ASP.Net Core : get members of Active Directory group

Question

I'm wondering how I could get a list of members of an AD group.

Checking if an entered password of a user is correct works perfectly fine. For this I'm using Novell's Ldap.NetStandard:

private bool IsUserValid(string userName,string userPassword)
{
    try{
        using (var connection = new LdapConnection { SecureSocketLayer = false })
        {
            connection.Connect("test.local", LdapConnection.DEFAULT_PORT);
            connection.Bind(userDn, userPassword);

            if (connection.Bound)
            {
                return true;
            }
        }
    }
    catch (LdapException ex)
    {
        Console.WriteLine(ex.Massage);
    }

    return false;
}

What I want now is something like this:

bool isUserInGroup("testUser","testGroup");

The problem is I can't get my method working:

public bool IsUserMemberOfGroup(string userName,string groupName)
{
    var ldapConn = GetConnection();

    var searchBase = "";
    var filter = $"(&(objectClass=group)(cn={groupName}))";
    var search = ldapConn.Search(searchBase, LdapConnection.SCOPE_BASE, filter, null, false);
    while (search.hasMore())
    {
        var nextEntry = search.next();
        if (nextEntry.DN == userName)
            return true;                    
    }

    return false;
}

What ever I'm doing, I'm not getting back any value from my Ldap.Search()...

Answer 1

Now there is an implementation of System.DirectoryServices.AccountManagement for .NET Core 2. It is available via nuget.

With this package you are able to things like that:

        using (var principalContext = new PrincipalContext(ContextType.Domain, "YOUR AD DOMAIN"))
        {
            var domainUsers = new List<string>();
            var userPrinciple = new UserPrincipal(principalContext);

            // Performe search for Domain users
            using (var searchResult = new PrincipalSearcher(userPrinciple))
            {
                foreach (var domainUser in searchResult.FindAll())
                {
                    if (domainUser.DisplayName != null)
                    {
                        domainUsers.Add(domainUser.DisplayName);
                    }
                }
            }
        }

This performs a search for the user in your domain.Nearly the same is possible for searching your group. The way I used to search my AD (description in my question) is now obsolet:

Checking if an entered password of a user is correct works perfectly fine. For this I'm using Novell's Ldap.NetStandard:

Answer 2

How about:

HttpContext.User.IsInRole("nameOfYourAdGroup");

(namespace System.Security.Claims)