c# AD域 权限管理
我现在开始第一步,获取AD域用户所在的组,因为我想把菜单和界面按钮的功能由角色组来控制,用户加入角色组就可以获得相应的权限. 这是我的思路.
第一 如何关联AD域 并获取当前登录域的用户所在的角色组 ADUserMessage() 代码如下:
using System;
using System.Collections.Generic;
using System.DirectoryServices;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
namespace WindowsFormsApplication1
{
public class AdClass
{
public static string ADUserMessage()
{
//获取当前登录域的用户名 和域名
// Console.WriteLine("用户名:" + Environment.UserName+Environment.UserDomainName); //Console类 调试的时候使用,在输出界面显示
string adgroup = ""; //用户所属的角色组
//DirectoryEntry 可封装 ActiveDirectory域服务层次结构中的节点或对象,使用此类绑定到对象、读取属性和更新特性
DirectoryEntry entry = new DirectoryEntry(); //直接获取当前域用户所在的信息 //GetDirectoryObject(); 再次登录用户名和密码进行验证
//DirectorySearcher类可对 Active Directory域服务层次结构执行查询;
DirectorySearcher search = new DirectorySearcher(entry);
//设置查询的过滤条件
search.Filter = "(SamAccountName=" + Environment.UserName + ")";
StringBuilder groupNames = new StringBuilder();
try
{
SearchResult result = search.FindOne();
//得到当前登录用户所在角色组的个数
int propertyCount = result.Properties["memberOf"].Count;
String dn = "";
int equalsIndex, commaIndex;
if (result != null)
{
MessageBox.Show("域登录成功");
MessageBox.Show(result.Path.ToString());
//当前登录用户MEMBER OF 的信息
for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
{
dn = (String)result.Properties["memberOf"][propertyCounter];
equalsIndex = dn.IndexOf("=", 1);
commaIndex = dn.IndexOf(",", 1);
if (-1 == equalsIndex)
{
adgroup = "";
}
groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
groupNames.Append("/");
}
//得到当前登录域用户的角色组
adgroup = groupNames.ToString();
}
}
catch (Exception e1)
{
MessageBox.Show(e1.Message);
adgroup = "";
}
return adgroup;
}
//连接AD数据库 再次登录用户名和密码进行验证
//"pssword" 是当前登录域的用户的密码; path : LDAP://IP地址/DC=,DC=
/* private static DirectoryEntry GetDirectoryObject()
{
DirectoryEntry entry = null;
try
{
entry = new DirectoryEntry(path, Environment.UserName, "pssword", AuthenticationTypes.Secure);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
return entry;
}
*/
public static void GetAllOU() //获取所有用户组
{
DirectoryEntry entry = new DirectoryEntry("LDAP://");
DirectorySearcher search = new DirectorySearcher(entry);
//search.Filter = ("(objectClass=organizationalUnit)");
search.Filter = ("(objectClass=user)");
foreach(SearchResult result in search.FindAll())
{
//Console.Write(result.GetDirectoryEntry().Name.ToString());
Console.WriteLine(result.GetDirectoryEntry().Name.ToString());
/*Console.WriteLine(result.GetDirectoryEntry().Properties["objectClass"]);
DirectoryEntry user2 = result.GetDirectoryEntry();
foreach(string property in user2.Properties.PropertyNames)
{
Console.WriteLine("字段名:"+property);
}
*/
}
}
public static void GetMail()
{
DirectoryEntry entry = new DirectoryEntry(); //直接获取当前域用户所在的信息 //GetDirectoryObject(); 再次登录用户名和密码进行验证
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SamAccountName=" + Environment.UserName + ")";
SearchResult resu2 = search.FindOne();
DirectoryEntry user2 = resu2.GetDirectoryEntry();
Console.WriteLine(user2.Properties["mail"][0].ToString());
Console.WriteLine(resu2.GetDirectoryEntry().Properties["mail"][0].ToString());
// Console.WriteLine(user2.Properties["cn"][0].ToString());
// Console.WriteLine(user2.Properties["description"][0].ToString());
// Console.WriteLine(user2.Properties["telephoneNumber"][0].ToString());
// Console.WriteLine(user2.Properties["initials"][0].ToString());
}
public static DataSet GetAllGroup(string username1) //获取指定用户所有角色组
{
MessageBox.Show("1 username1=" + username1.ToString());
StringBuilder userNames = new StringBuilder();
//string adgroup = "";
DataSet ds = new DataSet();
DataTable dt = new DataTable("gptb");
ds.Tables.Add(dt);
dt.Columns.Add("GROUPNAME");
DirectoryEntry entry = new DirectoryEntry("LDAP://abc");
DirectorySearcher search = new DirectorySearcher(entry);
//search.Filter = ("(objectClass=user)");
search.Filter = "(SamAccountName=" + username1.ToString() + ")";
SearchResult result = search.FindOne();
int propertyCount = result.Properties["memberOf"].Count;
String dn = "";
int equalsIndex, commaIndex;
//登录用户MEMBER OF 的信息
for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
{
dn = (String)result.Properties["memberOf"][propertyCounter];
equalsIndex = dn.IndexOf("=", 1);
commaIndex = dn.IndexOf(",", 1);
if (-1 == equalsIndex)
{
//adgroup = "";
}
userNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
//MessageBox.Show("1=" + userNames.ToString());
//userNames.Append("/");
//将用户的角色组信息录入到dt中
DataRow dr = dt.NewRow();
dr["GROUPNAME"] = userNames.ToString();
dt.Rows.Add(dr);
userNames.Remove(0, userNames.Length); //清空userName中的内容
}
//得到当前登录域用户的角色组
//adgroup = userNames.ToString();
// return adgroup;
return ds;
}
}
}
这样就获得了当前登录到域的用户所在的角色组,显示的结果为: Administrators/Domain Admins/Enterprise Admins/Schema Admins,根据用户组不同显示的结果不一样.