c# AD域 許可權管理
我現在開始第一步,獲取AD域使用者所在的組,因為我想把選單和介面按鈕的功能由角色組來控制,使用者加入角色組就可以獲得相應的許可權. 這是我的思路.
第一 如何關聯AD域 並獲取當前登入域的使用者所在的角色組 ADUserMessage() 程式碼如下:
using System;
using System.Collections.Generic;
using System.DirectoryServices;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
namespace WindowsFormsApplication1
{
public class AdClass
{
public static string ADUserMessage()
{
//獲取當前登入域的使用者名稱 和域名
// Console.WriteLine("使用者名稱:" + Environment.UserName+Environment.UserDomainName); //Console類 除錯的時候使用,在輸出介面顯示
string adgroup = ""; //使用者所屬的角色組
//DirectoryEntry 可封裝 ActiveDirectory域服務層次結構中的節點或物件,使用此類繫結到物件、讀取屬性和更新特性
DirectoryEntry entry = new DirectoryEntry(); //直接獲取當前域使用者所在的資訊 //GetDirectoryObject(); 再次登入使用者名稱和密碼進行驗證
//DirectorySearcher類可對 Active
Directory域服務層次結構執行查詢;
DirectorySearcher search = new DirectorySearcher(entry);
//設定查詢的過濾條件
search.Filter = "(SamAccountName=" + Environment.UserName + ")";
StringBuilder groupNames = new StringBuilder();
try
{
SearchResult result = search.FindOne();
//得到當前登入使用者所在角色組的個數
int propertyCount = result.Properties["memberOf"].Count;
String dn = "";
int equalsIndex, commaIndex;
if (result != null)
{
MessageBox.Show("域登入成功");
MessageBox.Show(result.Path.ToString());
//當前登入使用者MEMBER OF 的資訊
for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
{
dn = (String)result.Properties["memberOf"][propertyCounter];
equalsIndex = dn.IndexOf("=", 1);
commaIndex = dn.IndexOf(",", 1);
if (-1 == equalsIndex)
{
adgroup = "";
}
groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
groupNames.Append("/");
}
//得到當前登入域使用者的角色組
adgroup = groupNames.ToString();
}
}
catch (Exception e1)
{
MessageBox.Show(e1.Message);
adgroup = "";
}
return adgroup;
}
//連線AD資料庫 再次登入使用者名稱和密碼進行驗證
//"pssword" 是當前登入域的使用者的密碼; path :
LDAP://IP地址/DC=,DC=
/* private static DirectoryEntry GetDirectoryObject()
{
DirectoryEntry entry = null;
try
{
entry = new DirectoryEntry(path, Environment.UserName, "pssword", AuthenticationTypes.Secure);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
return entry;
}
*/
public static void GetAllOU() //獲取所有使用者組
{
DirectoryEntry entry = new DirectoryEntry("LDAP://");
DirectorySearcher search = new DirectorySearcher(entry);
//search.Filter = ("(objectClass=organizationalUnit)");
search.Filter = ("(objectClass=user)");
foreach(SearchResult result in search.FindAll())
{
//Console.Write(result.GetDirectoryEntry().Name.ToString());
Console.WriteLine(result.GetDirectoryEntry().Name.ToString());
/*Console.WriteLine(result.GetDirectoryEntry().Properties["objectClass"]);
DirectoryEntry user2 = result.GetDirectoryEntry();
foreach(string property in user2.Properties.PropertyNames)
{
Console.WriteLine("欄位名:"+property);
}
*/
}
}
public static void GetMail()
{
DirectoryEntry entry = new DirectoryEntry(); //直接獲取當前域使用者所在的資訊 //GetDirectoryObject(); 再次登入使用者名稱和密碼進行驗證
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SamAccountName=" + Environment.UserName + ")";
SearchResult resu2 = search.FindOne();
DirectoryEntry user2 = resu2.GetDirectoryEntry();
Console.WriteLine(user2.Properties["mail"][0].ToString());
Console.WriteLine(resu2.GetDirectoryEntry().Properties["mail"][0].ToString());
// Console.WriteLine(user2.Properties["cn"][0].ToString());
// Console.WriteLine(user2.Properties["description"][0].ToString());
// Console.WriteLine(user2.Properties["telephoneNumber"][0].ToString());
// Console.WriteLine(user2.Properties["initials"][0].ToString());
}
public static DataSet GetAllGroup(string username1) //獲取指定使用者所有角色組
{
MessageBox.Show("1 username1=" + username1.ToString());
StringBuilder userNames = new StringBuilder();
//string adgroup = "";
DataSet ds = new DataSet();
DataTable dt = new DataTable("gptb");
ds.Tables.Add(dt);
dt.Columns.Add("GROUPNAME");
DirectoryEntry entry = new DirectoryEntry("LDAP://abc");
DirectorySearcher search = new DirectorySearcher(entry);
//search.Filter = ("(objectClass=user)");
search.Filter = "(SamAccountName=" + username1.ToString() + ")";
SearchResult result = search.FindOne();
int propertyCount = result.Properties["memberOf"].Count;
String dn = "";
int equalsIndex, commaIndex;
//登入使用者MEMBER OF 的資訊
for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
{
dn = (String)result.Properties["memberOf"][propertyCounter];
equalsIndex = dn.IndexOf("=", 1);
commaIndex = dn.IndexOf(",", 1);
if (-1 == equalsIndex)
{
//adgroup = "";
}
userNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
//MessageBox.Show("1=" + userNames.ToString());
//userNames.Append("/");
//將使用者的角色組資訊錄入到dt中
DataRow dr = dt.NewRow();
dr["GROUPNAME"] = userNames.ToString();
dt.Rows.Add(dr);
userNames.Remove(0, userNames.Length); //清空userName中的內容
}
//得到當前登入域使用者的角色組
//adgroup = userNames.ToString();
// return adgroup;
return ds;
}
}
}
這樣就獲得了當前登入到域的使用者所在的角色組,顯示的結果為: Administrators/Domain Admins/Enterprise Admins/Schema Admins,根據使用者組不同顯示的結果不一樣.