Addison wesley the dot NET developers guide to directory services programming may 2006 ISBN 0321350170

759 139 0
Addison wesley the dot NET developers guide to directory services programming may 2006 ISBN 0321350170

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

Thông tin tài liệu

The NET Developer's Guide to Directory Services Programming By Joe Kaplan, Ryan Dunn Publisher: Addison Wesley Professional Pub Date: May 08, 2006 Print ISBN-10: 0-321-35017-0 Print ISBN-13: 978-0-321-35017-6 Pages: 512 Table of Contents | Index "If you have any interest in writing NET programs using Active Directory or ADAM, this is the book you want to read." Joe Richards, Microsoft MVP, directory services Identity and Access Management are rapidly gaining importance as key areas of practice in the IT industry, and directory services provide the fundamental building blocks that enable them For enterprise developers struggling to build directory-enabled NET applications, The NET Developer's Guide to Directory Services Programming will come as a welcome aid Microsoft MVPs Joe Kaplan and Ryan Dunn have written a practical introduction to programming directory services, using both versions 1.1 and 2.0 of the NET Framework The extensive examples in the book are in C#; a companion Web site includes both C# and Visual Basic source code and examples Readers will Learn to create, rename, update, and delete objects in Active Directory and ADAM Learn to bind to and search directories effectively and efficiently Learn to read and write attributes of all types in the directory Learn to use directory services within ASP.NET applications Get concrete examples of common programming tasks such as managing Active Directory and ADAM users and groups, and performing authentication Experienced NET developersthose building enterprise applications or simply interested in learning about directory serviceswill find that The NET Developer's Guide to Directory Services Programming unravels the complexities and helps them to avoid the common pitfalls that developers face The NET Developer's Guide to Directory Services Programming By Joe Kaplan, Ryan Dunn Publisher: Addison Wesley Professional Pub Date: May 08, 2006 Print ISBN-10: 0-321-35017-0 Print ISBN-13: 978-0-321-35017-6 Pages: 512 Table of Contents | Index Copyright Microsoft NET Development Series Listings Tables Foreword Preface Acknowledgments About the Authors Part I: Fundamentals Chapter 1 Introduction to LDAP and Active Directory A Brief History of Directory Services Definition of LDAP Definition of Active Directory Definition of ADAM LDAP Basics Summary Chapter 2 Introduction to NET Directory Services Programming NET Directory Services Programming Landscape Native Directory Services Programming Landscape System.DirectoryServices Overview System.DirectoryServices.ActiveDirectory Overview System.DirectoryServices.Protocols Overview Selecting the Right Technology Summary Chapter 3 Binding and CRUD Operations with DirectoryEntry Property and Method Overview Binding to the Directory Directory CRUD Operations Summary Chapter 4 Searching with the DirectorySearcher LDAP Searching Overview DirectorySearcher Overview The Basics of Searching Building LDAP Filters Controlling the Content of Search Results Executing the Query and Enumerating Results Returning Many Results with Paged Searches Sorting Search Results Summary Chapter 5 Advanced LDAP Searches Administrative Limits Governing Active Directory and ADAM Understanding Searching Timeouts Optimizing Search Performance Searching the Global Catalog Chasing Referrals Virtual List View Searches Searching for Deleted Objects Directory Synchronization Queries Using Attribute Scope Query Extended DN Queries Reading Security Descriptors with Security Masks Asynchronous Searches Summary Chapter 6 Reading and Writing LDAP Attributes Basics of Reading Attribute Values Collection Class Usage Understanding the ADSI Property Cache LDAP Data Types in NET ADSI Schema Mapping Mechanism NET Attribute Value Conversion Standard Data Types Binary Data Conversion COM Interop Data Types Syntactic versus Semantic Conversion Dealing with Attributes with Many Values