below is a method used to check to see if the Creds entered are good. i also would like to add on to this to see if they are part of group "XXX".
Private Function ValidateActiveDirectoryLogin(ByVal Domain As String, ByVal Username As String, ByVal Password As String) As Boolean
Dim Success As Boolean = False
Dim Entry As New System.DirectoryServices.DirectoryEntry("LDAP://" + Domain, Username, Password)
Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry)
Searcher.SearchScope = DirectoryServices.SearchScope.OneLevel
Try
Dim Results As System.DirectoryServices.SearchResult = Searcher.FindOne
Success = Not (Results Is Nothing)
Catch ex As Exception
Success = False
End Try
Return Success
End Function
and below i tried to play around with stuff i found on stack but im not having much luck. how can i use existing method and add to it in order to get my results?
Public Function IsInGroup(ByVal UserName As String) As Boolean
'Dim MyIdentity As System.Security.Principal.WindowsIdentity = New WindowsPrincipal(New WindowsIdentity(UserName)) ' System.Security.Principal.WindowsIdentity.GetCurrent()
'Dim userPrincipal = New WindowsPrincipal(New WindowsIdentity(Username))
Dim MyPrincipal As System.Security.Principal.WindowsPrincipal = New WindowsPrincipal(New WindowsIdentity(UserName)) 'New System.Security.Principal.WindowsPrincipal(userPrincipal)
Return MyPrincipal.IsInRole("XXX_YYY")
End Function
Also Tried to do something like this but getting the error i screenshotted.
Public Function IsInGroup(ByVal UserName As String) As Boolean
Dim Result As Boolean
Dim de As New DirectoryEntry("LDAP://AD")
Dim MemberSearcher As New DirectorySearcher
With MemberSearcher
.SearchRoot = de
.Filter = "(&(ObjectClass=Group)(CN=VAL_ITS))"
.PropertiesToLoad.Add("Member")
End With
Dim mySearchResults As SearchResult = MemberSearcher.FindOne()
For Each User In mySearchResults.Properties("Member")
If User = UserName Then
Result = True
Else
Result = False
End If
Next
Return Result
End Function
'Project > Add Reference > System.DirectoryServices.AccountManagement & System.DirectoryServices
Validate using the System.DirectoryServices.AccountManagement namespace
Imports System.DirectoryServices.AccountManagement
Public function validate(username as string, password as string, domain as string)
Dim valid As Boolean = False
Using context As New PrincipalContext(ContextType.Domain, domain)
valid = context.ValidateCredentials(username, password)
End Using
return valid
End Function
Public function checkgroup(domain as string, username as string, groupname as string)
Dim isMember as boolean = false
Dim ctx As New PrincipalContext(ContextType.Domain, domain)
Dim user As UserPrincipal = UserPrincipal.FindByIdentity(ctx, username)
Dim group As GroupPrincipal = GroupPrincipal.FindByIdentity(ctx, groupname)
If user IsNot Nothing Then
If user.IsMemberOf(group) Then
isMember = True
End If
End If
return isMember
End Function
Related
We had earlier asked a question regarding migrating the data from Authy to Verify API. We were following the steps provided in this URL.
