如何确定如果Windows身份相当于一个局部或域用户? [英] How can I determine if a Windows Identity corresponds to a local or a domain user?
问题描述
我有一个的WindowsIdentity,这相当于一个身份验证的用户。我怎么能确定身份对应的机器,谁已添加到机器或不可不添加到机器域中的域用户的本地用户?
I have a WindowsIdentity, which corresponds to an authenticated user. How can I determine if the identity corresponds to a Local User on the machine, a domain user who has been added to the machine or a domain not not added to the machine?
让我们只说我有3个用户帐户:
Lets just say I have 3 user accounts:
- DomainUser(会员域用户组,没有添加任何本地组)
- LocalUser上(在计算机上创建本地用户)
- MappedDomainUser(谁已添加到一组机器上的域用户)
如何区分之间
- DomainUser和LocalUsers
- LocalUser上和MappedDomainUser
- DomainUser和MappedDomainUser
截至目前我根据不同的用户名,如果它的机器名开始检查。然后,我通过检查其用户的一部分(如果所有域用户其一部分)的群体进一步分化。不是我敢肯定的最佳方式。
As of now I am depending on the username and checking if it starts with machine name. I then differentiate further by checking the groups of which the user is part of (if its part of All Domain Users). Not the best way I'm sure.
由于我从WindowsIdentity.User属性用户SID,我可以用,不知怎的?
As I have the user sid from the WindowsIdentity.User property, can I use that somehow?
推荐答案
不知道有关映射域管理员。
我只是检查该域的用户是登录到本地和域管理员。
不要访问诸如builtin\Admin字符串它们之间的区别基于操作系统的语言版本。
Not sure about mapped domain Admins. I just check for Local and domain Admin of the domain the user is a logged into. Dont access the strings like "builtin\Admin" they differ based on OS language version.
我喜欢用.NET 4.5校长的办法。
你可以做同样的事情,如果你可以用4.5
I like to use .net 4.5 Principals approach. You can do something similar if you can use 4.5
所以关于问题的
我怎么能
So with regard to the Question How can I differentiate between
- DomainUser和LocalUsers
- LocalUser上和MappedDomainUser
- DomainUser和MappedDomainUser
示例代码
using System;
using System.DirectoryServices.ActiveDirectory;
using System.Security.Principal
namespace xxxxx
{
public class UserEnvTools
{
public static bool IsDomainAdmin()
{ //returns TRUE for a machine that is on a workgroup So consider GetDomain methods based on scenario
if (WindowsIdentity.GetCurrent().User.AccountDomainSid == null)
return false;
var domainAdmins = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid,
WindowsIdentity.GetCurrent().User.AccountDomainSid);
var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent());
return prin != null && (prin.IsInRole(domainAdmins));
}
public static bool IsDomainUser()
{
//returns TRUE for a machine that is on a workgroup So consider GetDomain methods based on scenario
if (WindowsIdentity.GetCurrent().User.AccountDomainSid == null)
return false;
var domainUsers = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid,
WindowsIdentity.GetCurrent().User.AccountDomainSid);
var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent());
return prin != null && (prin.IsInRole(domainUsers));
}
public static bool IsLocalAdmin()
{
var localAdmins = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent());
return prin != null && (prin.IsInRole(localAdmins));
}
public static bool IsLocalUser()
{
var localUsers = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent());
return prin != null && (prin.IsInRole(localUsers));
}
// Current security context applies
public static Domain GetCurrentUserDomain()
{
try
{
return System.DirectoryServices.ActiveDirectory.Domain.GetCurrentDomain();
}
// It may be better not to ctach such errors?
catch (ActiveDirectoryOperationException) // no Controller/AD Forest can not be contacted
{return null;}
catch (ActiveDirectoryObjectNotFoundException) // The USers Domain is not known to the controller
{return null;}
}
public static Domain GetCurrentMachineDomain()
{
try
{
return System.DirectoryServices.ActiveDirectory.Domain.GetComputerDomain();
}
// It may be better not to ctach such errors?
catch (ActiveDirectoryOperationException) // no controller or machine is not on a domain
{ return null; }
catch (ActiveDirectoryObjectNotFoundException) // controller found, but the machine is not known
{ return null; }
}
这篇关于如何确定如果Windows身份相当于一个局部或域用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!