Introduction
In this sample, I am going to implement the .NET Core API with services, Repository and controller functions. To test it, I am going to use Postman.
Active Directory
Active Directory saves data as objects. An object is a single element, such as a user, group, application or device, such as a printer. Objects are normally defined as either a resource like printers or computers, or security principals such as users or groups.
PrincipalContext Class
This is the class used to encapsulate the server or domain against all operations are performed. The container is used as the base of operations, and the credentials areused to perform the operations.
UserPrincipal Class
The class used to encapsulate principals that are the user accounts.
PrincipalSearcher Class
Class used to encapsulate the methods and search patterns used to execute a query against the underlying principal store.
Getting Started .NET Core API
- Start Visual Studio 2019
- Create a new project.
- Choose ASP.NET Core Web Application.
- Choose the Web Application template and keep the default project name and location. In the dropdown with the ASP.NET Core version.
- Choose API and select version ASP.NET Core 2.1 or ASP.NET Core 3.1.
- Click Create.
Let’s add a model class.
AddUser class
Here is my AdUserProvider class:
- public class AdUserProvider: IUserProvider {
- public AdUser CurrentUser {
- get;
- set;
- }
- public bool Initialized {
- get;
- set;
- }
- public async Task Create(HttpContext context, IConfiguration config) {
- CurrentUser = await GetAdUser(context.User.Identity);
- Initialized = true;
- }
- public Task < AdUser > GetAdUser(IIdentity identity) {
- return Task.Run(() => {
- try {
- PrincipalContext context = new PrincipalContext(ContextType.Domain);
- UserPrincipal principal = new UserPrincipal(context);
- if (context != null) {
- principal = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, identity.Name);
- }
- return AdUser.CastToAdUser(principal);
- } catch (Exception ex) {
- throw new Exception("Error retrieving AD User", ex);
- }
- });
- }
- public Task < AdUser > GetAdUser(string samAccountName) {
- return Task.Run(() => {
- try {
- PrincipalContext context = new PrincipalContext(ContextType.Domain);
- UserPrincipal principal = new UserPrincipal(context);
- if (context != null) {
- principal = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, samAccountName);
- }
- return AdUser.CastToAdUser(principal);
- } catch (Exception ex) {
- throw new Exception("Error retrieving AD User", ex);
- }
- });
- }
- public Task < AdUser > GetAdUser(Guid guid) {
- return Task.Run(() => {
- try {
- PrincipalContext context = new PrincipalContext(ContextType.Domain);
- UserPrincipal principal = new UserPrincipal(context);
- if (context != null) {
- principal = UserPrincipal.FindByIdentity(context, IdentityType.Guid, guid.ToString());
- }
- return AdUser.CastToAdUser(principal);
- } catch (Exception ex) {
- throw new Exception("Error retrieving AD User", ex);
- }
- });
- }
- public Task < List < AdUser >> GetDomainUsers() {
- return Task.Run(() => {
- PrincipalContext context = new PrincipalContext(ContextType.Domain);
- UserPrincipal principal = new UserPrincipal(context);
- principal.UserPrincipalName = "*@*";
- principal.Enabled = true;
- PrincipalSearcher searcher = new PrincipalSearcher(principal);
- var users = searcher.FindAll().Take(50).AsQueryable().Cast < UserPrincipal > ().FilterUsers().SelectAdUsers().OrderBy(x => x.Surname).ToList();
- return users;
- });
- }
- public Task < List < AdUser >> FindDomainUser(string search) {
- return Task.Run(() => {
- PrincipalContext context = new PrincipalContext(ContextType.Domain);
- UserPrincipal principal = new UserPrincipal(context);
- principal.SamAccountName = $ "*{search}*";
- principal.Enabled = true;
- PrincipalSearcher searcher = new PrincipalSearcher(principal);
- var users = searcher.FindAll().AsQueryable().Cast < UserPrincipal > ().FilterUsers().SelectAdUsers().OrderBy(x => x.Surname).ToList();
- return users;
- });
- }
As you can see in get domain users, I am fetching only 50 users because my active directory has thousands on users, that takes long time to get the data.
IUserProvider interface
- public interface IUserProvider {
- AdUser CurrentUser {
- get;
- set;
- }
- bool Initialized {
- get;
- set;
- }
- Task Create(HttpContext context, IConfiguration config);
- Task < AdUser > GetAdUser(IIdentity identity);
- Task < AdUser > GetAdUser(string samAccountName);
- Task < AdUser > GetAdUser(Guid guid);
- Task < List < AdUser >> GetDomainUsers();
- Task < List < AdUser >> FindDomainUser(string search);
- }
Now let’s work on controller part.
Here is my controller code:
ADController
- using MapAPI.Identity;
- using Microsoft.AspNetCore.Authorization;
- using Microsoft.AspNetCore.Mvc;
- using System.Collections.Generic;
- using System.Threading.Tasks;
- namespace MapAPI.Controllers {
- [Authorize]
- [Route("api/[controller]")]
- [ApiController]
- public class ADController: ControllerBase {
- IUserProvider userProvider;
- public ADController(IUserProvider _userProvider) {
- userProvider = _userProvider;
- }
- [HttpGet("[action]")]
- public async Task < List < AdUser >> GetDomainUsers() => await userProvider.GetDomainUsers();
- [HttpGet("[action]/{search}")]
- public async Task < List < AdUser >> FindDomainUser([FromRoute] string search) => await userProvider.FindDomainUser(search);
- [HttpGet("[action]")]
- public AdUser GetCurrentUser() => userProvider.CurrentUser;
- }
- }
We are all set now! Let’s run the application and hit the endpoints to see the output.
List of domain Users
Search user by id from AD
Get current user data from AD
Conclusion
In this article, we saw how to implement .NET core API and get data from Windows Active Directory.