基于AD组成员资格限制访问一个WPF视图 [英] Restrict access to a WPF view based on AD group membership

问题描述

我们有一个WPF应用程序。我们想resrict访问基于用户的AD组成员资格的申请。

We have a WPF application. We would like to resrict access to the application based on the users AD group membership.

我们能不能​​这样做，因为对每个视图的属性，或作为检查，当用户启动应用程序？

Could we do this as an attribute on each view, or as a check when the user starts the application?

任何code例子是AP preciated。

Any code example would be appreciated.

推荐答案

要做到这一点对.NET 3.5和最多是使用了 System.DirectoryServices.AccountManagement （S.DS.AM）命名空间。阅读所有关于它的：

The easiest way to do this on .NET 3.5 and up would be to use the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

• 在管理目录安全主体在.NET Framework 3.5
• href="http://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.aspx" rel="nofollow"> MSDN文档

• Managing Directory Security Principals in the .NET Framework 3.5
• MSDN docs on System.DirectoryServices.AccountManagement

基本上，你可以定义域范围内，并很容易地找到在AD用户和/或组：

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// get your group in question
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");

// check if current user is member of that group
UserPrincipal user = UserPrincipal.Current;

if(user.IsMemberOf(group))
{
   // do something here....     
}

新S.DS.AM使得它可以很容易地玩弄用户和组AD！

The new S.DS.AM makes it really easy to play around with users and groups in AD!

这篇关于基于AD组成员资格限制访问一个WPF视图的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！