(https://www.stackoverflow.com/questions/74302235/migrate-authy-totp-to-verify)
However, when we are migrating the user, the user is not verified even after the migration. Here is the code which we are using
Dim oAuthy = New clsAuthy(apiKey, False)
'Fetch details from authy to migrate to verify
Dim authyDetails As clsAuthySecret = oAuthy.GetAuthyDetails(item("TwilioAuthyId"))
oAuthy = Nothing
'Migrate data to verify API
With oVerify
.GenerateQRCode(item("UserName"), item("UserId").ToString(), authyDetails.Secret)
.VerifyToken(.FactorID, authyDetails.OTP, item("UserId").ToString())
FactorId = .FactorID
VerifyUrl = .QrUrl
End With
Public Function GetAuthyDetails(ByRef AuthyID As String) As clsAuthySecret
Dim apiResponse As clsAuthySecret
Dim url = String.Format("{0}/protected/json/users/{1}/secret/export", Me.baseUrl, AuthyID, Me.apikey)
Try
client.Headers.Set("X-Authy-API-Key", Me.apikey)
Dim response = client.DownloadString(url)
apiResponse = JsonConvert.DeserializeObject(Of clsAuthySecret)(response)
apiResponse.RawResponse = response
Catch ex As WebException
apiResponse = New clsAuthySecret()
apiResponse.Status = AuthyStatus.BadRequest 'bad request
apiResponse.Message = ex.Message
'apiResponse.RawResponse = ex.Response.ToString()
End Try
If (apiResponse.Success) Then
apiResponse.Status = AuthyStatus.Success
End If
Return apiResponse
End Function
Public Function GenerateQRCode(ByVal Email As String,
ByVal UserID As String,
ByVal Secret As String
) As Task(Of Boolean)
Try
TwilioClient.Init(_accountSID, _authToken)
Dim newFactor = NewFactorResource.Create(friendlyName:=Email,
factorType:=NewFactorResource.FactorTypesEnum.Totp,
pathServiceSid:=_serviceSID,
pathIdentity:=UserID.ToLower(),
bindingSecret:=Secret)
_factorID = newFactor.Sid
_qrUrl = JObject.Parse(newFactor.Binding.ToString())("uri")
Catch ex As Exception
_responseMessage = ex.Message
Return False
End Try
Return True
End Function
Public Function VerifyToken(ByVal FactorID As String,
ByVal Token As String,
ByVal UserID As String
) As Task(Of Boolean)
Try
TwilioClient.Init(_accountSID, _authToken)
Dim factor = FactorResource.Update(authPayload:=Token,
pathServiceSid:=_serviceSID,
pathIdentity:=UserID.ToLower(),
pathSid:=FactorID)
If factor.Status.ToString = "verified" Then
Return True
Else
Return False
End If
Catch ex As Exception
_responseMessage = ex.Message
Return False
End Try
End Function
Is there anything we are missing from our end? Following is the response as shown in the image link below
https://i.stack.imgur.com/lhTkE.png
I needed to add users to Active Directory using VB. I found code that works (mostly), except for assigning the user to a group. I'm fairly certain that the code works, I just don't know the format of the group to pass to it.
Given the code (below), and the image of my AD structure (below that), what is the structure of the GroupName passed to the routine to add the user to the group "Level1/All Users/Level 2/A-K"?
TIA
Public Shared Sub AddUserToGroup(ByVal de As DirectoryEntry, ByVal deUser As DirectoryEntry, ByVal GroupName As String)
Dim deSearch As DirectorySearcher = New DirectorySearcher()
deSearch.SearchRoot = de
deSearch.Filter = "(&(objectClass=group) (cn=" & GroupName & "))"
Dim results As SearchResultCollection = deSearch.FindAll()
Dim isGroupMember As Boolean = False
If results.Count > 0 Then
Dim group As New DirectoryEntry(results(0).Path)
Dim members As Object = group.Invoke("Members", Nothing)
For Each member As Object In CType(members, IEnumerable)
Dim x As DirectoryEntry = New DirectoryEntry(member)
Dim name As String = x.Name
If name <> deUser.Name Then
isGroupMember = False
Else
isGroupMember = True
Exit For
End If
Next member
If (Not isGroupMember) Then
group.Invoke("Add", New Object() {deUser.Path.ToString()})
End If
group.Close()
End If
Return
End Sub
According to your input from your comment I set up this Sub for you.
You havn't clarified the level below Level2 so I just called it Level3.
This function already enables User as a disabled User is useless...
