System.DirectoryServices.Protocols vs System.DirectoryServices,
which is best?
System.DirectoryServices is a fork built over System.DirectoryServices.Protocols. And this is a pattern that simplifies the tasks easier. System.DirectoryServices.Protocols (S.DS.P) interacts directly with the low level LDAP APIs, giving you much more control and much better interoperability not only with MS Active Directory but also with non-Microsoft directories. However in this article all our comparisons and suggestion are only based on the integration with MS Active Directory.
As a company that widely uses the Active Directory integration in most projects we have clear comparison with all libraries that deals with Directory Services. Definitely System.DirectoryServices.Protocols (S.DS.P) wins in the competition especially in the performance aspect as it talks directly with the Windows LDAP library (wldap32.dll) or by using SOAP/HTTP to talk to a DSML server. S.DS.P is factored into a separate assembly and has no inherent dependency with any other libraries or services.
DSML (Directory Services Markup Language) is essentially an XML specification for describing directory information, querying directories, and performing read/write operations. In simple, DSML provides a web services based protocol for accessing directory information
Which one is best to use?
As from our 100+ projects from different approaches, System.DirectoryServices.Protocols is what we suggest as a best choice that can function natively with best performance. However you need to put some learning efforts to understand S.DS.P as there are not lots of resources like other libraries. However it is worth learning S.DS.P if your project involves connecting with large directory database and aim to query with huge directory objects. We have worked on many .Net core projects for large enterprises and we found S.DS.P is good when comparing the performance and control over the records. S.DS.P disposes the objects very quickly where System.DirectoryServices can’t do much better than that. We need to handle such parts carefully while using System.DirectoryServices and otherwise we will end up with over-load issues. If your project is minimal and just a simple integration for example, you want to pull the group names a particular user belongs to then you can simply use System.DirectoryServices.
Here is a sample code that can be used to connect using all protocols using System.DirectoryServices.Protocols
string protocol = "tls"; LdapConnection connection; if (protocol == "ssl"){ connection = new LdapConnection(new LdapDirectoryIdentifier("yourldap.com or IP", 636), new NetworkCredential("CN=Administrator,CN=Users, DC=comp,DC=com","Password”)); connection.AuthType = AuthType.Basic; connection.SessionOptions.ProtocolVersion = 3; connection.SessionOptions.SecureSocketLayer = true; connection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback); }else if (protocol == "tls"){} connection = new LdapConnection(new LdapDirectoryIdentifier("yourldap.com or IP",389), new NetworkCredential("CN=Administrator,CN=Users, DC=comp,DC=com", "Password”)); connection.AuthType = AuthType.Basic; connection.SessionOptions.ProtocolVersion = 3; connection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback); connection.SessionOptions.StartTransportLayerSecurity(null); }else{ connection = new LdapConnection(new LdapDirectoryIdentifier("yourldap.com or IP",389), new NetworkCredential("CN=Administrator,CN=Users,DC=comp,DC=com", "Password")); connection.AuthType = AuthType.Basic; connection.SessionOptions.ProtocolVersion = 3; } connection.Bind(); // private static bool ServerCallback(LdapConnection connection, X509 Certificate certificate){ return true; }