HiveBrain v1.2.0
Get Started
← Back to all entries
patterncsharpMinor

Verifying that an Active Directory user is in a certain OU or group

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
codereviewcsharpstackoverflowc#active-directory
directoryverifyingactivegroupuserthatcertain

Problem

I'm writing an application that needs to verify that an Active Directory user is in a certain OU or group. This allows me to tell if the user is a Field Agent or a Home Office User. However, I didn't want to fixate on one OU and one group, so I allow the OU names and group names to be comma separate values in the web.config file. I also added a feature where I can whitelist specific usernames, as well, for testing and/or programmer access.

This is untested as I'm just starting on the project. The method is kind of long and feels like it can be optimized. Should I add a helper method to check the lists or try a Linq expression or something else? Let me know if the Active Directory code can be improved, as well.

```
private LpaUserType VerifyUserAccess(string Username)
{
try
{
// Load whitelist values
// Load list of OU names
var fieldOrgUnits = new List(Settings.Default.AllowedFieldOrganizationUnits.Split(','));
var homeOfficeOrgUnits = new List(Settings.Default.AllowedHomeOfficeOrganizationUnits.Split(','));

// Load list of Group names
var fieldGroups = new List(Settings.Default.AllowedFieldGroups.Split(','));
var homeOfficeGroups = new List(Settings.Default.AllowedHomeOfficeGroups.Split(','));

// Load list of User names
var fieldUsers = new List(Settings.Default.AllowedFieldUsers.Split(','));
var homeOfficeUsers = new List(Settings.Default.AllowedHomeOfficeUsers.Split(','));

// Create context object for the configured AD Domain
var pc = new PrincipalContext(ContextType.Domain, Settings.Default.ActiveDirectoryDomainName);

// Check username first; saves on loading more objects
if (fieldUsers.Contains(Username))
{
return LpaUserType.FieldAgent;
}

if (homeOfficeUsers.Contains(Username))
{
return LpaUserType.HomeOffice;
}

// No match found by username, fetch user security o

Solution

I would add that where you initialise a new list by using a split to use the ToList method.

var fieldOrgUnits = new List(Settings.Default.AllowedFieldOrganizationUnits.Split(','));


would become:

var fieldOrgUnits = Settings.Default.AllowedFieldOrganizationUnits.Split(',').ToList();


This is a little more concise in my opinion.

Code Snippets

var fieldOrgUnits = new List<string>(Settings.Default.AllowedFieldOrganizationUnits.Split(','));
var fieldOrgUnits = Settings.Default.AllowedFieldOrganizationUnits.Split(',').ToList();

Context

StackExchange Code Review Q#68067, answer score: 5

Revisions (0)

No revisions yet.