The .NET Developer's Guide to Directory Services Programming [Paperback]

Joe Kaplan (Author), Ryan Dunn (Author)

Book Description

ISBN-10: 0321350170 | ISBN-13: 978-0321350176 | Publication Date: May 18, 2006 | Edition: 1

“If you have any interest in writing .NET programs using Active Directory or ADAM, this is the book you want to read.”
—Joe Richards, Microsoft MVP, directory services

Identity and Access Management are rapidly gaining importance as key areas of practice in the IT industry, and directory services provide the fundamental building blocks that enable them. For enterprise developers struggling to build directory-enabled .NET applications, The .NET Developer’s Guide to Directory Services Programming will come as a welcome aid.

Microsoft MVPs Joe Kaplan and Ryan Dunn have written a practical introduction to programming directory services, using both versions 1.1 and 2.0 of the .NET Framework. The extensive examples in the book are in C#; a companion Web site includes both C# and Visual Basic source code and examples.

Readers will

• Learn to create, rename, update, and delete objects in Active Directory and ADAM
• Learn to bind to and search directories effectively and efficiently
• Learn to read and write attributes of all types in the directory
• Learn to use directory services within ASP.NET applications
• Get concrete examples of common programming tasks such as managing Active Directory and ADAM users and groups, and performing authentication

Experienced .NET developers—those building enterprise applications or simply interested in learning about directory services—will find that The .NET Developer’s Guide to Directory Services Programming unravels the complexities and helps them to avoid the common pitfalls that developers face.

Editorial Reviews

About the Author

Joe Kaplan works in Accenture’s internal IT organization, building enterprise applications using the .NET Framework. He specializes in directory services programming, for which he has been recognized as a Microsoft MVP. An industry veteran of more than thirteen years, he also thrives on working with the development community and solving real-world problems.

Ryan Dunn of Avanade is a .NET developer and architect with experience in a wide range of industries and technologies. He has consulted on a number of projects to integrate clients’ applications with Active Directory and ADAM. Ryan is a Microsoft MVP for ASP.NET, though he currently focuses primarily on directory services. Ryan can be reached on the Web in the ASP.NET forums or through his blog at http://dunnry.com/blog.

Excerpt. © Reprinted by permission. All rights reserved.

We wrote this book with the vision that it would be the definitive guide for helping developers leverage directory services from Active Directory and Active Directory/Application Mode (ADAM) in their .NET applications. Even though version 1.0 of the .NET Framework shipped in 2001 with a namespace called System.DirectoryServices (SDS) for doing this kind of work, the resources available to developers using these technologies have lagged behind. This is the book that we fervently wished we had back when we were first developing software for Active Directory. It was an idea that took a little while to come to fruition: Perhaps a bit of our back story will help to frame our perspective.

Ryan was working at a very large professional services firm that was selling off its consulting services capabilities. As part of the separation, a new IT infrastructure needed to be created. It fell to Ryan to figure out how to automate HR data feeds to provision Active Directory accounts and how to manage all of it with only a skeleton crew and a few custom apps. This was in the .NET version 1.0 beta 2 timeframe and .NET seemed promising.

Separately, but in an eerily similar vein, Joe was working in the IT organization of a large professional services firm that was contemplating a massive email system migration from a popular groupware platform to Microsoft’s Exchange 2000 Server. Exchange works on top of Active Directory, and Joe was asked to help out on the integration project between Active Directory and the groupware system’s directory.

Both projects required a heavy dose of directory services magic to tie the systems together and migrate from the competing platforms. The applications were not simple scripts, but complex systems and web applications requiring a more in-depth approach. But as we began to wade into the code, we noticed there were quite a few rough edges to be sorted out. Exactly how do we make the Lightweight Directory Access Protocol (LDAP) code work correctly in ASP.NET? What were all of those flags used for? How do we make these objects behave the way we expect? How do we extend the schema to accommodate our own custom business logic?

Naturally, we went to the web-based message boards and newsgroups seeking advice, but found very little. Some people had some of the answers if we translated their logic from scripts or C++ programs, but more people were asking than answering. With hard work and sometimes-fortuitous chance, we eventually pieced it together, but it was far more difficult than it needed to be.