Basics of Writing Attribute Values Writing COM Interop Types Summary Chapter 7 Active Directory and ADAM Schema Schema Extension Best Practices Choosing an Object Class Choosing Attribute Syntaxes Modeling One-to-Many and Many-to-Many Relationships Search Flags and Indexing Techniques for Extending the Schema Discovering Schema Information at Runtime Summary Chapter 8 Security in Directory Services Programming Binding and Delegation Directory Object Permissions in Active Directory and ADAM Code Access Security Summary Chapter 9 Introduction to the ActiveDirectory Namespace Working with the DirectoryContext Class Locating Domain Controllers Understanding the Active Directory RPC APIs Useful Shortcuts for Developers Summary Part II: Practical Applications Chapter 10 User Management Finding Users Creating Users Managing User Account Features Managing Passwords for Active Directory Users Managing Passwords for ADAM Users Determining User Group Membership in Active Directory and ADAM Summary Chapter 11 Group Management Creating Groups in Active Directory and ADAM Manipulating Group Membership Expanding Group Membership Primary Group Membership Foreign Security Principals Summary Chapter 12 Authentication Authentication Using SDS Authentication Using SDS.P Authentication Using SSPI Discovering the Cause of Authentication Failures Summary Part III: Appendixes Appendix A Three Approaches to COM Interop with ADSI The Standard Method The Reflection Method Handcrafted COM Interop Declarations Summary Appendix B LDAP Tools for Programmers LDP ADSI Edit Active Directory Users and Computers LDIFDE ADFind/ADMod BeaverTail LDAP Browser Softerra LDAP Browser Summary Appendix C Troubleshooting and Help Error 0x8007203A: "The server is not operational." Error 0x8007052E: "Login Failure: unknown user name or bad password." Error 0x80072020: "An operations error occurred." Error 0x80072030: "There is no such object on the server." Error 0x8007202F: "A constraint violation occurred." Error 0x80072035: "The server is unwilling to process the request." Error 0x80070005: "General access denied error." InvalidOperationException from DirectorySearcher Getting Help Summary Index Copyright Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals The NET logo is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries and is used under license from Microsoft The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests For more information, please contact: U.S Corporate and Government Sales (800) 382-3419 corpsales@pearsontechgroup.com For sales outside the United States please contact: International Sales international@pearsoned.com Visit us on the Web: www.awprofessional.com Library of Congress Cataloging-in-Publication Data: Kaplan, Joe The NET developer's guide to Directory Services programming / p cm Includes bibliographical references and index ISBN 0-321-35017-0 (pbk : alk paper) Computer softwareDevelopment Directory services (Comput Microsoft NET Framework I Dunn, Ryan 1976- II Title QA76.76.D47K363 2006 005.2'768dc22 Copyright © 2006 Pearson Education, Inc All rights reserved Printed in the United States of America This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise For information regarding permissions, write to: Pearson Education, Inc Rights and Contracts Department 75 Arlington Street, Suite 300 Boston, MA 02116 Fax: (617) 848-7047 Text printed in the United States on recycled paper at Courier in Stoughton, Massachusetts First printing, April 2006 Dedication To my wife, Karen, and son, Evan J.K To the developers that struggle so hard each day with integrating Active Directory and ADAM meaningfully into their applications Remember: "This is not 'Nam, this is software development; there are rules." R.D Microsoft NET Development Series John Montgomery, Series Advisor Don Box, Series Advisor Martin Heller, Series Editor The Microsoft NET Development Series is supported and developed by the leaders and experts of Microsoft development technologies including Microsoft architects and DevelopMentor instructors The books in this series provide a core resource of information and understanding every developer needs in order to write