Use DN from UserPrincipal

Author: jabbera

RutaHttpModule/LdapExtensions.cs

@@ -11,18 +11,15 @@ internal static class LdapExtensions
     {
         private const string MembershipFilterFormatStringAllGroups = "(&(|(samAccountType=268435456)(samAccountType=268435457)(samAccountType=536870912)(samAccountType=536870913))(member:1.2.840.113556.1.4.1941:={0}))";
         private const string ADAttribute_CommonName = "cn";
-        private const string ADAttribute_DistinguishedName = "distinguishedName";
         private const string LDAPPathPrefix = "LDAP://";
-        private const string UserNameSearchFilterFormatString = "(&(samAccountType=805306368)(|(userPrincipalName={0})(samAccountName={0})))";
 
         internal static IEnumerable<string> GetGroupsFast(this UserPrincipal user, string userContainer, string groupsContainer)
         {
             if (user == null) throw new ArgumentNullException(nameof(user));
 
             using (var groupsDirectoryEntry = BindToContainer(groupsContainer))
-            using (var userDirectoryEntry = BindToContainer(userContainer))
             {
-                return GetGroupNamesForUser(user.SamAccountName, userDirectoryEntry, groupsDirectoryEntry);
+                return SearchForUsersGroupCommonNames(groupsDirectoryEntry, user.DistinguishedName);
             }
         }
 
@@ -58,23 +55,7 @@ private static IEnumerable<string> SearchForUsersGroupCommonNames(DirectoryEntry
                 }
             }
         }
-
-        private static IEnumerable<string> GetGroupNamesForUser(string userName, DirectoryEntry userDirectoryEntry, DirectoryEntry groupsDirectoryEntry)
-        {
-            if (userName == null) throw new ArgumentNullException(nameof(userName));
-            if (userDirectoryEntry == null) throw new ArgumentNullException(nameof(userDirectoryEntry));
-
-            var user = SearchForUser(userName, userDirectoryEntry, new[] { ADAttribute_DistinguishedName });
-            if (user == null) return null;
-
-            var userDistinguishedName = ExtractUserDistinguishedName(userName, user);
-
-            var groupContainer = groupsDirectoryEntry; // search group context
-
-            // ReSharper disable once ExpressionIsAlwaysNull
-            return SearchForUsersGroupCommonNames(groupContainer, userDistinguishedName);
-        }
-
+        
         private static DirectoryEntry BindToContainer(string container)
         {
             string path = null;
@@ -89,44 +70,5 @@ private static DirectoryEntry BindToContainer(string container)
                            | AuthenticationTypes.ReadonlyServer // request closest read-only directory service
                            | AuthenticationTypes.Signing);
         }
-
-        /// <summary>
-        /// Searches for the specified user in the specified user container,
-        /// and returns a <c>SearchResult</c> representing the user that
-        /// contains the Active Directory properties specified in <c>adPropertiesToLoad</c>.
-        /// </summary>
-        private static SearchResult SearchForUser(string userName, DirectoryEntry userContainer, string[] adPropertiesToLoad)
-        {
-            if (userName == null) throw new ArgumentNullException(nameof(userName));
-            if (userContainer == null) throw new ArgumentNullException(nameof(userContainer));
-
-            using (var userSearcher = new DirectorySearcher(userContainer))
-            {
-                userSearcher.Filter = string.Format(UserNameSearchFilterFormatString, userName);
-                userSearcher.PropertiesToLoad.AddRange(adPropertiesToLoad);
-
-                var user = userSearcher.FindOne();
-
-                return user;
-            }
-        }
-
-        private static string ExtractUserDistinguishedName(string userName, SearchResult user)
-        {
-            var userDnValueCollection = user.Properties[ADAttribute_DistinguishedName];
-
-            if (userDnValueCollection == null)
-            {
-                var message = string.Format("Could not find the {1} property in the specified user ({0}).", userName, ADAttribute_DistinguishedName);
-                throw new ArgumentException(message);
-            }
-            var userDistinguishedName = userDnValueCollection[0] as string;
-            if (userDistinguishedName == null)
-            {
-                var message = $"Active Directory is broken.  Retrieved user {userName} with an empty collection of {ADAttribute_DistinguishedName} values.";
-                throw new ActiveDirectoryOperationException(message);
-            }
-            return userDistinguishedName;
-        }
     }
 }

RutaHttpModuleTest/AdInteractionTest.cs

@@ -75,9 +75,6 @@ public void GroupDnFilterTest()
         {
             var result = this.adInteraction.GetUserInformation(WindowsIdentity.GetCurrent().Name);
 
-            Assert.IsTrue(WindowsIdentity.GetCurrent().Name.EndsWith(result.login, StringComparison.Ordinal));
-            Assert.IsNotNull(result.name);
-            Assert.IsTrue(emailRegex.IsMatch(result.email));
             CollectionAssert.DoesNotContain(result.groups.ToArray(), "Domain Users");
         }