </bean> <bean id="twitterConnectFactory" class="org.springframework.social.twitter.connect.TwitterConnectionFactory"> <constructor-arg value="xyz" /> <constructor-arg value="xzy" /> </bean> <bean id="usersConnectionRepository" class="org.springframework.social.connect.jdbc.JdbcUsersConnectionRepository"> <constructor-arg ref="dataSource" /> <constructor-arg ref="connectionFactoryLocator" /> <constructor-arg ref="textEncryptor" /> </bean> <bean id="connectionRepository" factory-method="createConnectionRepository" factory-bean="usersConnectionRepository" scope="request"> <constructor-arg value="#{request.userPrincipal.name}" /> <aop:scoped-proxy proxy-target-class="false" /> </bean> <bean id="twitter" factory-method="?ndPrimaryConnection" factory-bean="connectionRepository" scope="request" depends-on="connectionRepository"> <constructor-arg value="org.springframework.social.twitter.api.Twitter" /> <aop:scoped-proxy proxy-target-class="false" /> </bean> <bean id="textEncryptor" class="org.springframework.security.crypto.encrypt.Encryptors" factory-method="noOpText" /> <bean id="connectController" class="org.springframework.social.connect.web.ConnectController"> <constructor-arg ref="connectionFactoryLocator"/> <constructor-arg ref="connectionRepository"/> <property name="applicationUrl" value="https://socialscn.int.netweaver.ondemand.com/socialspringdemo" /> </bean> <bean id="signInAdapter" class="com.sap.netweaver.cloud.demo.social.SimpleSignInAdapter" /> </beans> What puzzles me is that the connectionRepositoryinstantiation works perfectly fine (I commented-out the twitter bean and tested the code!) ?!? It uses the same features: request scope and interface AOP proxy and works, but the twitter bean instantiation fails ?!? The spring social config code looks as follows (I can not see any differences, can you?): @Configuration public class SocialConfig { @Inject private Environment environment; @Inject private DataSource dataSource; @Bean @Scope(value="singleton", proxyMode=ScopedProxyMode.INTERFACES) public ConnectionFactoryLocator connectionFactoryLocator() { ConnectionFactoryRegistry registry = new ConnectionFactoryRegistry(); registry.addConnectionFactory(new TwitterConnectionFactory(environment.getProperty("twitter.consumerKey"), environment.getProperty("twitter.consumerSecret"))); return registry; } @Bean @Scope(value="singleton", proxyMode=ScopedProxyMode.INTERFACES) public UsersConnectionRepository usersConnectionRepository() { return new JdbcUsersConnectionRepository(dataSource, connectionFactoryLocator(), Encryptors.noOpText()); } @Bean @Scope(value="request", proxyMode=ScopedProxyMode.INTERFACES) public ConnectionRepository connectionRepository() { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication == null) { throw new IllegalStateException("Unable to get a ConnectionRepository: no user signed in"); } return usersConnectionRepository().createConnectionRepository(authentication.getName()); } @Bean @Scope(value="request", proxyMode=ScopedProxyMode.INTERFACES) public Twitter twitter() { Connection<Twitter> twitter = connectionRepository().findPrimaryConnection(Twitter.class); return twitter != null ? twitter.getApi() : new TwitterTemplate(); } @Bean public ConnectController connectController() { ConnectController connectController = new ConnectController(connectionFactoryLocator(), connectionRepository()); connectController.addInterceptor(new PostToWallAfterConnectInterceptor()); connectController.addInterceptor(new TweetAfterConnectInterceptor()); return connectController; } @Bean public ProviderSignInController providerSignInController(RequestCache requestCache) { return new ProviderSignInController(connectionFactoryLocator(), usersConnectionRepository(), new SimpleSignInAdapter(requestCache)); } } Any help/pointers would be appreciated!!! Cheers, Matthias

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1