effective applications and managed code Learn from the leaders how to maximize your use of the NET Framework and its programming languages Titles in the Series Brad Abrams, NET Framework Standard Library Annotated Reference Volume 1: Base Class Library and Extended Numerics Library, 0-321-15489-4 Brad Abrams and Tamara Abrams, NET Framework Standard Library Annotated Reference, Volume 2: Networking Library, Reflection Library, and XML Library, 0-321-19445-4 Keith Ballinger, NET Web Services: Architecture and Implementation, 0-321-11359-4 Bob Beauchemin, Niels Berglund, Dan Sullivan, A First Look at SQL Server 2005 for Developers, 0-321-18059-3 Don Box with Chris Sells, Essential NET, Volume 1: The Common Language Runtime, 0-201-73411-7 server name/port syntax recommendations troubleshooting binds with SSPI (Security Support Provider Interface) authentication 2nd LogonUser API limits programming difficulties in authentication Stale accounts Standard method, COM interop Strings advanced searches attribute syntax data storage in SDS.P DN-With-String syntax LDAP data as in modify operations octet string syntax for binary data searching octet string syntax for GUID binding searching Structural classes Subclass Subordinate referral 2nd subSchema object, in ADSI schema subschemaSubentries, RootDSE Substring filter type in ANR in binary data searches defined in DN/OID searches in numbers searches in string searches Subsystems, trusted approaches for vs delegated model Subtree scope defined in directory synchronization queries illustrated search depth option when to choose supportedCapabilites, RootDSE supportedControl, RootDSE supportedExtension, RootDSE supportedLDAPPolicies, RootDSE supportedLDAPVersion, RootDSE supportedSASLMechanisms, RootDSE Symbols, of filter types Synchronization application Synchronization queries attributes filters overview permissions root/scope limitations sample classes Syntax [See also Data types.] ADSI provider ADSI schema mapping ADsPath attribute definitions attribute filters attribute syntax, choosing binary data searches Boolean data searches data types in NET 2nd data types matching attribute syntax DirectoryEntry binding DN for ASQ DN-With-Binary DN/OID searches DNs Extended DN queries filter types filters, building global catalog binds GUID binding approaches GUID object name syntax 2nd number searches object names in ADsPaths range retrieval semantic conversion vs syntactic conversion server names SID object names strings 2nd time value searches usernames in Active Directory and ADAM well-known GUID object name syntax System access control list (SACL) System. ComObject converting IDispatch types to data type handling System.DirectoryServices [See SDS (System.DirectoryServices).] System.DirectoryServices.ActiveDirectory [See SDS.AD (System.DirectoryServices.ActiveDirectory).] System.DirectoryServices.Protocols [See SDS.P (System.DirectoryServices.Protocols).] System.Object System.Reflection System.Security.AccessControl systemFlags Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] Target property DirectoryVirtualListView class searching by string with VLV Offset vs.Target searches TargetPercentage property, of DirectoryVirtualListView class TCP/IP 2nd Teletex strings Threads in bind operation concurrency issues in asynchronous search Time values attribute syntax as paged search limit searches Timeouts, in advanced searches TimeSpan, converting IADsLargeInteger to tlbimp.exe generating COM interop 2nd reverse engineer code ToFileTime method tokenGroups attribute in group management LDAP and primary user groups and retrieval of Tokens, representing security contexts Tombstones modify operations treatment and link value pairs working with Tools Active Directory Users and Computers (ADUC) ADFind/ADMod ADSI Edit BeaverTail browser LDIFDE LDP Softerra browser Troubleshooting ADSI schema cache binds with SecureSocketsLayer error 0x80070005: "General access denied error," error 0x8007052E: "Login Failure: unknown user name or bad password" error 0x80072020: "An operations error occurred," error 0x8007202F: "A constraint violation occurred," error 0x80072030: "There is no such object