So I'm trying to find a "Best" way to interact(create a interface) with Active Directory read/write mode. So I'm deciding between this two aproaches:
Try and use the ADWS.
C# Implementation.
Apparently for ADWS is not that easy even though there is a full WSDL I'v not been able to locate it, to try to do some test via SOAPui...
Now fort the C# Implementation there are few implementations
but still I'm not sure if its 100% doable to have full READ/WRITE to AD i.e. creating accounts users, query for users info, etc. from lets say REST WS.
So My questions are
Is there a way of getting a WSDL from the AD server so that I can use that as a starting point? ( I don't want to get me into PowerShell stuff or the like)
Are there any good articles for the latest versions C# ,libs, etc... to help me implement this?
Is there a better way of doing this?
As an example This is what we're trying to do:
Scenario 1:
Create a Web Service (INTERFACE) that expose AD information
The Web Service could be REST or SOAP
The WS should read/Query/Write the AD
Any Application inside the network can consume the WS
Scenario 2 (What we currently plan to do):
Sharepoint Reads AD Information
Job should copy AD to DB
Applications can read this data
There should exist some replication between the DB and AD
Any suggestions will be more than welcome
I'm Using server 2008R2 ,Sharepoint foundations 2010
I'm assuming this is related to your previous question which mentioned Exchange.
My personal suggestion is to host a WCF service in IIS. You can set this service up to do whatever you want to suite your needs for the apps accessing it. You can probably do most of what you need to do through the System.DirectoryServices.AccountManagement namespace when it comes to User and Groups.
System.DirectoryServices will give you more granular control at the cost of more work. However, it is a little easier and reading and writing from/to custom attributes here.
If you're going to interact with Exchange 2010 you'll need to mess with Powershell. And you could use Powershell to do core AD work as well.
And of course if you're going to write your own web service you could make it REST.
Here is a link to MSDN with info about System.DirectoryServices and the various namespaces. I personally find AD to be a lot of fun to work with. There are many ways to do the same thing in it so I don't think there's one right answer for you. Go with what you're comfortable with or challenge yourself to do something new!
Related
Could somebody help me find an example of getting data from SalesForce using its api with c#? E.g. getting a Contact information by its email address?
There are ready-built libraries for .NET integration such as https://github.com/wadewegner/Force.com-Toolkit-for-NET, I'd suggest starting with one of these. (old but official). Another one could be https://github.com/anthonyreilly/NetCoreForce
Old, stable, battle-tested or you want to craft the SOAP / REST messages yourself, read up about security tokens, oauth scopes, error handling, bulk API options? I'd offload at least the login part to existing library but your call :) There are many ways to connect, there's even (paid) SQL server plugin or azure data factory solution...
".NET toolkit" seems to use old SOAP API. It's... simple. You provide username, password and you get total impersonation. The app will be able to do everything the connecting user can do. The other one seems to use client id and secret, this sounds like newer REST-based API implementation (OAuth2 keys). This is slightly better, you get extra security layer of the connected app and for example if "scope" is only set to Chatter - even admin's session connecting via this app can't be abused.
There are slight differences between the APIs and the way they handle certain features (for example downloading a Document/Attachment/File via SOAP API will give you base64-encoded payload while REST API will give you a link to download the binary separately). And of course how much of the API does the library actually implement, how well it's maintained...
But generally I'd say explore the libraries first. At least steal some ideas around login logic. If nothing off-the-shelf works for you - consume the WSDL and hand-craft something in SOAP API. Worst case - craft the XML messages manually, worry about escaping special characters etc.
Get an account and api key and then use the official programming interface:
https://developer.salesforce.com/docs/apis
i'd choose: https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_rest_resources.htm
So You have to read and understand this: https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/using_resources_working_with_searches_and_queries.htm
:)
I am able to use admin SDK API and using C# standalone code and I am able to implement below operation as well.
Create User, Upadate User, Create Group, Add Membership, remove membership, reset password etc.
