using (PrincipalContext Context = new PrincipalContext(ContextType.Domain, DomainURL, UserName, Password))
{
UserPrincipal Account = new UserPrincipal(Context);
Account.GivenName = strFirstName;
Account.Surname = strLastName;
PrincipalSearcher srch = new PrincipalSearcher(Account);
foreach (var principal in srch.FindAll())
{
var p = (UserPrincipal)principal;
String FirstName = p.GivenName;
String LastName = p.Surname;
}
}
As seen in the code snippet above, i'm establishing a connection to Active Directory in a Domain by providing a UserName & Password in the PrincipalContext constructor.
After the connection is made, i query the connected Active Directory for FirstName and LastName.
If i do not pass in a UserName & Password, the PrincipalContext constructor will use the credentials of the account running the application pool hosting the asp.net application in IIS to connect to Active Directory.
But i'm wondering, if its possible to create some kind of service running under an account that has access to the domain being queried and then use that services hosting account information (username & password) to connect to AD instead of passing the username and passowrd directly as above.
Assuming some one deploys a service, say in IIS & that service is running under the context of account X and this account X has access to the domain i want to query, would it be possible to call that service in the PrincipalContext constructor such that i use the credentials under which the service is running under to connect to AD that i want to query.
My intention here would be not to provide the UserName & Password, but also avoid using the credentials that the application pool hosting the ASP.NET application is running under.
I want to establish a connection to AD using the security context of an external service.