on the server," error 0x80072035: "The server is unwilling to process the request," error 0x8007203A: "The server is not operational," InvalidOperationException form DirectorySearcher TRUE, in Boolean data searches Trusted subsystems COM+ approach delegated models and Trustee names, SID to trustee name conversion Trusts certificate trusts in SecureSocketsLayer binds delegation and domain setup and Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] Unboxing, of value types Unicode strings searching syntax for schemas Unsigned integers UPN (User Principal Name) UsePropertyCache 2nd User Management account properties in Active Directory account properties in ADAM in Active Directory in ADAM 2nd creating users domain-wide policies filters and retrieval passwords 2nd User Principal Name (UPN) Usernames DirectoryEntry constructor property security credentials syntax in Active Directory syntax in ADAM UserProxy class, in bind proxies Using statement in FindAll searches in FindOne searches UTC time syntax 2nd Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] Value collections in DirectoryEntry in DirectorySearcher modifying attributes of directory objects multiple values null values range syntax in reading attributes of directory objects reading data with single values Value property Values NET attribute value conversion add operation adding/removing from multivalued attributes attribute modification and attribute writing AuthenticationTypes in binary data searches and in Bitwise operations in Boolean data searches clearing attribute collection class [See Collection classes.] comparing date/time default value of SearchRoot DirectoryContextType DirectorySynchronizationOptions DirectoryVirtualListView class in DN syntax in DN/OID searches escaping reserved characters in ExtendedDN property filter syntax and guidvalue in object name syntax initial attribute in LDAP classes linkIDs and modifying in numbers searches password reading in search operations replacing attribute for return data searchFlags in SID binding syntax in string syntax 2nd systemFlags Target searches time searches writing attribute writing DN-With-Binary writing LargeInteger values writing security descriptors VBScript 2nd Vertical line (|), in filter syntax Virtual List View [See VLV (Virtual List View) searches.] Visual Basic ADSI and advantages of DirectoryEntry LargeInteger value support Reflection method writing LargeInteger values in Visual Basic NET Visual Studio NET VLV (Virtual List View) searches by Offset Offset vs Target overview by string using DirectoryVirtualListView class Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] wellKnownObjects 2nd Wildcard character, in substring filter type Windows 2000 Server Kerberos protocol trusted subsystems Windows Management Instrumentation (WMI) IIS support in NET landscape Windows OSs ASQ requirement for Windows XP attribute writing DirSync options FILETIME format ReadonlyServer use in NT4 SDDL support Security Account Manager [See SAM (Security Account Manager).] security contexts Security Support Provider Interface (SSPI) [See SSPI (Security Support Provider Interface).] VLV requirement for Windows XP Windows Server 2003 constrained delegation ExtendedDN requirement fast concurrent binding objectClass attribute trusted subsystems WinNT 2nd Wldap32.dll WMI (Windows Management Instrumentation) IIS support in NET landscape Wrapper classes, for ACEs Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] X.500 XML ... The book primarily focuses on programming LDAP with the System.DirectoryServices namespace At times, we address the new additions to NET, System.DirectoryServices.ActiveDirectory (SDS.AD) and System.DirectoryServices.Protocols (SDS.P), when there is... NET Directory Services Programming Landscape Native Directory Services Programming Landscape System.DirectoryServices Overview System.DirectoryServices.ActiveDirectory Overview System.DirectoryServices.Protocols Overview .. .The NET Developer's Guide to Directory Services Programming By Joe Kaplan, Ryan Dunn Publisher: Addison Wesley Professional Pub Date: May 08, 2006 Print ISBN- 10: 0-321-35017-0 Print ISBN- 13: 978-0-321-35017-6