References:
Imports System.DirectoryServices
How to Use:
CreateUser("Doe", "John")
Method:
Public Sub CreateUser(ByVal givenname As String, ByVal surname As String)
Dim dom As New DirectoryEntry()
Dim ou As DirectoryEntry = dom.Children.Find("OU=All Users")
Dim ou2 As DirectoryEntry = ou.Children.Find("OU=Level2")
Dim ou3 As DirectoryEntry = ou2.Children.Find("OU=Level3")
Dim firstLetter As String = givenname.Substring(0, 1)
Dim ou4 As DirectoryEntry
If firstLetter Like "*[A-K]*" Then
ou4 = ou3.Children.Find("OU=A-K")
Else
ou4 = ou3.Children.Find("OU=L-Z")
End If
Dim ADuser As DirectoryEntry = ou4.Children.Add("CN=" & givenname & "\, " & surname, "user")
ADuser.CommitChanges()
'The User is now created. Most people forget to enable their users so I'll put it in here too
'UF_DONT_EXPIRE_PASSWD 0x10000
Dim exp As Integer = CInt(ADuser.Properties("userAccountControl").Value)
ADuser.Properties("userAccountControl").Value = exp Or &H1
ADuser.CommitChanges()
'UF_ACCOUNTDISABLE 0x0002
Dim val As Integer = CInt(ADuser.Properties("userAccountControl").Value)
ADuser.Properties("userAccountControl").Value = val And Not &H2
ADuser.CommitChanges()
End Sub
See my answer in this post for basic knowledge of interaction with AD and LDAP.
I want to send an email, but it gives me an error.
I have this code:
Sub sendMail(ByVal title As String, ByVal content As String)
Dim SmtpServer As New SmtpClient("smtp.gmail.com", 25)
SmtpServer.Credentials = New Net.NetworkCredential("name#gmail.com", "password")
Dim mail As New MailMessage("name#gmail.com", "name#gmail.com", title, content)
SmtpServer.Send(mail)
End Sub
I have a try catch which tries to call this method, it doesnt work so the catch runs and i get thes exception: System.Net.Mail.SmtpException: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 Must issue a STARTTLS command first. b6sm3176487lae.0 - gsmtp Why do I get this error? and how do I fix it?
Gmail uses SMTP over SSL on port 465.
Try doing:
Dim SmtpServer As New SmtpClient("smtp.gmail.com", 465)
...
SmtpServer.EnableSsl = True
...
Try this - I know it works.
Dim Mail As New MailMessage
Dim SMTP As New SmtpClient("smtp.gmail.com")
Mail.Subject = "Security Update"
Mail.From = New MailAddress("name#gmail.com")
SMTP.Credentials = New System.Net.NetworkCredential("name#gmail.com", "password") '<-- Password Here
Mail.To.Add(address & "#gmail.com") 'I used ByVal here for address
Mail.Body = "" 'Message Here
SMTP.EnableSsl = True
SMTP.Port = "587"
SMTP.Send(Mail)
There is some problem with google account, you need to switch off some security settings. After sending email over and over, I received email on one of my support account (for google), the email were:
You recently changed your security settings so that your Google Account [trdjoko#gmail.com] is no longer protected by modern security standards.
If you did not make this change
Please review your Account Activity page at https://security.google.com/settings/security/activity to see if anything looks suspicious. Whoever made the change knows your password; we recommend that you change it right away.
If you made this change
Please be aware that it is now easier for an attacker to break into your account. You can make your account safer again by undoing this change at https://www.google.com/settings/security/lesssecureapps then switching to apps made by Google such as Gmail to access your account.
Sincerely,
The Google Accounts team
So I switched of additional security and i worked fine.
Change the port to 587. Port 25 does not support SSL.
A super easy way of doing this(without changing any security settings) is by using IFTTT and my IFTTT Maker.net libary
First, in IFTTT create a new recipe that's triggered by the Maker channel and name the event "send_gmail".
Then, select the Gmail engine and click "Send an email", and replace To with {{value1}}, subject with {{value2}} and message/body with {{value3}}
After that, in Visual studio, add ifttt.vb to your project. Now for the code:
Try
makechannel.scode = "your account ID"
makechannel.fireevent("send_gmail", "TO", "SUBJECT", "MESSAGE")
'code goes here if done
Catch ex As Exception
'code goes here if it fails
End Try
Then fill in your account ID. You can find it at ifttt.com/maker
And that's it!
I Have written the class which can perform this task easyly.