Flash forward to 2006: The .NET Framework has matured significantly, with a milestone 2.0 release, and so has the .NET development community. Books and resources abound for just about every topic you could imagine. However, directory services programming still remains obscure and confusing.

This lack of guidance is somewhat ironic given that the enterprise directory continues to gain prominence in the organization. It is no longer just the province of a team of administrators writing scripts. It has become a key source of data for many full-scale applications, with some even building complex identity life cycle management processes on top of it.

We stuck around the message boards, and over the last several years, we worked actively in the online development community to help developers of all stripes solve their directory services development problems. We know from our work in the community that there tends to be a lot of confusion on how best to leverage what became of Active Directory Service Interfaces (ADSI) in the new managed model of System.DirectoryServices.

We took the most common problems that developers wrestle with in this space and tried to address them in turn. By the time you finish reading this book, we hope that your directory services programming will be much more effective than before.

Our approach for this book tends to be very pragmatic. We focus heavily on code samples showing how to do things the right way, sometimes at the expense of brevity. However, we do not hesitate to dig under the covers and provide answers for how things really work. We start with the basic skills that every directory services developer should understand and build a solid foundation. We then layer on more advanced topics and scenarios that we have run into firsthand and that we know from our work in the community that developers still struggle with. When we are done, you should have all the tools needed to tackle the advanced scenarios and build the types of applications you need.

Outside of this book, we endeavor to support our readers by making examples, errata, additional topics, and tools available on our companion web site, www.directoryprogramming.net.

What Is Covered?

The book primarily focuses on programming LDAP with the System.DirectoryServices namespace. At times, we address the new additions to .NET, System.DirectoryServices.ActiveDirectory (SDS.AD) and System.DirectoryServices.Protocols (SDS.P), when there is functionality or a scenario that is not addressed with System.DirectoryServices, although complete coverage of all of the new bits will require another book.

We take the approach of covering both the 1.1 and 2.0 versions of the .NET Framework. We realize that many developers will be working in both environments for years to come. Even for developers who may never use older versions, it is useful to learn the newer features by understanding the previous shortcomings.

The book also focuses on Microsoft’s primary LDAP directory service product, Active Directory, with a fair amount of coverage of ADAM as well. While we do not provide specific examples of targeting non-Microsoft directories, we do try to point out the issues that are most likely to affect you, and how to avoid them.

The book is divided into two parts. Part I (Chapters 1-9) is all about the fundamentals of LDAP programming. It introduces the key concepts and provides a solid foundation upon which to build any type of directory services application. Part II (Chapters 10-12) is about applying the fundamentals from Part I to real-world problems and provides more of a “cookbook” approach. The topics in these last chapters come from what we see developers wrestling with everyday and our own experiences as we struggled to learn this.

Chapter 1 introduces the basic concepts of LDAP and discusses the key directory services that the book focuses on, Active Directory and ADAM. In Chapter 2, we continue the introduction with a survey of the APIs available for programming LDAP using the .NET Framework and discuss how they relate to each other.

Starting with Chapters 3 and 4, we cover the basic mechanics of accessing Active Directory or ADAM. In Chapter 3, we focus in detail on connecting to the directory, as well as creating, moving, renaming, and deleting objects. Chapter 4 covers the basics of searching. Searching is the fundamental activity of LDAP programming, so a solid grounding is essential.

Chapter 5 continues with the searching theme, but goes into detail on the advanced topics. The 2.0 release of the .NET Framework has added a host of new searching features, so we cover all of these here and provide complete samples.

Chapter 6 focuses on the intricacies of reading and writing attributes in the directory. We discuss all of the different attribute syntaxes, including the ones that tend to give developers the most trouble.

Chapter 7 covers LDAP schema and extensions, explaining key points that the enterprise developer should know for designing new schema.

We delve into the Windows security model in Chapter 8, addressing not only LDAP security and how it integrates with Windows security, but also the challenges of the security context in the ASP.NET environment. We will show you how to use Kerberos delegation and teach you common issues to look for. We also cover access control lists (ACLs) in Active Directory and ADAM and discuss the code access security (CAS) model in the .NET Framework, as well as how it applies to directory services programming.

