如何检查是否一个用户都属于一个AD组? [英] How to check if a user belongs to an AD group?
问题描述
起初我还以为下面的作品code,因为如果我有组作为IT其正确运行,因为我的用户名是Active Directory中的IT小组。我学到的是我是否拥有自己的用户名IT小组与否,如果我将其更改为任何其他组我在它返回始终返回false,它总是返回true。任何帮助将是AP preciated。
私人无效tabControl1_SelectedIndexChanged(对象发件人,EventArgs的)
{
//为管理员选项卡标签控制安全
布尔管理= checkGroup(IT);
如果((管理员==真)及及(tabControl1.SelectedTab == tpHistory))
{
tabControl1.SelectedTab = tpHistory;
}
否则,如果((管理员==假)及及(tabControl1.SelectedTab == tpHistory))
{
tabControl1.SelectedTab = T prequests;
的MessageBox.show(无法加载标签。您没有足够的权限。
拒绝访问,MessageBoxButtons.OK,MessageBoxIcon.Stop);
}
}
//检查Active Directory,看看用户是在市场部组
私有静态布尔checkGroup(弦乐群)
{
的WindowsIdentity同一性= WindowsIdentity.GetCurrent();
的WindowsPrincipal本金=新的WindowsPrincipal(身份);
返回principal.IsInRole(组);
}
既然你在.NET 3.5及以上,你应该看看 System.DirectoryServices.AccountManagement
(S.DS.AM)命名空间。阅读所有关于它的:
基本上,你可以定义域范围内,并很容易地找到在AD用户和/或组:
//设置站点范围内
PrincipalContext CTX =新PrincipalContext(ContextType.Domain,DOMAINNAME);
//查找用户
UserPrincipal用户= UserPrincipal.FindByIdentity(CTXSomeUserName);
//找到所讨论的组
GroupPrincipal组= GroupPrincipal.FindByIdentity(CTX,YourGroupNameHere);
如果(用户!= NULL)
{
//检查,如果用户是该组的成员
如果(user.IsMemberOf(组))
{
// 做一点事.....
}
}
新S.DS.AM使得它可以很容易地玩弄用户和组AD!
At first I thought the code below works because if I have the group as "IT" it functions correctly because my username is in the IT group in active directory. What I learned is it always returns true whether I have my username in the IT group or not and if i change it to any other group I am in it returns always returns false. Any help would be appreciated.
private void tabControl1_SelectedIndexChanged(object sender, EventArgs e)
{
// tab control security for admin tab
bool admin = checkGroup("IT");
if ((admin == true) && (tabControl1.SelectedTab == tpHistory))
{
tabControl1.SelectedTab = tpHistory;
}
else if ((admin == false) && (tabControl1.SelectedTab == tpHistory))
{
tabControl1.SelectedTab = tpRequests;
MessageBox.Show("Unable to load tab. You have insufficient privileges.",
"Access Denied", MessageBoxButtons.OK, MessageBoxIcon.Stop);
}
}
// check active directory to see if user is in Marketing department group
private static bool checkGroup(string group)
{
WindowsIdentity identity = WindowsIdentity.GetCurrent();
WindowsPrincipal principal = new WindowsPrincipal(identity);
return principal.IsInRole(group);
}
Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement
(S.DS.AM) namespace. Read all about it here:
- Managing Directory Security Principals in the .NET Framework 3.5
- MSDN docs on System.DirectoryServices.AccountManagement
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "DOMAINNAME");
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
// find the group in question
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");
if(user != null)
{
// check if user is member of that group
if (user.IsMemberOf(group))
{
// do something.....
}
}
The new S.DS.AM makes it really easy to play around with users and groups in AD!
这篇关于如何检查是否一个用户都属于一个AD组?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!