如何在 Asp.Net 中为用户获取 AD 用户组? [英] How to get AD User Groups for user in Asp.Net?
问题描述
我需要能够获取用户所在组的列表,但我需要让以下一个/部分/所有属性可见:
I need to be able to get a list of the groups a user is in, but I need to have one/some/all of the following properties visible:
- 专有名词
- 姓名
- cn
- 相同账户名
我现在所拥有的会返回某种名称,但不会返回上述任何名称(名称看起来很接近,但并非全部正确匹配.这就是我正在使用的:
What I have right now returns some sort of name, but not any of the ones above (the names seem close, but don't all match correctly. This is what I am using:
ArrayList groups = new ArrayList();
foreach (System.Security.Principal.IdentityReference group in System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups)
groups.Add(group.Translate(typeof(System.Security.Principal.NTAccount)));
就像我说的,上面的方法是有效的,但不会得到我的程序所需的正确名称(上面指定的名称).我需要它来匹配我在调用域中的所有组时得到的列表:
Like I said, the above works, but will not get me the proper names I need for my program (the ones specified above). I need this to be able to match up with the list I get while calling all of the groups in my domain:
DirectoryEntry dirEnt = new DirectoryEntry("LDAP://my_domain_controller");
DirectorySearcher srch = new DirectorySearcher(dirEnt);
srch.Filter = "(objectClass=Group)";
var results = srch.FindAll();
推荐答案
您不能一步完成此操作,因为组也是具有属性的单独 AD 条目.
You cannot do this in one step, as groups are also separate AD entries with properties.
因此,在第一次运行时,您应该获取用户所在的组名,并将其填入某种列表中.
So in the first run you should get the group names a user is in and fill them in a list of some kind.
第二步是遍历所有的组名并一一查询,得到组的属性(如distinguishedname等)并收集到某种结构中.
The second step is to go through all of the group names and query them one by one to get the group properties (like distinguishedname, and so on) and collect it to some kind of structure.
这篇关于如何在 Asp.Net 中为用户获取 AD 用户组?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