Imports System.Net.Mail
Public Class GGSMTP_GMAIL
Dim Temp_GmailAccount As String
Dim Temp_GmailPassword As String
Dim Temp_SMTPSERVER As String
Dim Temp_ServerPort As Int32
Dim Temp_ErrorText As String = ""
Dim Temp_EnableSSl As Boolean = True
Public ReadOnly Property ErrorText() As String
Get
Return Temp_ErrorText
End Get
End Property
Public Property EnableSSL() As Boolean
Get
Return Temp_EnableSSl
End Get
Set(ByVal value As Boolean)
Temp_EnableSSl = value
End Set
End Property
Public Property GmailAccount() As String
Get
Return Temp_GmailAccount
End Get
Set(ByVal value As String)
Temp_GmailAccount = value
End Set
End Property
Public Property GmailPassword() As String
Get
Return Temp_GmailPassword
End Get
Set(ByVal value As String)
Temp_GmailPassword = value
End Set
End Property
Public Property SMTPSERVER() As String
Get
Return Temp_SMTPSERVER
End Get
Set(ByVal value As String)
Temp_SMTPSERVER = value
End Set
End Property
Public Property ServerPort() As Int32
Get
Return Temp_ServerPort
End Get
Set(ByVal value As Int32)
Temp_ServerPort = value
End Set
End Property
Public Sub New(ByVal GmailAccount As String, ByVal GmailPassword As String, Optional ByVal SMTPSERVER As String = "smtp.gmail.com", Optional ByVal ServerPort As Int32 = 587, Optional ByVal EnableSSl As Boolean = True)
Temp_GmailAccount = GmailAccount
Temp_GmailPassword = GmailPassword
Temp_SMTPSERVER = SMTPSERVER
Temp_ServerPort = ServerPort
Temp_EnableSSl = EnableSSl
End Sub
Public Function SendMail(ByVal ToAddressies As String(), ByVal Subject As String, ByVal BodyText As String, Optional ByVal AttachedFiles As String() = Nothing) As Boolean
Temp_ErrorText = ""
Dim Mail As New MailMessage
Dim SMTP As New SmtpClient(Temp_SMTPSERVER)
Mail.Subject = Subject
Mail.From = New MailAddress(Temp_GmailAccount)
SMTP.Credentials = New System.Net.NetworkCredential(Temp_GmailAccount, Temp_GmailPassword) '<-- Password Here
Mail.To.Clear()
For i As Int16 = 0 To ToAddressies.Length - 1
Mail.To.Add(ToAddressies(i))
Next i
Mail.Body = BodyText
Mail.Attachments.Clear()
If AttachedFiles IsNot Nothing Then
For i As Int16 = 0 To AttachedFiles.Length - 1
Mail.Attachments.Add(New Attachment(AttachedFiles(i)))
Next
End If
SMTP.EnableSsl = Temp_EnableSSl
SMTP.Port = Temp_ServerPort
Try
SMTP.Send(Mail)
Return True
Catch ex As Exception
Me.Temp_ErrorText = ex.Message.ToString
Return False
End Try
End Function
End Class
Its the way, how to use class:
Dim GGmail As New GGSMTP_GMAIL("MyFromAddress1#gmail.com", "AccPassword", )
Dim ToAddressies As String() = {"ToAddress1#gmail.com", "ToAddress2#gmail.com"}
Dim attachs() As String = {"d:\temp_Excell226.xlsx", "d:\temp_Excell224.xlsx", "d:\temp_Excell225.xlsx"}
Dim subject As String = "My TestSubject"
Dim body As String = "My text goes here ...."
