using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.DirectoryServices;
using System.IO;
using System.Security.AccessControl;
namespace FileInfo
{
public class Directory
{
/// <summary>
/// 创建Windows帐号,并分配到guest组
/// </summary>
/// <param name="userName">帐户名</param>
/// <param name="passWord">密码</param>
/// <param name="description">帐号描述</param>
public static bool CreateWinUser(string userName,string passWord,string description)
{
string path = "WinNT://" + Environment.MachineName + ",computer";
try
{
if (!ExistWinUser(userName))
{
DirectoryEntry localMachine = new DirectoryEntry(path);
DirectoryEntry newUser = localMachine.Children.Add(userName, "user");
newUser.Invoke("setPassword", new object[] { passWord });
newUser.Invoke("Put", new object[] { "Description", description });
newUser.CommitChanges();
//将帐号添加到组
DirectoryEntry group = localMachine.Children.Find("Guests", "group");
group.Invoke("Add", new object[] { newUser.Path });
newUser.Close();
localMachine.Close();
return true;
}
else
{
return false;
}
}
catch
{
return false;
}
}
/// <summary>
/// 判断Windows帐号是否存在
/// </summary>
/// <param name="userName">帐户名</param>
/// <returns></returns>
public static bool ExistWinUser(string userName)
{
string path = "WinNT://" + Environment.MachineName + ",computer";
try
{
using (DirectoryEntry localMachine = new DirectoryEntry(path))
{
DirectoryEntry user = localMachine.Children.Find(userName, "user");
return user != null;
}
}
catch
{
return false;
}
}
/// <summary>
/// 修改Windows帐号密码
/// </summary>
/// <param name="userName">帐户名</param>
/// <param name="oldPwd">原密码</param>
/// <param name="newPwd">新密码</param>
public static bool ChangePassword(string userName, string oldPwd, string newPwd)
{
if (ExistWinUser(userName))
{
string path = "WinNT://" + Environment.MachineName + ",computer";
DirectoryEntry localMachine = new DirectoryEntry(path);
DirectoryEntry user = localMachine.Children.Find(userName, "user");
user.Invoke("ChangePassword", new object[] { oldPwd, newPwd });
user.CommitChanges();
user.Close();
localMachine.Close();
return true;
}
else
{
return false;
}
}
/// <summary>
/// 禁用(true)/启用(false) Windows帐号
/// </summary>
/// <param name="userName">帐号名</param>
/// <param name="isDisabled">是否禁用 true:禁用 false:不禁用 </param>
public static bool AccountDisabled(string userName, bool isDisabled)
{
if (ExistWinUser(userName))
{
string path = "WinNT://" + Environment.MachineName + "/" + userName + ",user";
DirectoryEntry user = new DirectoryEntry(path);
user.InvokeSet("AccountDisabled", isDisabled);
user.CommitChanges();
user.Close();
return true;
}
else
{
return false;
}
}
/// <summary>
///删除Windows帐号
/// </summary>
/// <param name="userName">帐号名称</param>
/// <returns>是否删除成功</returns>
public static bool DeleteWinUser(string userName)
{
string path = "WinNT://" + Environment.MachineName + ",computer";
try
{
using (DirectoryEntry localMachine = new DirectoryEntry(path))
{
DirectoryEntry delUser = localMachine.Children.Find(userName);
if (delUser != null)
localMachine.Children.Remove(delUser);
}
return true;
}
catch
{
return false;
}
}
/// <summary>
/// 给文件添加用户和权限(或者目录添加特殊权限)
/// </summary>
/// <param name="filePath">文件地址</param>
/// <param name="userName">用户名</param>
/// <param name="qx">文件权限</param>
public static bool SetFileACL(string filePath, string userName, FileSystemRights qx)
{
try
{
DirectoryInfo dirInfo = new DirectoryInfo(filePath);
//取得访问控制列表
DirectorySecurity dirSecurity = dirInfo.GetAccessControl();
dirSecurity.AddAccessRule(new FileSystemAccessRule(userName, FileSystemRights.Write, AccessControlType.Allow));
dirInfo.SetAccessControl(dirSecurity);
return true;
}
catch
{
return false;
}
}
/// <summary>
/// 给目录添加用户和权限
/// </summary>
/// <param name="foldPath">目录路径</param>
/// <param name="userName">用户名</param>
/// <param name="rights">访问权限</param>
/// <returns>是否添加成功</returns>
public static bool SetFoldACL(string foldPath,string userName,FileSystemRights rights)
{
bool ret=true;
//创建、移动和枚举目录和子目录的实例
DirectoryInfo dirInfo = new DirectoryInfo(foldPath);
//表示目录的访问控制和审核安全
DirectorySecurity dirSecurity = dirInfo.GetAccessControl(AccessControlSections.All);
//确定如何继承权限
InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
//访问规则控制项 确定如何传播权限:PropagationFlags.None
FileSystemAccessRule accRuel = new FileSystemAccessRule(userName, rights, inherits, PropagationFlags.None, AccessControlType.Allow);
//修改目录权限
dirSecurity.ModifyAccessRule(AccessControlModification.Add, accRuel, out ret);
dirInfo.SetAccessControl(dirSecurity);
return ret;
}
}
}
参考资料:http://msdn.microsoft.com/zh-cn/library/system.security.accesscontrol.directorysecurity(VS.80).aspx
操作windows帐户的方法的诀窍在于通过DirectoryEntry 实例调用Invoke,InvokeGet,InvokeSet这三个方法。此三个方法可以对对本机 Active Directory 对象调用方法。操作win帐户的Active Directory 对象就是IADsUser接口。DirectoryEntry 实例通过调用Invoke方法调用IADsUser接口的方法,如上面修改Windows帐户密码就是通过调用IADsUser接口的“ChangePassword”方法;通过InvokeGet和InvokeSet方法调用IADsUser接口的属性,如上面的启用/禁用windows帐户,调用IADsUser接口的“AccountDisabled”属性