Get AD info for user in Windows Authentication for ASP .NET Core

Question

Working on an intranet app in .NET Core and I'd like to retrieve information connected to the AD users. Currently, all authentication is handled by Windows and works great. Is there a way I can pull data from AD? I'd like to get information like first and last name, e-mail, ID, etc.

Answer 1

Using.net core 2.1.1

Install "System.DirectoryServices" from NuGet

        using System.DirectoryServices;

        var name = User.Identity.Name.Split('\\')[1];  *@I was getting name as domain\\name @*
        DirectorySearcher ds = new DirectorySearcher(); 
        ds.Filter = "(&(objectClass=user)(objectcategory=person)(name=" + name + "))";
        SearchResult userProperty = ds.FindOne();

        var userEmail = userProperty.Properties["mail"][0];
        var userName = userProperty.Properties["displayname"][0];

Answer 2

After a week of trying this and that, I finally made headway using the Novell.Directory.Ldap package. It was much easier to troubleshoot and I didn't have to worry about running the dual framework.

First, go to the Package Manager Console and type:

Install-Package Novell.Directory.Ldap

This will load the package to your project and add it in the project.json.

There are a few examples out there, but after looking at most of them, they were not really what I needed. I ended up with the following code:

        var logPath = System.IO.Path.GetTempFileName();
        var logWriter = System.IO.File.CreateText(logPath);
        var user = "cn="+User.Identity.Name.Split('\\')[1];
        logWriter.WriteLine("Current Ldap results:");

        LdapConnection ADconn = new LdapConnection();
        ADconn.Connect("DC IP address", 389);
        ADconn.Bind("DOMAIN\\username", "password");
        logWriter.WriteLine(ADconn.GetSchemaDN());

        LdapSearchResults lsc = ADconn.Search("ou=OrgUnit,dc=DOMAIN,dc=com",       
            LdapConnection.SCOPE_SUB,
            user, attrs, false);
        while (lsc.hasMore())
        {
            LdapEntry nextEntry = null;
            try
            {
                nextEntry = lsc.next();
            }
            catch (LdapException e)
            {
                logWriter.WriteLine("Error: " + e.LdapErrorMessage);
                //Exception is thrown, go for next entry
                continue;
            }
            DisplayName = nextEntry.getAttribute("displayName").StringValue;
            UserADId = new Guid((byte[])(Array)nextEntry.getAttribute("objectGuid").ByteValue).ToString();
            EMail = nextEntry.getAttribute("mail").StringValue;
            logWriter.WriteLine(DisplayName);
            logWriter.WriteLine(UserADId);
            logWriter.WriteLine(EMail);

        }
        logWriter.Dispose();
        //Procced 

        //While all the entries are parsed, disconnect   
        ADconn.Disconnect();

Using Windows Authentication, this allows the user's attributes to be pulled from AD. Once pulled, you can assign them to variables and use them! It also creates a TMP file in your C:\Windows\Temp\ folder that acts as a debugger in deployment.

Hope this helps out others!