Dim result As Boolean = GGmail.SendMail(ToAddressies, subject, body, attachs)
If result Then
MsgBox("mails sended successfully", MsgBoxStyle.Information)
Else
MsgBox(GGmail.ErrorText, MsgBoxStyle.Critical)
End If
Hope this helps. Good coding
I'm able to authenticate given user - Domain, UserName and Password with LDAP but not able to retrive his groups which he associated with :(
Here the code i'm using
Public Function ValidateActiveDirectoryLogin(ByVal domainName As String, ByVal userName As String, ByVal userPassword As String) As Boolean
Dim isValidated As Boolean = False
Try
Dim ldapPath As String = "LDAP://" & domainName
Dim dirEntry As New DirectoryEntry(ldapPath, userName, userPassword, AuthenticationTypes.Secure)
Dim dirSearcher As New DirectorySearcher(dirEntry)
dirSearcher.Filter = "(SAMAccountName=" & userName & ")"
dirSearcher.PropertiesToLoad.Add("memberOf")
Dim result As SearchResult = dirSearcher.FindOne()
If Not result Is Nothing Then
For Each x As DictionaryEntry In result.Properties
x.Key.ToString()
'DirectCast(x, System.Collections.DictionaryEntry).Key()
Next
Dim groupCount As Integer = result.Properties("memberOf").Count
Dim isInGroup As Boolean = False
For index As Integer = 0 To groupCount - 1
Dim groupDN As String = result.Properties("memberOf").Item(index).ToString
Dim equalsIndex As Integer = groupDN.IndexOf("=")
Dim commaIndex As Integer = groupDN.IndexOf(",")
Dim group As String = groupDN.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1).ToLower
If group.Equals(groupName.ToLower) Then
isInGroup = True
Exit For
End If
Next index
isValidated = isInGroup
End If
Catch ex As Exception
Throw New Exception(ex.Message)
End Try
Return isValidated
End Function
Please help...
Venky
Here is the way I will use, sorry it's code I translate from C# to VB.Net
` Connection to Active Directory
Dim deBase As DirectoryEntry = New DirectoryEntry("LDAP://192.168.183.100:389/dc=dom,dc=fr", "jpb", "pwd")
` Directory Search for the group your are interested in
Dim dsLookForGrp As DirectorySearcher = New DirectorySearcher(deBase)
dsLookForGrp.Filter = String.Format("(cn={0})", "yourgroup")
dsLookForGrp.SearchScope = SearchScope.Subtree
dsLookForGrp.PropertiesToLoad.Add("distinguishedName")
Dim srcGrp As SearchResult = dsLookForGrp.FindOne
If (Not (srcGrp) Is Nothing) Then
Dim dsLookForUsers As DirectorySearcher = New DirectorySearcher(deBase)
dsLookForUsers.Filter = String.Format("(&(objectCategory=person)(memberOf={0}))", srcGrp.Properties("distinguishedName")(0))
dsLookForUsers.SearchScope = SearchScope.Subtree
dsLookForUsers.PropertiesToLoad.Add("objectSid")
dsLookForUsers.PropertiesToLoad.Add("userPrincipalName ")
dsLookForUsers.PropertiesToLoad.Add("sAMAccountName")
Dim srcLstUsers As SearchResultCollection = dsLookForUsers.FindAll
For Each sruser As SearchResult In srcLstUsers
Console.WriteLine("{0}", sruser.Path)
` Here Test if you username is insode
Console.WriteLine(""& vbTab&"{0} : {1} ", "sAMAccountName", sruser.Properties("sAMAccountName")(0))
Next
End If
Be careful the primary group is given by the primaryGroupID and it's not a DN but an ID which is the lasr part of the group SID.
Last thing, But you can also do it using Managing Directory Security Principals in the .NET Framework 3.5. Here is a sample in C#
/* Retreiving a principal context
*/
Console.WriteLine("Retreiving a principal context");
PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "WM2008R2ENT:389", "dc=dom,dc=fr", "jpb", "PWD");
/* Look for all the groups a user belongs to
*/
UserPrincipal aUser = UserPrincipal.FindByIdentity(domainContext, "user1");
PrincipalSearchResult<Principal> a = aUser.GetAuthorizationGroups();
foreach (GroupPrincipal gTmp in a)
{
Console.WriteLine(gTmp.Name);
}
I recently started a project and needed to do some integration with LDAP via DirectoryServices. I've done this in other apps so I went into one of them to see how I did it -- why reinvent the wheel right? Well, while this wheel works, it was developed years ago and kinda smells (it's wooden, firmly attached to the previous vehicle, hard to repair and produces a potentially bumpy ride).