Chapter 9 explores System.DirectoryServices.ActiveDirectory. This new namespace was introduced with .NET 2.0 and included many new capabilities for managing Active Directory and ADAM. We focus on one of the most useful features, the Locator service built into Active Directory that finds domain controllers on the network.

In Chapters 10, 11, and 12, we shift our focus from fundamentals to practical solutions for common problems. Some of these scenarios are advanced, but by this point, we should have you prepared to tackle them. Chapter 10 discusses user management in detail and provides a wealth of useful samples, as well as real answers to common problems. Chapter 11 covers group management in detail. We conclude in Chapter 12 with a variety of different approaches for authentication with LDAP, including a discussion of the alternatives.

We also include three appendices. Appendix A shows some different approaches for doing COM interop in .NET. COM interop is often required when working with these technologies, so it is useful to know the options here. Appendix B provides our list of “must-have” tools for LDAP programmers working with Active Directory and ADAM. Finally, Appendix C attempts to provide a cross-reference of common errors to topics in the book that deal with those problems. If you are stuck and need an answer fast, Appendix C might help you to use the book more effectively. We also tell you how to get in touch with us if you can’t find what you are looking for here.

Target Audience

This book was written with the .NET enterprise application developer in mind...

Product Details

• Paperback: 512 pages
• Publisher: Addison-Wesley Professional; 1 edition (May 18, 2006)
• Language: English
• ISBN-10: 0321350170
• ISBN-13: 978-0321350176
• Product Dimensions: 9.2 x 7 x 1.1 inches
• Shipping Weight: 2.1 pounds (View shipping rates and policies)
• Average Customer Review: 4.5 out of 5 stars  See all reviews (17 customer reviews)
• Amazon Best Sellers Rank: #755,454 in Books (See Top 100 in Books)
  • #53 in Books > Computers & Technology > Databases > Database Design

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

18 of 18 people found the following review helpful:

5.0 out of 5 stars Excellent coverage of a difficult, poorly documented topic, June 20, 2006

By 

Michael (LOS ANGELES, US, Canada) - See all my reviews
(REAL NAME)   

This review is from: The .NET Developer's Guide to Directory Services Programming (Paperback)

This book is for all of you who need to write Active Directory based programs for .NET and ASP.NET.

The voice of bitter experience: As anyone who has tried to learn how to program against Active Directory or ADAM knows, the on-line information at MSDN is extraordinarily confusing, not least because Microsoft has introduced several different technologies to access Active Directory--Native LDAP, System.DirectoryServices, System.DirectoryServices.ActiveDirectory, System.DirectoryServices.Protocols, Windows Management Instrumentation (WMI), ADSI, and the Net* and Ds* APIs. MSDN's sample code, once you get beyond the basics, is mostly written in C++ and/or VB script. Trust me, you don't want to go there without a knowledgeable mentor at your side. This book can be your guide.

Both of the authors have a welcome presence on Active Directory forums and in the blogosphere. They are well-known as the go-to guys for Active Directory questions. The book reflects their practical experience responding to programmers' reasonable but difficult questions, such as "What's the best way to determine a user's effective group memberships, taking group nesting into account". I couldn't find this answer on MSDN.

The book's first two chapters sort out the confusion about the many layers of Active directory programming in lucid, well-organized prose.

Then, chapter-by-chapter, the book explains how to do just about anything a sane .NET programmer would want to do: CRUD operations, searching, schema, user and group management, authentication, and COM interop. Each sub-topic is succinct, explains advantages and disadvantages of various techniques, and contains code snippets that are valuable and easy to drop into your own code.

The book is not padded with copy-and-paste material from MSDN. Nor is the book cast in the form of a sample application--my own pet peeve of how to hide useful information. The material is original and directly useful. The technique chapters are reasonably stand-alone. You don't have to read all that has gone before to get your question answered.

