检查用户是否为域管理员 [英] Checking to see if a user is a domain Administrator
问题描述
嘿所有,
我需要验证提供的用户名是否为域管理员。任何关于如何做到这一点的想法?
谢谢,
Jonny
-
/ Jonny
Hey all,
I need to verify that a provided username is a Domain Administrator. Any idea''s on how to do this?
Thanks,
Jonny
--
/Jonny
推荐答案
我会在MSDN中查找WindowsIdentity和WindowsPrincipal.IsInRole(),
似乎就是答案
Jonny写道:
I''d look up WindowsIdentity and WindowsPrincipal.IsInRole() in MSDN,
seems like the answer
Jonny wrote:
嘿所有,
我需要验证提供的用户名是域管理员。关于如何做到这一点的任何想法?
谢谢,
Jonny
Hey all,
I need to verify that a provided username is a Domain Administrator. Any idea''s on how to do this?
Thanks,
Jonny
虽然以下知识库文章主要针对ASP.NET中的表单
身份验证,它确实演示了如何针对活动目录验证
用户名和密码,然后找到
组用户是其成员。
如何使用表单验证Active Directory
身份验证和Visual C#.NET
http:// support。 microsoft.com/default...b;en-us;316748
-
Scott
http://www.OdeToCode.com
周一, 2004年7月12日04:42:05 -0700,Jonny
< Jo *** @ discuss.microsoft.com>写道:
Although the following KB article is primarily targeted at forms
authentication in ASP.NET, it does demonstrate how to validate a
username and password against active directory and then find the
groups the user is a member of.
How to authenticate against the Active Directory by using Forms
authentication and Visual C# .NET
http://support.microsoft.com/default...b;en-us;316748
--
Scott
http://www.OdeToCode.com
On Mon, 12 Jul 2004 04:42:05 -0700, "Jonny"
<Jo***@discussions.microsoft.com> wrote:
嘿所有,
我需要验证提供的用户名是域管理员。关于如何做到这一点的任何想法?
谢谢,
Jonny
Hey all,
I need to verify that a provided username is a Domain Administrator. Any idea''s on how to do this?
Thanks,
Jonny
Jonny写道:
Jonny wrote:
嘿所有,
我需要验证提供的用户名是否为域管理员。任何关于如何做到这一点的想法?
Hey all,
I need to verify that a provided username is a Domain Administrator. Any idea''s on how to do this?
查看WindowsIdentity.Impersonate()的示例代码。这表明
如何使用用户名/密码获取WindowsIdentity。
然后获取该身份并创建一个WindowsPrincipal并调用
IsInRole()方法:
bool isDomAdmin = new WindowsPrincipal(
WindowsIdentity.GetCurrent())。IsInRole(@" DOMAINNAM E \ Domain管理员)
有几点需要注意:
- 它需要不安全的代码
- 它赢了在Win9x上工作
- 它不能在Win NT或Win 2000中工作,除非它运行的用户上下文具有TCB权限(LogonUser()需要
特权才能运行这些操作系统)
- IsInROle(字符串)中存在一个错误,其中角色匹配
(或类似的东西)。
-
mikeb
Look at the sample code for WindowsIdentity.Impersonate(). That shows
how to get an WindowsIdentity using a username/password.
then take that Identity and create a WindowsPrincipal and call the
IsInRole() method:
bool isDomAdmin = new WindowsPrincipal(
WindowsIdentity.GetCurrent()).IsInRole(@"DOMAINNAM E\Domain Admins")
There are several caveats with this:
- it requires unsafe code
- it won''t work on Win9x
- it won''t work in Win NT or Win 2000 unless the user context that
it''s running under has the TCB privilege (LogonUser() needs that
privilege on those OS''s to work)
- there is a bug with IsInROle( string) where the match on the role
name might be case-sensitive if the user belongs to more than 22 groups
(or something like that).
--
mikeb
这篇关于检查用户是否为域管理员的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
