ADSI间接组成员 [英] ADSI Indirect Group Membership
问题描述
我正在尝试创建一种方法,该方法接受Active Directory安全组的列表并返回布尔响应,以表明用户是否是成员(直接或间接)。我正在使用Adaxes(基本上使用其自身的某些功能扩展了ADSI)。他们有一个对象(IAdmGroup),它为组的所有成员(直接和间接)返回byte []的数组。如果可以的话,我想避免使用该方法,因为某些组下有非常大的组(超过10,000个用户),如果可以帮助,我也不想影响性能。
I am trying to create a method that accepts a list of Active Directory security groups and returns a boolean response for whether or not the user is a member (either direct or indirect). I am using Adaxes (which basically extends ADSI with some of their own functionality). They have an object (IAdmGroup) that returns an array of byte[] for all members (direct and indirect) for a group. I want to avoid using that method if I can because some of the groups have very large groups under them (10,000+ users) and I don't want to impact performance if I can help it.
这里是我的问题的一个示例:
组1拥有组2。用户1是组2的成员。如果我通过方法用户1和组1,则应该获得 true。第1组中也有第3组。第3组有10,000个成员,我讨厌不得不将该组中的所有10,000+个成员拉入一个集合并在该集合中进行搜索以查看用户1是否在其中。
Here is an example of my problem: Group 1 has Group 2 as a member. User 1 is a member of Group 2. If I pass my method User 1 and Group 1 I should get "true". Group 1 also has group 3 in it. Group 3 has 10,000 members and I would hate to have to pull all 10,000+ members of a that group into a collection and search through the collection to see if User 1 is in it.
我正在使用C#、. Net4.0和WCF。
I am using C#, .Net4.0, and WCF.
这是我到目前为止所拥有的(我知道不多)
Here's what I have so far (I know it's not much)
public Dictionary<string, bool> CheckGroupMembership(List<string> groups, string guid)
{
var resp = new Dictionary<string, bool>();
foreach (string group in groups)
{
var user = getIADsUser("Adaxes://<GUID=" + guid + ">"); //gets the IADsUser object
var adGroup = GetGroup(group); //Gets IADsGroup
}
}
推荐答案
您可以使用 System.DirectoryServices.AccountManagement 和 WindowsPrincipal
。
PrincipalContext context = new PrincipalContext(ContextType.Domain, "DomainName");
UserPrincipal user = UserPrincipal.FindByIdentity(context, guid);
WindowsPrincipal wpuser = new WindowsPrincipal(new WindowsIdentity(user.UserPrincipalName));
bool blIsInRole = wpuser.IsInRole("TheGroupName");
if (blIsInRole)
Console.WriteLine("IsInRole : Belongs too");
else
Console.WriteLine("IsInRole : Don't Belongs too");
这篇关于ADSI间接组成员的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!