The authors have a website for the book that contains downloadable code and a few free utilities. [...]
Pros and cons:
1) If you are a sysadmin this probably isn't for you. The book is addressed strictly to programmers.
2) All of the examples are in C#. VB code is promised on the website but it's not there as of this writing. In any event, the Active Directory code examples are really agnostic under the .NET CLR. It should be easy enough for a programmer at the level of this book's intended audience to make the C# to VB translation.
3) There are some typos in the printed examples. The ones I have noticed are corrected in the on-line code.

9 of 10 people found the following review helpful:

5.0 out of 5 stars Excellent Directory resource, June 30, 2006

By 

E. Duys (Charlotte, NC USA) - See all my reviews
(REAL NAME)   

This review is from: The .NET Developer's Guide to Directory Services Programming (Paperback)

The .NET Developer's Guide to Directory Services Programming provides valuable insight in how to properly write .NET applications that use Active Directory or ADAM. It covers pretty much everything you need to know, to be effective in programming against a Directory Service using both .NET 1.1 and .NET 2.0.



The book is very well written and provides sample code around any topic that it touches upon (download here: http://directoryprogramming.net/ ). Both the samples from the book (raw format) and a complete .NET Solution are provided that a developer can leverage to develop their own applications. The site also provides an active forum where you can post questions and problems around the topic. The level of support Ryan and Joe provide is remarkable. In fact, for most searches on Active Directory problems on google, you would find that in many cases, one of the authors is involved in the thread working towards a solution.



The book starts out with a general explanation of LDAP and Active Directory. This is a high level overview of the concepts and terminology around Directory Services, LDAP, Domains etc. It also explains what different approaches to interacting with Directories are available to the programmer. Once the concepts have been explained, the book continues with CRUD operations. As you read this chapter, you will find the true value of the book. Not only does it contain all the information you'll need to program against a Directory Service, but it also points out many of the common pitfalls that a developer runs into when writing an application. The book also goes beyond what the .NET Framework provides to reveal what is actually happening under the hood, when this is appropriate. By doing that, the authors shed some light on why certain logic should be implemented in a particular way.



The book subsequently covers the area of Directory Searches (basics and advanced) and how to read and write properties. Again, best practices and details on why one should implement logic a certain way are described in great detail. After that, the book provides insight in AD Schemas and Security. The last chapter of the first part goes into the .NET Active Directory namespace.



Then, there is a second part, devoted to Practical Applications. This is where everything that was described earlier is put in perspective by using `real world' examples. Especially the chapter on authentication is very valuable.



So overall, I believe this is an outstanding book that you cannot do without if you're serious about Directory Services programming. Together with the provided sample code and the forum, it will make you a better programmer and provide you with a fundamental understanding of Directory Services programming.

5 of 5 people found the following review helpful:

5.0 out of 5 stars A Good Guide to Challenging Ground, November 5, 2006

By 

James M. Stearns (Seattle, WA, United States) - See all my reviews
(REAL NAME)   

This review is from: The .NET Developer's Guide to Directory Services Programming (Paperback)

As other reviewers have noted, programming directory services is a complicated niche. This book provided a light and compass to a developer passing through this territory containing some rather strange-looking flora and fauna.

My company's .NET-based application makes limited use of directory services. When migrating it to .NET 2.0, tens of warnings were generated when referencing the ActiveDs COM library, such as "could not convert the signature" and "At least one of the arguments for 'IPrivateDispatch.ADSIGetIDsOfNames' can not be marshaled". While the warnings did not affect application behavior, ignoring warnings encourages a mindset that could cause a developer to disregard real danger.

This book provided two different ideas to fix the warnings. Both avoided the need to reference the entire ActiveDs.dll library. One idea was to use the enhanced .NET 2.0 classes directly to determine a user's group memberships (my particular need, addressed in Chapter 10). The other was to declare COM Interops for the subset of ActiveDs functionality actually needed (Appendix A). I ended up using the second alternative. The authors provided an example and a reference to a free third-party tool that generated the needed declarations.

Other applications will use directory services more extensively, so their voyage may be more intricate. This book is a guidebook that will help you understand your choices before you set out. I commend the authors for their knowledge of this arcane area and their enthusiasm and ability to understandably share their knowledge.