none
WCF, DirectoryServices namespace, and Impersonation. RRS feed

  • Question

  • I am working on a WCF service that can perform basic Active Directory operations (create users for instance). 

    Is there a way to get WCF to work with Impersonation (believe impersonation is what I want) so each function in the code that uses DirectoryEntry doesn't need to manually specify the username/password to query against AD with? I am hoping there is a way to use Impersonation and define the AD user to use in a IIS App Pool. 

    For instance, here is a code sample:

    using (DirectoryEntry DE_SecGroupParentDN = new DirectoryEntry())
                {
                    try
                    {
                        DE_SecGroupParentDN.Path = "LDAP://" + input_ADSecGroupInfo.SecGroupParentDN;
                        DE_SecGroupParentDN.Username = "username";
                        DE_SecGroupParentDN.Password = "password";
    
                        DirectoryEntry DE_SecGroupName = DE_SecGroupParentDN.Children.Add("CN=" + input_ADSecGroupInfo.SecGroupName, "group");
                        DE_SecGroupName.Properties["sAMAccountName"].Add(input_ADSecGroupInfo.SecGroupName);
                        DE_SecGroupName.Properties["description"].Add(input_ADSecGroupInfo.SecGroupDescription);
                        DE_SecGroupName.CommitChanges();
    
                        DE_SecGroupName.Dispose();
    
                        return "CN=" + input_ADSecGroupInfo.SecGroupName + "," + input_ADSecGroupInfo.SecGroupParentDN;
                    }
                    catch
                    {
                        return "Something went wrong";
                    }
                }
    The areas I bolded....is what I am hoping to eliminate and somehow use impersonation/IIS App Pool to specify the credentials to use. 

    Any ideas if this is possible?

    Tuesday, April 28, 2015 3:01 PM

Answers