So I thought to myself, this is the perfect time to refactor this puppy and make it more portable, reusable, reliable, easier to configure etc. Now that's fine and dandy, but then I started feeling a tad overwhelmed regarding to where to start. Should it be a separate library? How should it be configured? Should it use IoC? DI?
So my [admittedly subjective] question is this -- given a relatively small, but quite useful class like the one below, what is a good approach to refactoring it? What questions do you ask and how do you decide what to implement or not implement? Where do you draw the line regarding configuration flexibility?
[Note: Please don't bash this code too much okay? It was written a long time ago and has functioned perfectly well baked into an in house application.]
Public Class AccessControl
Public Shared Function AuthenticateUser(ByVal id As String, ByVal password As String) As Boolean
Dim path As String = GetUserPath(id)
If path IsNot Nothing Then
Dim username As String = path.Split("/")(3)
Dim userRoot As DirectoryEntry = New DirectoryEntry(path, username, password, AuthenticationTypes.None)
Try
userRoot.RefreshCache()
Return True
Catch ex As Exception
Return False
End Try
Else
Return False
End If
End Function
Private Shared Function GetUserPath(ByVal id As String) As String
Dim root As DirectoryEntry = New DirectoryEntry("LDAP://XXXXX/O=YYYY", String.Empty, String.Empty, AuthenticationTypes.None)
Dim searcher As New DirectorySearcher
Dim results As SearchResultCollection
Dim result As SearchResult
Try
With searcher
.SearchRoot = root
.PropertiesToLoad.Add("cn")
.Filter = String.Format("cn={0}", id)
results = .FindAll()
End With
If results.Count > 0 Then
result = results(0)
Return result.Path.ToString()
Else
Return Nothing
End If
Catch ex As Exception
Return Nothing
End Try
End Function
Public Shared Function GetUserInfo(ByVal id As String) As UserInfo
Dim root As DirectoryEntry = New DirectoryEntry("LDAP://XXXXX/O=YYYY", String.Empty, String.Empty, AuthenticationTypes.None)
Dim searcher As New DirectorySearcher
Dim results As SearchResultCollection
Dim props() As String = {"id", "sn", "mail", "givenname", "container", "cn"}
Try
With searcher
.SearchRoot = root
.PropertiesToLoad.AddRange(props)
.Filter = String.Format("cn={0}", id)
results = .FindAll()
End With
If results.Count > 0 Then
Dim properties As PropertyCollection = results(0).GetDirectoryEntry().Properties
Dim user As New UserInfo(properties("id").Value)
user.EmailAddress = properties("mail").Item(0).ToString
user.FirstName = properties("givenname").Item(0).ToString
user.LastName = properties("sn").Item(0).ToString
user.OfficeLocation = properties("container").Item(0).ToString
Return user
Else
Return New UserInfo
End If
Catch ex As Exception
Return Nothing
End Try
End Function
Public Shared Function IsMemberOfGroup(ByVal id As String, ByVal group As String) As Boolean
Dim root As DirectoryEntry = New DirectoryEntry("LDAP://XXXXX/O=YYYY", String.Empty, String.Empty, AuthenticationTypes.None)
Dim searcher As New DirectorySearcher
Dim results As SearchResultCollection
Dim result As SearchResult
Dim props() As String = {"cn", "member"}
Try
With searcher
.SearchRoot = root
.PropertiesToLoad.AddRange(props)
.Filter = String.Format("cn={0}", group)
results = .FindAll()
End With
If results.Count > 0 Then
For Each result In results
Dim members As PropertyValueCollection = result.GetDirectoryEntry().Properties("member")
Dim member As String
For i As Integer = 0 To members.Count - 1
member = members.Item(i).ToString
member = member.Substring(3, member.IndexOf(",") - 3).ToLowerInvariant
If member.Contains(id.ToLowerInvariant) Then Return True
Next
Next
End If
Return False
Catch ex As Exception
Return False
End Try
End Function
Public Shared Function GetMembersOfGroup(ByVal group As String) As List(Of String)
Dim groupMembers As New List(Of String)
Dim root As DirectoryEntry = New DirectoryEntry("LDAP://XXXXX/O=YYYY", String.Empty, String.Empty, AuthenticationTypes.None)
Dim searcher As New DirectorySearcher
Dim results As SearchResultCollection
Dim result As SearchResult
