通过公司名称Asp.net Core 2.1筛选Active Directory用户 [英] Filter Active Directory users by Company name, Asp.net Core 2.1

问题描述

问题

我正在寻找一种根据当前登录用户Active Directory公司名称(与AD配置文件一起找到)从活动目录中过滤用户的方法.

I am looking for a way to filter users from active directory based upon the current logged in users Active Directory Company name (found with the AD profile).

要搜索广告，我当前正在使用以下代码，该代码返回所有用户，包括系统帐户-

To search AD i am currently using the following code, which returns all users including system accounts -

PrincipalContext context = new PrincipalContext(ContextType.Domain, "mydomain");
var domainUsers = new List<string>();
var userPrincipal = new UserPrincipal(context);

using (var search = new PrincipalSearcher(userPrincipal))
{
    foreach (var user in search.FindAll())
    {
        if (user.DisplayName != null)
        {
            domainUsers.Add(user.DisplayName);
        }
    }
}

我正在寻找一种只返回与当前AD登录用户的公司名称匹配的用户的方法.即，如果公司名称为Test123，则搜索结果将仅包括属于Test123公司的所有其他用户.

I am looking for a way to only return users that match the Company name of the current AD logged in user. ie if the company name was Test123 the search results would only include all other users that belong to the Test123 company.

背景

我正在开发一个asp.net MVC 2.1 Web应用程序，该应用程序需要来自活动目录的用户下拉列表.

I am developing an asp.net MVC 2.1 web app that requires a dropdown list of users from active directory.

推荐答案

搜索Active Directory中的所有用户，并与 company 字段匹配.

在遍历根据查询找到的所有用户的列表时，由于Principal没有您需要的信息，因此您可以将 Principal 转换为 DirectoryEntry .在过滤方面， DirectoryEntry 具有您可以查找和使用的属性.在此示例中仅使用公司".

While iterating through a list of all users found based on the query, you can convert the Principal to DirectoryEntry since Principal doesnt have the information you need. DirectoryEntry has the properties that you can look up and work with, in terms of filtering. Only "company" is used in this example.

    PrincipalContext context = new PrincipalContext(ContextType.Domain, "mydomain");
    var domainUsers = new List<string>();
    var userPrincipal = new UserPrincipal(context);
    string myCompany = "Test123";
    using (var search = new PrincipalSearcher(userPrincipal))
    {
        foreach (Principal user in search.FindAll())
        {
            string usersCompany = ((DirectoryEntry)user.GetUnderlyingObject())?.Properties["company"]?.Value?.ToString();
            if (user.DisplayName != null && usersCompany != null && usersCompany.Equals(myCompany))
            {
                domainUsers.Add(user.DisplayName);
            }
        }
    }

编辑

出于性能原因，我建议使用 DirectorySearcher 而不是使用 PrincipalSearcher .这是其他版本.搜索是在执行 FindAll()之前完成的.

For performance reason, I would recommend using DirectorySearcher instead of using PrincipalSearcher. Here is the other version. Search is done before the FindAll() is executed.

    string myCompany = "Test123";
    string searchQuery = $"(&(objectCategory=user)(objectClass=user)(company={myCompany}))";

    // You can define the fields you want retrieved from AD (Noted by @GabrielLuci)
    DirectorySearcher ds = new DirectorySearcher(searchQuery, 
                               new string[] { "DisplayName" }); 
    foreach(SearchResult user in ds.FindAll())
    {
        domainUsers.Add(user.Properties["DisplayName"][0].ToString());
    }

这篇关于通过公司名称Asp.net Core 2.1筛选Active Directory用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！