However I have a requirement where we need to perform bulk upload of group & users into Google. Please advice if there is any sample code or API which I can use to implement the same.
Regards,
Anurag
If you're looking for a solution to bulk user management and you're using .Net or C#, check out my gShell project which wraps the APIs with easy-to-use PowerShell cmdlets. Using this you could do something like easily reading a CSV file or calling against an LDAP environment and calling a cmdlet like Get-GAUser or Set-GAUser to make the necessary changes. You'll need to be working on a Windows OS to get the PowerShell working and you'll need some basic PoSh knowledge, but it's pretty straight forward otherwise.
It also has an option to use the gShell authentication framework in your own .Net project if you need to customize things a bit more or make an executable.
If you're looking for samples of C# code it's open source so browse away.
Hello can anyone with some experience using admin services, make me an example of how to consume wso2 ESB's admin services?
If possible I'd like a C# sample. Many thanks
Here you can find one such example in Java. You may need to convert the same logic to C#. For Registry a .net client is available as sample here which uses admin service to do Registry operations.
I have a website that uses WebMatrix user authentication (login/register pages) and I am making an app in Windows 8 release preview and would like to know if it is possible to authenticate users of my app (let users of my app sign in to my app) if they are registered members of my website? And if they are not, allow them to register through my app - but it appears that remost db connections are not possible in Metro apps - so I don't know what to do. Can somebody please help?
I've been searching for weeks but there still isn't a whole lot of official documentation out there.
You should never ever allow any client or user program to access your database directly (not even read access). People WILL abuse it one way or another and they might try exploits to gain write access if their access is restricted to reading. If you'd like a prominent example, Super Meat Boy did that exactly, and they got lots of database issues and abuse over last year's christmas days (while there game was on (Steam) sale, so they got lots of additional upset players!).
I've never used WebMatrix, so I might be a bit off here, but in general you should have several possible approaches - all being better than doing direct database access:
Use some provided remote access (this might be some extra class or addon or whatever; IF available).
Write your own remote access tool. This would essentially be some special website accepting/returning text or data interpreted by your program. E.g. you could post the login credentials in a HTTP POST request and it could return ok or failed or something like that.
Essentially fake a web browser and access the standard URLs/scripts/systems provided by WebMatrix.
I am going to write up a webapp hosted on a windows 2003 server to allow me to connect to local and remote servers to do some basic things.
The webapp will be hosted on serverA. It will need to be able to copy files/folders from one folder to another on this server.
It will need to be able to connect to ServerB and copy files in the same way, e.g. copy \serverB\path\to\sourcefiles to \serverB\path\to\destinationfiles
ServerB hosts an installation of MSSQL 2008, I want to be able to create new database/login etc.
How do I go about this please? I've been reading a bit about Windows Authentication, Impersonation, Delegation but i don't know where to focus on.
thanks
S
To be honest there isn't really a one size fits all complete answer to your question, however there are a number of things that you need to take into consideration early in development to ensure that your platform is built on solid foundations.
From the description you have given the most critical consideration has to be security and everything you develop has to have this at its core. Judging by your post if the wrong person was to access your front end then they could wreak havoc.
As for the model to use, I would suggest Windows Authentication as this is built into the framework and gives you the ability to segregate into usergroups with differing levels of access. It will also open up some of the functionality you need, i.e. network copy of files etc
As for the database management aspect, this again can easily be done via Windows Authentication as you can grant (in SQL) windows users the ability to perform certain tasks, i.e. Create Database, Create Login, drop x, etc
All this said, it of course assumes that the two servers share user credentials, i.e. domain controller etc.
Another method, would be to use the web "interface" as a pass through onto a WCF service that operates under a specific user account that has the access you need. You would then seperately manage authentication/authorisation in a manner that you decide.
Like I said, no simple one size answer - but hopefully this will give you something to chew on.
If your goal is to create new databases or logins, why can't you use the create database and create login commands?