Dim props() As String = {"cn", "member"}
Try
With searcher
.SearchRoot = root
.PropertiesToLoad.AddRange(props)
.Filter = String.Format("cn={0}", group)
results = .FindAll()
End With
If results.Count > 0 Then
For Each result In results
Dim members As PropertyValueCollection = result.GetDirectoryEntry().Properties("member")
Dim member As String
For i As Integer = 0 To members.Count - 1
member = members.Item(i).ToString
member = member.Substring(3, member.IndexOf(",") - 3).ToLowerInvariant
groupMembers.Add(member)
Next
Next
End If
Catch ex As Exception
Return Nothing
End Try
Return groupMembers
End Function
End Class
Clarifications:
- there is a separate class for user (simple poco)
- there isn't a group class since all that's used right now is the list of ids, could be useful to add though
Here is an example of a refactored code sample:
Public Class AccessControl
Public Shared Function AuthenticateUser(ByVal id As String, ByVal password As String) As Boolean
Dim path As String
Dim username As String
Dim userRoot As DirectoryEntry
path = GetUserPath(id)
If path.Length = 0 Then
Return False
End If
username = path.Split("/")(3)
userRoot = New DirectoryEntry(path, username, password, AuthenticationTypes.None)
Try
userRoot.RefreshCache()
Return True
Catch ex As Exception
' Catching Exception might be accepted way of determining user is not authenticated for this case
' TODO: Would be better to test for specific exception type to ensure this is the reason
Return False
End Try
End Function
Private Shared Function GetUserPath(ByVal id As String) As String
Dim results As SearchResultCollection
Dim propertiesToLoad As String()
propertiesToLoad = New String() {"cn"}
results = GetSearchResultsForCommonName(id, propertiesToLoad)
If results.Count = 0 Then
Return String.Empty
Else
Debug.Assert(results.Count = 1)
Return results(0).Path
End If
End Function
Public Shared Function GetUserInfo(ByVal id As String) As UserInfo
Dim results As SearchResultCollection
Dim propertiesToLoad As String()
propertiesToLoad = New String() {"id", "sn", "mail", "givenname", "container", "cn"}
results = GetSearchResultsForCommonName(id, propertiesToLoad)
If results.Count = 0 Then
Return New UserInfo
End If
Debug.Assert(results.Count = 1)
Return CreateUser(results(0).GetDirectoryEntry().Properties)
End Function
Public Shared Function IsMemberOfGroup(ByVal id As String, ByVal group As String) As Boolean
Dim allMembersOfGroup As List(Of String)
allMembersOfGroup = GetMembersOfGroup(group)
Return allMembersOfGroup.Contains(id.ToLowerInvariant)
End Function
Public Shared Function GetMembersOfGroup(ByVal group As String) As List(Of String)
Dim results As SearchResultCollection
Dim propertiesToLoad As String()
propertiesToLoad = New String() {"cn", "member"}
results = GetSearchResultsForCommonName(group, propertiesToLoad)
Return ConvertMemberPropertiesToList(results)
End Function
Private Shared Function GetStringValueForPropertyName(ByVal properties As PropertyCollection, ByVal propertyName As String) As String
Return properties(propertyName).Item(0).ToString
End Function
Private Shared Function CreateUser(ByVal userProperties As PropertyCollection) As UserInfo
Dim user As New UserInfo(userProperties("id").Value)
With user
.EmailAddress = GetStringValueForPropertyName(userProperties, "mail")
.FirstName = GetStringValueForPropertyName(userProperties, "givenname")
.LastName = GetStringValueForPropertyName(userProperties, "sn")
.OfficeLocation = GetStringValueForPropertyName(userProperties, "container")
End With
Return user
End Function
Private Shared Function GetValueFromMemberProperty(ByVal member As String) As String
Return member.Substring(3, member.IndexOf(",") - 3).ToLowerInvariant
End Function
Private Shared Function ConvertMemberPropertiesToList(ByVal results As SearchResultCollection) As List(Of String)
Dim result As SearchResult
Dim memberProperties As PropertyValueCollection
Dim groupMembers As List(Of String)
groupMembers = New List(Of String)
For Each result In results
memberProperties = result.GetDirectoryEntry().Properties("member")
For i As Integer = 0 To memberProperties.Count - 1
