检查用户列表是否对C#中的adf有效 [英] Check if List of Users are valid against adfs in C#

问题描述

我需要检查我的应用程序中的用户是否为活动目录中的活动用户. 当用户别名之一无效时，我需要发送通知.

I have a requirement to check if the users in my application are active users in active directory. I need to send a notification when one of the user alias becomes invalid.

在大多数示例中，我看到使用LDAP一次仅针对ADFS验证一个用户，这将花费大量用户大量时间.

In most of the examples I see validating only one user at a time against ADFS using LDAP which is going to take a very long time large number of users.

有什么方法可以通过发送用户列表进行验证并进行验证，以便更快?

Is there any way by which I can validate by sending a list of users and validate, so that it will be faster?

谢谢.

推荐答案

从.Net 3.5开始，有System.DirectoryServices.AccountManagement

Starting with .Net 3.5 there's System.DirectoryServices.AccountManagement

我会编写类似的代码

public List<string> InvalidUsernames (List<string> usernames)
{
    var result = new List<string>();
    var domainName = "OkieDokie";
    var ldapContext = new PrincipalContext(ContextType.Domain, domainName);
    foreach (var username in usernames)
    {
        var user = UserPrincipal.FindByIdentity(ldapContext, username);
        if (user == null) //null means it couldn't be found
        {
            result.Add(username);
        }
    }
    return result;
}

但这全部取决于您认为有效/无效的内容.在中，是否可以检查user.AccountExpirationDate(日期)或user.Enabled(布尔).

But it all depends on what you consider active/invalid. In the if you could check for the user.AccountExpirationDate (?date) or user.Enabled (?bool).

或者如果您对所有这些人都有一个共同的组，则可以替换先前的foreach并使用:

Or if you do have a common group for all of them, you could replace the previous foreach and use:

var usersGroup = UsernamesInGroup("theONEgroup");
foreach (var username in usernames)
{
    var user = UserPrincipal.FindByIdentity(ldapContext, username);
    if (user == null) //null means it couldn't be found
    {
        result.Add(username);
    }
}

public List<string> UsernamesInGroup(string groupName)
{
    GroupPrincipal grupo = GroupPrincipal.FindByIdentity(MainOU, groupName);
    return UsernamesInGroup(group);
}

public List<string> UsernamesInGroup(GroupPrincipal gp)
{
    List<string> userNames = new List<string>();
    var principalsInGroup = gp.GetMembers(true);
    foreach (Principal principal in principalsInGroup)
    {
        if (principal.StructuralObjectClass == "user")
        {
            userNames.Add(principal.SamAccountName);
        }
    }
    return userNames;
}

这篇关于检查用户列表是否对C#中的adf有效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！