c# AD域 权限管理

2022-08-29 13:14:54 浏览数 (1)

大家好,又见面了,我是你们的朋友全栈君。

我现在开始第一步,获取AD域用户所在的组,因为我想把菜单和界面按钮的功能由角色组来控制,用户加入角色组就可以获得相应的权限. 这是我的思路.

第一 如何关联AD域 并获取当前登录域的用户所在的角色组 ADUserMessage() 代码如下:

using System; using System.Collections.Generic; using System.DirectoryServices; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Windows.Forms;

namespace WindowsFormsApplication1 { public class AdClass { public static string ADUserMessage() { //获取当前登录域的用户名 和域名 // Console.WriteLine(“用户名:” Environment.UserName Environment.UserDomainName); //Console类 调试的时候使用,在输出界面显示 string adgroup = “”; //用户所属的角色组

//DirectoryEntry 可封装 ActiveDirectory域服务层次结构中的节点或对象,使用此类绑定到对象、读取属性和更新特性 DirectoryEntry entry = new DirectoryEntry(); //直接获取当前域用户所在的信息 //GetDirectoryObject(); 再次登录用户名和密码进行验证 //DirectorySearcher类可对 Active Directory域服务层次结构执行查询;

DirectorySearcher search = new DirectorySearcher(entry); //设置查询的过滤条件

search.Filter = “(SamAccountName=” Environment.UserName “)”; StringBuilder groupNames = new StringBuilder(); try { SearchResult result = search.FindOne(); //得到当前登录用户所在角色组的个数 int propertyCount = result.Properties[“memberOf”].Count; String dn = “”; int equalsIndex, commaIndex;

if (result != null) { MessageBox.Show(“域登录成功”); MessageBox.Show(result.Path.ToString()); //当前登录用户MEMBER OF 的信息 for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter ) { dn = (String)result.Properties[“memberOf”][propertyCounter]; equalsIndex = dn.IndexOf(“=”, 1); commaIndex = dn.IndexOf(“,”, 1); if (-1 == equalsIndex) { adgroup = “”; } groupNames.Append(dn.Substring((equalsIndex 1), (commaIndex – equalsIndex) – 1)); groupNames.Append(“/”); } //得到当前登录域用户的角色组 adgroup = groupNames.ToString(); } } catch (Exception e1) { MessageBox.Show(e1.Message); adgroup = “”; } return adgroup;

}

//连接AD数据库 再次登录用户名和密码进行验证

//”pssword” 是当前登录域的用户的密码; path : LDAP://IP地址/DC=,DC= /* private static DirectoryEntry GetDirectoryObject() { DirectoryEntry entry = null; try { entry = new DirectoryEntry(path, Environment.UserName, “pssword”, AuthenticationTypes.Secure); } catch (Exception ex) { MessageBox.Show(ex.Message); } return entry; } */

public static void GetAllOU() //获取所有用户组 { DirectoryEntry entry = new DirectoryEntry(“LDAP://“); DirectorySearcher search = new DirectorySearcher(entry); //search.Filter = (“(objectClass=organizationalUnit)”); search.Filter = (“(objectClass=user)”); foreach(SearchResult result in search.FindAll()) { //Console.Write(result.GetDirectoryEntry().Name.ToString()); Console.WriteLine(result.GetDirectoryEntry().Name.ToString()); /*Console.WriteLine(result.GetDirectoryEntry().Properties[“objectClass”]); DirectoryEntry user2 = result.GetDirectoryEntry(); foreach(string property in user2.Properties.PropertyNames) { Console.WriteLine(“字段名:” property); } */ } }

public static void GetMail() { DirectoryEntry entry = new DirectoryEntry(); //直接获取当前域用户所在的信息 //GetDirectoryObject(); 再次登录用户名和密码进行验证 DirectorySearcher search = new DirectorySearcher(entry); search.Filter = “(SamAccountName=” Environment.UserName “)”; SearchResult resu2 = search.FindOne(); DirectoryEntry user2 = resu2.GetDirectoryEntry(); Console.WriteLine(user2.Properties[“mail”][0].ToString()); Console.WriteLine(resu2.GetDirectoryEntry().Properties[“mail”][0].ToString()); // Console.WriteLine(user2.Properties[“cn”][0].ToString()); // Console.WriteLine(user2.Properties[“description”][0].ToString()); // Console.WriteLine(user2.Properties[“telephoneNumber”][0].ToString()); // Console.WriteLine(user2.Properties[“initials”][0].ToString());

}

public static DataSet GetAllGroup(string username1) //获取指定用户所有角色组 { MessageBox.Show(“1 username1=” username1.ToString());

StringBuilder userNames = new StringBuilder(); //string adgroup = “”;

DataSet ds = new DataSet(); DataTable dt = new DataTable(“gptb”); ds.Tables.Add(dt); dt.Columns.Add(“GROUPNAME”);

DirectoryEntry entry = new DirectoryEntry(“LDAP://abc“); DirectorySearcher search = new DirectorySearcher(entry); //search.Filter = (“(objectClass=user)”); search.Filter = “(SamAccountName=” username1.ToString() “)”; SearchResult result = search.FindOne(); int propertyCount = result.Properties[“memberOf”].Count; String dn = “”; int equalsIndex, commaIndex; //登录用户MEMBER OF 的信息 for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter ) { dn = (String)result.Properties[“memberOf”][propertyCounter]; equalsIndex = dn.IndexOf(“=”, 1); commaIndex = dn.IndexOf(“,”, 1); if (-1 == equalsIndex) { //adgroup = “”; } userNames.Append(dn.Substring((equalsIndex 1), (commaIndex – equalsIndex) – 1)); //MessageBox.Show(“1=” userNames.ToString()); //userNames.Append(“/”);

//将用户的角色组信息录入到dt中 DataRow dr = dt.NewRow(); dr[“GROUPNAME”] = userNames.ToString(); dt.Rows.Add(dr); userNames.Remove(0, userNames.Length); //清空userName中的内容

} //得到当前登录域用户的角色组 //adgroup = userNames.ToString(); // return adgroup; return ds; }

} }

这样就获得了当前登录到域的用户所在的角色组,显示的结果为: Administrators/Domain Admins/Enterprise Admins/Schema Admins,根据用户组不同显示的结果不一样.

发布者:全栈程序员栈长,转载请注明出处:https://javaforall.cn/145678.html原文链接:https://javaforall.cn

0 人点赞