如何获得在Active Directory中的用户的群体？ （C＃，asp.net） [英] How to get the groups of a user in Active Directory? (c#, asp.net)

问题描述

我用这个code，以获取当前用户的组。但我想手动给用户，然后得到他的团体。我怎样才能做到这一点？

 使用System.Security.Principal;

公开组的ArrayList（）
{
    ArrayList的组=新的ArrayList（）;

    的foreach（在System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups的IdentityReference组）
    {
        groups.Add（group.Translate（typeof运算（NTACCOUNT））的ToString（））;
    }

    返回组;
}
 

解决方案

如果您使用的是.NET 3.5，你可以使用新的 System.DirectoryServices.AccountManagement （S.DS.AM）命名空间，这使得这个有很多比以前更容易。

阅读所有关于它在这里：<打击> 在.NET Framework 3.5 <管理目录安全主体/一>

更新：旧的MSDN杂志文章不在线了，遗憾的是 - 你需要<一个href="http://download.microsoft.com/download/3/A/7/3A7FA450-1F33-41F7-9E6D-3AA95B5A6AEA/MSDNMagazineJanuary2008en-us.chm">download该CHM从微软2008年1月MSDN杂志并阅读文章在那里。

基本上，你需要有一个主体上下文（通常是您的域名），用户主体，然​​后你会得到它的群体很容易：

 公开名单＆LT; GroupPrincipal＆GT; GetGroups（用户名字符串）
{
   名单＆LT; GroupPrincipal＆GT;结果=新名单，其中，GroupPrincipal＆GT;（）;

   //建立域上下文
   PrincipalContext YOURDOMAIN =新PrincipalContext（ContextType.Domain）;

   //找到你的用户
   UserPrincipal用户= UserPrincipal.FindByIdentity（您的域，用户名）;

   //如果找到了 - 抓住它的群体
   如果（用户！= NULL）
   {
      PrincipalSearchResult＆LT;主＆GT;基团= user.GetAuthorizationGroups（）;

      //遍历所有组
      的foreach（在组首席P）
      {
         //确保只添加主体组
         如果（p是GroupPrincipal）
         {
             result.Add（（GroupPrincipal）p）的;
         }
      }
   }

   返回结果;
}
 

而这一切有！您现在有一个结果的授权组（名单）该用户所属的 - 在它们之间迭代，打印出他们的名字或任何你需要做的

更新：的为了访问某些属性，这是不浮出水面 UserPrincipal 对象上，你需要深入底层的DirectoryEntry ：

 公共字符串GetDepartment（主要负责人）
{
    字符串结果=的String.Empty;

    的DirectoryEntry德=（principal.GetUnderlyingObject（），为的DirectoryEntry）;

    如果（德！= NULL）
    {
       如果（de.Properties.Contains（部））
       {
          结果= de.Properties [部门] [0]的ToString（）;
       }
    }

    返回结果;
}
 

更新＃2：的似乎不应该太难把code这两个片段在一起....但确定 - 这里有云：

 公共字符串GetDepartment（字符串的用户名）
{
    字符串结果=的String.Empty;

    //如果你不重复域访问，您可能希望这种方法之外做一次* *
    //并通过它在作为第二个参数！
    PrincipalContext YOURDOMAIN =新PrincipalContext（ContextType.Domain）;

    //找到用户
    UserPrincipal用户= UserPrincipal.FindByIdentity（您的域，用户名）;

    //如果用户被发现
    如果（用户！= NULL）
    {
       //得到的DirectoryEntry底层IT
       的DirectoryEntry德=（user.GetUnderlyingObject（），为的DirectoryEntry）;

       如果（德！= NULL）
       {
          如果（de.Properties.Contains（部））
          {
             结果= de.Properties [部门] [0]的ToString（）;
          }
       }
    }

    返回结果;
}
 

I use this code to get the groups of the current user. But I want to manually give the user and then get his groups. How can I do this?

using System.Security.Principal;

public ArrayList Groups()
{
    ArrayList groups = new ArrayList();

    foreach (IdentityReference group in System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups)
    {
        groups.Add(group.Translate(typeof(NTAccount)).ToString());
    }

    return groups;
}

解决方案

If you're on .NET 3.5 or up, you can use the new System.DirectoryServices.AccountManagement (S.DS.AM) namespace which makes this a lot easier than it used to be.

Read all about it here: Managing Directory Security Principals in the .NET Framework 3.5

Update: older MSDN magazine articles aren't online anymore, unfortunately - you'll need to download the CHM for the January 2008 MSDN magazine from Microsoft and read the article in there.

Basically, you need to have a "principal context" (typically your domain), a user principal, and then you get its groups very easily:

public List<GroupPrincipal> GetGroups(string userName)
{
   List<GroupPrincipal> result = new List<GroupPrincipal>();

   // establish domain context
   PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain);

   // find your user
   UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, userName);

   // if found - grab its groups
   if(user != null)
   {
      PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();

      // iterate over all groups
      foreach(Principal p in groups)
      {
         // make sure to add only group principals
         if(p is GroupPrincipal)
         {
             result.Add((GroupPrincipal)p);
         }
      }
   }

   return result;
}

and that's all there is! You now have a result (a list) of authorization groups that user belongs to - iterate over them, print out their names or whatever you need to do.

Update: In order to access certain properties, which are not surfaced on the UserPrincipal object, you need to dig into the underlying DirectoryEntry:

public string GetDepartment(Principal principal)
{
    string result = string.Empty;

    DirectoryEntry de = (principal.GetUnderlyingObject() as DirectoryEntry);

    if (de != null)
    {
       if (de.Properties.Contains("department"))
       {
          result = de.Properties["department"][0].ToString();
       }
    }

    return result;
}

Update #2: seems shouldn't be too hard to put these two snippets of code together.... but ok - here it goes:

public string GetDepartment(string username)
{
    string result = string.Empty;

    // if you do repeated domain access, you might want to do this *once* outside this method, 
    // and pass it in as a second parameter!
    PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain);

    // find the user
    UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, username);

    // if user is found
    if(user != null)
    {
       // get DirectoryEntry underlying it
       DirectoryEntry de = (user.GetUnderlyingObject() as DirectoryEntry);

       if (de != null)
       {
          if (de.Properties.Contains("department"))
          {
             result = de.Properties["department"][0].ToString();
          }
       }
    }

    return result;
}

这篇关于如何获得在Active Directory中的用户的群体？ （C＃，asp.net）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！