groupMembers.Add(GetValueFromMemberProperty(memberProperties.Item(i).ToString))
Next
Next
Return groupMembers
End Function
Private Shared Function GetSearchResultsForCommonName(ByVal commonName As String, ByVal propertiesToLoad() As String) As SearchResultCollection
Dim results As SearchResultCollection
Dim searcher As New DirectorySearcher
With searcher
.SearchRoot = GetDefaultSearchRoot()
.PropertiesToLoad.AddRange(propertiesToLoad)
.Filter = String.Format("cn={0}", commonName)
results = .FindAll()
End With
Return results
End Function
Private Shared Function GetDefaultSearchRoot() As DirectoryEntry
Return New DirectoryEntry("LDAP://XXXXX/O=YYYY", String.Empty, String.Empty, AuthenticationTypes.None)
End Function
End Class
I think you can ever take this further by extracting constants, etc, but this removes most of the duplication, etc. Let me know what you think.
Way, too late, I realize... but also wanted to address some of the questions you asked as well. See http://chrismelinn.wordpress.com/2011/06/18/questions-before-refactoring-2/
I believe it's important to modify the exception handling as well. The pattern I see in the methods above is:
Try
...
Catch ex As Exception
Return False
End Try
The code above is essentially hiding (swallowing) its exceptions. This may have been implemented initially because certain types of exceptions were thrown as a result of the user not being found, and returning False or Nothing was probably appropriate. However, you may been getting other types of exceptions in your application which you may never know about (e.g. OutOfMemoryException, etc).
I would suggest catching only specific types of exceptions that you may want to legitimately return false/Nothing. For others, let the exception bubble up, or log it at a minimum.
For other tips on exception handling, read this helpful post.
The first thing I would do is remove any duplication. Strip out common functionality in to separate methods.
Also, think along the lines of every class should have a single role/responsibility - you might want to create separate User and Group classes.
There is a catalog of common refactorings here:
http://www.refactoring.com/catalog/index.html
You should only really consider Inversion of Control if you wish to swap in different classes for testing reasons etc...
It might not be the most significant refactoring, but I am a big fan of the early return. So, for instance, where you have:
If results.Count > 0 Then
Dim properties As PropertyCollection = results(0).GetDirectoryEntry().Properties
Dim user As New UserInfo(properties("id").Value)
user.EmailAddress = properties("mail").Item(0).ToString
user.FirstName = properties("givenname").Item(0).ToString
user.LastName = properties("sn").Item(0).ToString
user.OfficeLocation = properties("container").Item(0).ToString
Return user
Else
Return New UserInfo
End If
I would use, instead:
If results.Count == 0 Then Return New UserInfo
Dim properties As PropertyCollection = results(0).GetDirectoryEntry().Properties
Dim user As New UserInfo(properties("id").Value)
user.EmailAddress = properties("mail").Item(0).ToString
user.FirstName = properties("givenname").Item(0).ToString
user.LastName = properties("sn").Item(0).ToString
user.OfficeLocation = properties("container").Item(0).ToString
Return user
Indentation implies complexity, and there isn't enough complexity in the special handling of the empty result case to warrant 8 lines of indentation. There is a point at which removing indentation can actually hide real complexity, so don't push this rule too hard, but for the code presented, I'd definitely use the early return.
The first thing that immediately jumps out at me is that there's a lot of functions involving users that don't seem to be associated with the user class you have created.
I would try some of the following approaches:
Add the following to the user class:
Path
Authenticate(string password) - this could be a static method, not sure of the use cases here.
Groups - I would also recommend creating an actual domain object for groups. It could have a collection of users as a property to start with.