Today I would like to present you a simple ODATA search controller that you can use in LightSwitch (or any other ODATA consumer) to look up user accounts (and possibly other objects). When using SharePoint you will probably know the very convenient PeoplePicker. However, in LightSwitch (HTML) there is no equivalent to that. You certainly have “Person” objects/data types but no handy function to perform account lookup. With this controller you can easily implement that missing functionality. The controller is a very simple WebAPI based ODATA controller that only implements two functions

1. GetActiveDirectoryUsers()
as there is not much use to return ALL AD objects it currently only returns the current AD user that is logged on in LightSwitch.

2. GetActiveDirectoryUser()
this is the actual search function where the AD searcher tries to match against properties such as:

(&(objectClass=user)(|(cn={0})(name={0})(sn={0})(sAMAccountName={0})(displayName={0})(mail={0})))

With ‘{0}’ the ‘key’ parameter that can contain wildcards if you specify them.
All other CRUD operations will return either HTTP 401 “NotAuthorized” or HTTP 501 “NotImplemented”.

You can use this controller as a regular LightSwitch ODATA source, and even better in combination with select2 and jaydata to query user information on the fly. Configuration data is currently read from the web.config and updated periodically.

If you want to search for all users with a name containing “admin” a query will actually look like this (you have to specify the wildcard characters manually):

GET http://server1.example.com/v1/Utilities.svc/ActiveDirectoryUsers('*admin*') HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://server1.example.com/HTMLClient/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: server1.example.com
If-Modified-Since: Wed, 05 Nov 2014 14:04:41 GMT
If-None-Match: "4118d6711f9cf1:0"
Connection: Keep-Alive
Cookie: msls-client-parameters=preferredLanguage=en-US
Authorization: Negotiate UEBzc0wwcmQ=

An example response might look like this (returning two user objects):

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.0
DataServiceVersion: 3.0
Persistent-Auth: true
X-Powered-By: ASP.NET
WWW-Authenticate: Negotiate J1BAc3NMMHJkJyBpcyBzdWNoIGEgZ3JlYXQgcGFzc3dvcmQ=
Date: Thu, 06 Nov 2014 05:04:37 GMT
Content-Length: 1233

{
  "odata.metadata": "http://server1.example.com/v1/Utilities.svc/$metadata#ActiveDirectoryUsers",
  "value": [{
    "cn": "admin",
    "description": null,
    "distinguishedName": "CN=admin,CN=Users,DC=sharedop,DC=org",
    "groupType": 0,
    "name": "admin",
    "sn": null,
    "givenName": null,
    "department": null,
    "displayName": null,
    "mail": "admin@sharedop.org",
    "objectGUID": "59aa67f7-43ba-4bc6-967c-c0143b7be875",
    "objectSID": "S-1-5-21-123456789-1234567890-1234567890-420815",
    "sAMAccountName": "admin",
    "sAMAccountType": 805306368,
    "uSNChanged": "241752",
    "uSNCreated": "241747",
    "whenChanged": "2014-11-06T05:04:18",
    "whenCreated": "2014-11-06T04:49:10"
  },
  {
    "cn": "Administrator",
    "description": "Built-in account for administering the computer/domain",
    "distinguishedName": "CN=Administrator,CN=Users,DC=sharedop,DC=org",
    "groupType": 0,
    "name": "Administrator",
    "sn": "LastName",
    "givenName": "FirstName",
    "department": "myDepartment",
    "displayName": "myDisplayName",
    "mail": null,
    "objectGUID": "38743501-dced-4dcc-b9f6-ebf5c0e49887",
    "objectSID": "S-1-5-21-123456789-1234567890-1234567890-500",
    "sAMAccountName": "Administrator",
    "sAMAccountType": 805306368,
    "uSNChanged": "241736",
    "uSNCreated": "8196",
    "whenChanged": "2014-11-06T04:41:16",
    "whenCreated": "2013-06-19T00:03:24"
  }]
}

You can download the sourcecode which is put under the Apache 2.0 license from our GitHub repository “biz.dfch.CS.ActiveDirectory.Search” at https://github.com/dfch/biz.dfch.CS.ActiveDirectory.Search

Posted on 3 By Ronald Rink LightSwitch Posted in LightSwitch, Various Products Tagged #, , ,

Ronald Rink

I am a senior auditor and consultant at d-fens for business processes and information systems.

3 Comments »

  1. Pingback: Full example of an ODATA Controller for ActiveDirectory search operations with the LightSwitch HTML Client – d-fens GmbH

  2. Excellent work!
    When runs locally everything is OK, but when published ActiveDirectoryUsers fails because key=Application.User.Name does not get value. Help with it please

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.