Ngày đăng: 26/03/2019, 17:10

Từ khóa liên quan

Mục lục

  • The .NET Developer's Guide to Directory Services Programming

  • Table of Contents

  • Copyright

    • Microsoft .NET Development Series

  • Listings

  • Tables

  • Foreword

    • Preface

    • Acknowledgments

  • About the Authors

  • Part I: Fundamentals

    • Chapter 1. Introduction to LDAP and Active Directory

      • A Brief History of Directory Services

      • Definition of LDAP

      • Definition of Active Directory

      • Definition of ADAM

      • LDAP Basics

      • Summary

    • Chapter 2. Introduction to .NET Directory Services Programming

      • .NET Directory Services Programming Landscape

      • Native Directory Services Programming Landscape

      • System.DirectoryServices Overview

      • System.DirectoryServices.ActiveDirectory Overview

      • System.DirectoryServices.Protocols Overview

      • Selecting the Right Technology

      • Summary

    • Chapter 3. Binding and CRUD Operations with DirectoryEntry

      • Property and Method Overview

      • Binding to the Directory

      • Directory CRUD Operations

      • Summary

    • Chapter 4. Searching with the DirectorySearcher

      • LDAP Searching Overview

      • DirectorySearcher Overview

      • The Basics of Searching

      • Building LDAP Filters

      • Controlling the Content of Search Results

      • Executing the Query and Enumerating Results

      • Returning Many Results with Paged Searches

      • Sorting Search Results

      • Summary

    • Chapter 5. Advanced LDAP Searches

      • Administrative Limits Governing Active Directory and ADAM

      • Understanding Searching Timeouts

      • Optimizing Search Performance

      • Searching the Global Catalog

      • Chasing Referrals

      • Virtual List View Searches

      • Searching for Deleted Objects

      • Directory Synchronization Queries

      • Using Attribute Scope Query

      • Extended DN Queries

      • Reading Security Descriptors with Security Masks

      • Asynchronous Searches

      • Summary

    • Chapter 6. Reading and Writing LDAP Attributes

      • Basics of Reading Attribute Values

      • Collection Class Usage

      • Understanding the ADSI Property Cache

      • LDAP Data Types in .NET

      • ADSI Schema Mapping Mechanism

      • .NET Attribute Value Conversion

      • Standard Data Types

      • Binary Data Conversion

      • COM Interop Data Types

      • Syntactic versus Semantic Conversion

      • Dealing with Attributes with Many Values

      • Basics of Writing Attribute Values

      • Writing COM Interop Types

      • Summary

    • Chapter 7. Active Directory and ADAM Schema

      • Schema Extension Best Practices

      • Choosing an Object Class

      • Choosing Attribute Syntaxes

      • Modeling One-to-Many and Many-to-Many Relationships

      • Search Flags and Indexing

      • Techniques for Extending the Schema

      • Discovering Schema Information at Runtime

      • Summary

    • Chapter 8. Security in Directory Services Programming

      • Binding and Delegation

      • Directory Object Permissions in Active Directory and ADAM

      • Code Access Security

      • Summary

    • Chapter 9. Introduction to the ActiveDirectory Namespace

      • Working with the DirectoryContext Class

      • Locating Domain Controllers

      • Understanding the Active Directory RPC APIs

      • Useful Shortcuts for Developers

      • Summary

  • Part II: Practical Applications

    • Chapter 10. User Management

      • Finding Users

      • Creating Users

      • Managing User Account Features

      • Managing Passwords for Active Directory Users

      • Managing Passwords for ADAM Users

      • Determining User Group Membership in Active Directory and ADAM

      • Summary

    • Chapter 11. Group Management

      • Creating Groups in Active Directory and ADAM

      • Manipulating Group Membership

      • Expanding Group Membership

      • Primary Group Membership

      • Foreign Security Principals

      • Summary

    • Chapter 12. Authentication

      • Authentication Using SDS

      • Authentication Using SDS.P

      • Authentication Using SSPI

      • Discovering the Cause of Authentication Failures

      • Summary

  • Part III: Appendixes

    • Appendix A. Three Approaches to COM Interop with ADSI

      • The Standard Method

      • The Reflection Method

      • Handcrafted COM Interop Declarations

      • Summary

    • Appendix B. LDAP Tools for Programmers

      • LDP

      • ADSI Edit

      • Active Directory Users and Computers

      • LDIFDE

      • ADFind/ADMod

      • BeaverTail LDAP Browser

      • Softerra LDAP Browser

      • Summary

    • Appendix C. Troubleshooting and Help

      • Error 0x8007203A: "The server is not operational."

      • Error 0x8007052E: "Login Failure: unknown user name or bad password."

      • Error 0x80072020: "An operations error occurred."

      • Error 0x80072030: "There is no such object on the server."

      • Error 0x8007202F: "A constraint violation occurred."

      • Error 0x80072035: "The server is unwilling to process the request."

      • Error 0x80070005: "General access denied error."

      • InvalidOperationException from DirectorySearcher

      • Getting Help

      • Summary

  • Index

    • SYMBOL

    • A

    • B

    • C

    • D

    • E

    • F

    • G

    • H

    • I

    • J

    • K

    • L

    • M

    • N

    • O

    • P

    • Q

    • R

    • S

    • T

    • U

    • V

    • W

    • X

Tài liệu cùng người dùng

  • Đang cập nhật ...

Tài liệu liên quan