如何获得在Active Directory中的用户的群体? (C#,asp.net) [英] How to get the groups of a user in Active Directory? (c#, asp.net)
问题描述
我用这个code,以获取当前用户的组。但我想手动给用户,然后得到他的团体。我怎样才能做到这一点?
使用System.Security.Principal;
公开组的ArrayList()
{
ArrayList的组=新的ArrayList();
的foreach(在System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups的IdentityReference组)
{
groups.Add(group.Translate(typeof运算(NTACCOUNT))的ToString());
}
返回组;
}
如果您使用的是.NET 3.5,你可以使用新的 System.DirectoryServices.AccountManagement
(S.DS.AM)命名空间,这使得这个有很多比以前更容易。
阅读所有关于它在这里:<打击> 在.NET Framework 3.5 <管理目录安全主体/一> 击>
更新:旧的MSDN杂志文章不在线了,遗憾的是 - 你需要<一个href="http://download.microsoft.com/download/3/A/7/3A7FA450-1F33-41F7-9E6D-3AA95B5A6AEA/MSDNMagazineJanuary2008en-us.chm">download该CHM从微软2008年1月MSDN杂志并阅读文章在那里。
基本上,你需要有一个主体上下文(通常是您的域名),用户主体,然后你会得到它的群体很容易:
公开名单&LT; GroupPrincipal&GT; GetGroups(用户名字符串)
{
名单&LT; GroupPrincipal&GT;结果=新名单,其中,GroupPrincipal&GT;();
//建立域上下文
PrincipalContext YOURDOMAIN =新PrincipalContext(ContextType.Domain);
//找到你的用户
UserPrincipal用户= UserPrincipal.FindByIdentity(您的域,用户名);
//如果找到了 - 抓住它的群体
如果(用户!= NULL)
{
PrincipalSearchResult&LT;主&GT;基团= user.GetAuthorizationGroups();
//遍历所有组
的foreach(在组首席P)
{
//确保只添加主体组
如果(p是GroupPrincipal)
{
result.Add((GroupPrincipal)p)的;
}
}
}
返回结果;
}
而这一切有!您现在有一个结果的授权组(名单)该用户所属的 - 在它们之间迭代,打印出他们的名字或任何你需要做的
更新:的为了访问某些属性,这是不浮出水面 UserPrincipal
对象上,你需要深入底层的DirectoryEntry
:
公共字符串GetDepartment(主要负责人)
{
字符串结果=的String.Empty;
的DirectoryEntry德=(principal.GetUnderlyingObject(),为的DirectoryEntry);
如果(德!= NULL)
{
如果(de.Properties.Contains(部))
{
结果= de.Properties [部门] [0]的ToString();
}
}
返回结果;
}
更新#2:的似乎不应该太难把code这两个片段在一起....但确定 - 这里有云:
公共字符串GetDepartment(字符串的用户名)
{
字符串结果=的String.Empty;
//如果你不重复域访问,您可能希望这种方法之外做一次* *
//并通过它在作为第二个参数!
PrincipalContext YOURDOMAIN =新PrincipalContext(ContextType.Domain);
//找到用户
UserPrincipal用户= UserPrincipal.FindByIdentity(您的域,用户名);
//如果用户被发现
如果(用户!= NULL)
{
//得到的DirectoryEntry底层IT
的DirectoryEntry德=(user.GetUnderlyingObject(),为的DirectoryEntry);
如果(德!= NULL)
{
如果(de.Properties.Contains(部))
{
结果= de.Properties [部门] [0]的ToString();
}
}
}
返回结果;
}
I use this code to get the groups of the current user. But I want to manually give the user and then get his groups. How can I do this?
using System.Security.Principal;
public ArrayList Groups()
{
ArrayList groups = new ArrayList();
foreach (IdentityReference group in System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups)
{
groups.Add(group.Translate(typeof(NTAccount)).ToString());
}
return groups;
}
If you're on .NET 3.5 or up, you can use the new System.DirectoryServices.AccountManagement
(S.DS.AM) namespace which makes this a lot easier than it used to be.
Read all about it here: Managing Directory Security Principals in the .NET Framework 3.5
Update: older MSDN magazine articles aren't online anymore, unfortunately - you'll need to download the CHM for the January 2008 MSDN magazine from Microsoft and read the article in there.
Basically, you need to have a "principal context" (typically your domain), a user principal, and then you get its groups very easily:
public List<GroupPrincipal> GetGroups(string userName)
{
List<GroupPrincipal> result = new List<GroupPrincipal>();
// establish domain context
PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain);
// find your user
UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, userName);
// if found - grab its groups
if(user != null)
{
PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();
// iterate over all groups
foreach(Principal p in groups)
{
// make sure to add only group principals
if(p is GroupPrincipal)
{
result.Add((GroupPrincipal)p);
}
}
}
return result;
}
and that's all there is! You now have a result (a list) of authorization groups that user belongs to - iterate over them, print out their names or whatever you need to do.
Update: In order to access certain properties, which are not surfaced on the UserPrincipal
object, you need to dig into the underlying DirectoryEntry
:
public string GetDepartment(Principal principal)
{
string result = string.Empty;
DirectoryEntry de = (principal.GetUnderlyingObject() as DirectoryEntry);
if (de != null)
{
if (de.Properties.Contains("department"))
{
result = de.Properties["department"][0].ToString();
}
}
return result;
}
Update #2: seems shouldn't be too hard to put these two snippets of code together.... but ok - here it goes:
public string GetDepartment(string username)
{
string result = string.Empty;
// if you do repeated domain access, you might want to do this *once* outside this method,
// and pass it in as a second parameter!
PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain);
// find the user
UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, username);
// if user is found
if(user != null)
{
// get DirectoryEntry underlying it
DirectoryEntry de = (user.GetUnderlyingObject() as DirectoryEntry);
if (de != null)
{
if (de.Properties.Contains("department"))
{
result = de.Properties["department"][0].ToString();
}
}
}
return result;
}
这篇关于如何获得在Active Directory中的用户的群体? (C#,asp.net)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!