如何在 Active Directory 中获取用户的组?(c#, asp.net) [英] How to get the groups of a user in Active Directory? (c#, asp.net)
问题描述
我使用此代码获取当前用户的组.但我想手动给用户,然后得到他的组.我该怎么做?
I use this code to get the groups of the current user. But I want to manually give the user and then get his groups. How can I do this?
using System.Security.Principal;
public ArrayList Groups()
{
ArrayList groups = new ArrayList();
foreach (IdentityReference group in System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups)
{
groups.Add(group.Translate(typeof(NTAccount)).ToString());
}
return groups;
}
推荐答案
如果您使用的是 .NET 3.5 或更高版本,则可以使用新的 System.DirectoryServices.AccountManagement
(S.DS.AM) 命名空间,这使得这比以前容易多了.
If you're on .NET 3.5 or up, you can use the new System.DirectoryServices.AccountManagement
(S.DS.AM) namespace which makes this a lot easier than it used to be.
在此处阅读所有相关信息:在 .NET 框架 3.5
Read all about it here: Managing Directory Security Principals in the .NET Framework 3.5
更新:不幸的是,旧的 MSDN 杂志文章不再在线了 - 您需要从 Microsoft 下载 2008 年 1 月 MSDN 杂志的 CHM 并阅读其中的文章.
Update: older MSDN magazine articles aren't online anymore, unfortunately - you'll need to download the CHM for the January 2008 MSDN magazine from Microsoft and read the article in there.
基本上,您需要有一个主要上下文"(通常是您的域)、一个用户主体,然后您就可以非常轻松地获取其组:
Basically, you need to have a "principal context" (typically your domain), a user principal, and then you get its groups very easily:
public List<GroupPrincipal> GetGroups(string userName)
{
List<GroupPrincipal> result = new List<GroupPrincipal>();
// establish domain context
PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain);
// find your user
UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, userName);
// if found - grab its groups
if(user != null)
{
PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();
// iterate over all groups
foreach(Principal p in groups)
{
// make sure to add only group principals
if(p is GroupPrincipal)
{
result.Add((GroupPrincipal)p);
}
}
}
return result;
}
仅此而已!您现在有一个用户所属的授权组的结果(一个列表) - 遍历它们,打印出他们的名字或您需要做的任何事情.
and that's all there is! You now have a result (a list) of authorization groups that user belongs to - iterate over them, print out their names or whatever you need to do.
更新:为了访问某些未出现在 UserPrincipal
对象上的属性,您需要深入研究底层的 DirectoryEntry
:
Update: In order to access certain properties, which are not surfaced on the UserPrincipal
object, you need to dig into the underlying DirectoryEntry
:
public string GetDepartment(Principal principal)
{
string result = string.Empty;
DirectoryEntry de = (principal.GetUnderlyingObject() as DirectoryEntry);
if (de != null)
{
if (de.Properties.Contains("department"))
{
result = de.Properties["department"][0].ToString();
}
}
return result;
}
更新 #2: 将这两个代码片段放在一起似乎应该不会太难......但是好吧 - 在这里:
Update #2: seems shouldn't be too hard to put these two snippets of code together.... but ok - here it goes:
public string GetDepartment(string username)
{
string result = string.Empty;
// if you do repeated domain access, you might want to do this *once* outside this method,
// and pass it in as a second parameter!
PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain);
// find the user
UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, username);
// if user is found
if(user != null)
{
// get DirectoryEntry underlying it
DirectoryEntry de = (user.GetUnderlyingObject() as DirectoryEntry);
if (de != null)
{
if (de.Properties.Contains("department"))
{
result = de.Properties["department"][0].ToString();
}
}
}
return result;
}
这篇关于如何在 Active Directory 中获取用户的组?(c#, asp.net)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!