C#访问与不同的用户凭据的Active Directory [英] C# accessing active directory with different user credentials
问题描述
还有就是我们刚才提供我们的用户一个新的用户创建的应用程序。然而,这些用户需要的能力,以创造用户通过应用程序,即使他们自己没有权限创建用户。
在C#中,你如何模拟其他用户,才能有此功能。使用此应用程序的主的System.DirectoryServices 。
code片断:
的DirectoryEntry目录项=新的DirectoryEntry(LDAP:// OU =);
DirectorySearcher从dSearcher =新DirectorySearcher从(目录项);
//过滤器只是用户对象
dSearcher.SearchScope = SearchScope.Subtree;
dSearcher.Filter =(及(objectClass的=用户)(邮件=+ excel_Holding_Table.Rows [I] [EmailAddress的]的ToString()+));
dSearcher.PageSize = 1000;
sResults = dSearcher.FindAll();
您可以直接使用的DirectoryEntry 类,并指定用户名和密码:
的DirectoryEntry德=新的DirectoryEntry(路径);
de.Username =用户名;
de.Password =密码;
和从去访问对象的Active Directory。或者你也可以使用的WindowsIdentity 类和模拟用户:
的WindowsIdentity NEWID =新的WindowsIdentity(safeTokenHandle.DangerousGetHandle());
WindowsImpersonationContext impersonatedUser = newId.Impersonate();
一个完整的code样品,请访问:
<一个href="http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry.aspx">http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry.aspx
There is a new user creation application that we have just provided our users. However these users need the ability to creation users through the application even though they themselves do not have permission to create users.
In C# how do you impersonate another user in order to have this functionality. This application primary using System.DirectoryServices.
Code snippet:
DirectoryEntry dEntry = new DirectoryEntry("LDAP://OU=");
DirectorySearcher dSearcher = new DirectorySearcher(dEntry);
//filter just user objects
dSearcher.SearchScope = SearchScope.Subtree;
dSearcher.Filter = "(&(objectClass=user)(mail=" + excel_Holding_Table.Rows[i]["EmailAddress"].ToString() + "))";
dSearcher.PageSize = 1000;
sResults = dSearcher.FindAll();
You can use the DirectoryEntry class directly and specify the username and password:
DirectoryEntry de = new DirectoryEntry(path);
de.Username = "username";
de.Password = "password";
And access Active Directory from the de object. Or you can use the WindowsIdentity class and and impersonate a User:
WindowsIdentity newId = new WindowsIdentity(safeTokenHandle.DangerousGetHandle());
WindowsImpersonationContext impersonatedUser = newId.Impersonate();
A full code sample is available at:
Impersonation and DirectoryEntry
http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentry.aspx
这篇关于C#访问与不同的用户凭据的Active Directory的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
