Active Directory 组查找功能失败 [英] Active Directory group lookup function failing
问题描述
帮助!我一直在尝试编写一个函数来确认用户在 Active Directory 组中的成员身份,如果该成员恰好在该组中,它会起作用,但如果该用户不在该组中,它会抛出异常.
这是函数:
private bool IsUserMemberOfGroup(string user, string group){使用 (var ctx = new PrincipalContext(ContextType.Domain))使用 (var groupPrincipal = GroupPrincipal.FindByIdentity(ctx, group))使用 (var userPrincipal = UserPrincipal.FindByIdentity(ctx, user)){if (groupPrincipal == null){返回假;}别的{返回 userPrincipal.IsMemberOf(groupPrincipal);}}}这里是 YSOD:
/"应用程序中的服务器错误.
未知错误 (0x80005000)
说明:在执行当前 Web 请求期间发生了未处理的异常.请查看堆栈跟踪以获取有关错误及其在代码中的来源的更多信息.
异常详情:
System.Runtime.InteropServices.COMException: 未知错误 (0x80005000)
源错误:
我不知道它是否相关,但是当我逐步执行该函数时,groupPrincipal.Members.Count 会抛出System.NullReferenceException"类型的异常,Count.Base 会显示一个带有消息Object reference not设置为对象的实例".
这到底是怎么回事?当有人不是成员时,为什么名为 IsMemberOf 的 bool 不会返回 false?
谢谢,
丹尼尔
我认为你可以稍微简化一下:
private bool IsUserMemberOfGroup(string user, string group){使用 (var ctx = new PrincipalContext(ContextType.Domain))使用 (var userPrincipal = UserPrincipal.FindByIdentity(ctx, user)){PrincipalSearchResult结果 = userPrincipal.GetGroups();GroupPrincipal groupPrincipal =result.Where(g => g.SamAccountName == groupName).FirstOrDefault();返回(组主体!= null);}} userPrincipal.GetGroups() 将为您提供该用户的所有组成员资格(包括主要组和嵌套组成员资格)的明确列表;然后在该列表中搜索您感兴趣的组,例如通过 samACcountName 或其他一些属性.
如果您在 GetGroups() 返回的 PrincipalSearchResult 中找到了您要查找的组,那么您的用户就是该组的成员.
您可以使用此方法至少节省一次FindByIdentity"调用.
Help! I've been trying to write a function that will confirm a user's membership in an Active Directory group, and while it works if the member happens to be in the group, it throws an exception if the user is not.
Here is the function:
private bool IsUserMemberOfGroup(string user, string group)
{
using (var ctx = new PrincipalContext(ContextType.Domain))
using (var groupPrincipal = GroupPrincipal.FindByIdentity(ctx, group))
using (var userPrincipal = UserPrincipal.FindByIdentity(ctx, user))
{
if (groupPrincipal == null)
{
return false;
}
else
{
return userPrincipal.IsMemberOf(groupPrincipal);
}
}
}
And here is the YSOD:
Server Error in '/' Application.
Unknown error (0x80005000)
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details:
System.Runtime.InteropServices.COMException: Unknown error (0x80005000)
Source Error:
Line 34: else
Line 35: {
Line 36: return userPrincipal.IsMemberOf(groupPrincipal);
Line 37: }
Line 38: }
I don't know if it's related, but when I step through the function, groupPrincipal.Members.Count throws an exception of type "System.NullReferenceException", with Count.Base shows an exception with the message "Object reference not set to instance of an object".
What the heck's going on? Why won't a bool named IsMemberOf just return false when someone's not a member?
Thanks,
Daniel
I think you could simplify things a bit:
private bool IsUserMemberOfGroup(string user, string group)
{
using (var ctx = new PrincipalContext(ContextType.Domain))
using (var userPrincipal = UserPrincipal.FindByIdentity(ctx, user))
{
PrincipalSearchResult<Principal> result = userPrincipal.GetGroups();
GroupPrincipal groupPrincipal =
result.Where(g => g.SamAccountName == groupName).FirstOrDefault();
return (groupPrincipal != null);
}
}
The userPrincipal.GetGroups() will give you a definitive list of all group memberships (including primary group and nested group memberships) for that user; then search that list for the group you're interested in, e.g. by samACcountName or some other property.
If you find the group you're looking for in the PrincipalSearchResult<Principal> returned by GetGroups(), then your user is a member of that group.
You can save yourself at least one "FindByIdentity" call with this.
这篇关于Active Directory 组查找功能失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
