Dav*_*key 6 vb.net asp.net active-directory
我正在使用Active Directory对Intranet站点的用户进行身份验证.我想根据他们在Active Directory中的组来优化经过身份验证的用户.有人可以向我展示或指出如何在ASP.NET 4.0(VB)中找到用户所在的组的方向吗?
小智 11
我意识到这篇文章很老了,但我想我可能会用我正在使用的进程更新它.(ASP.Net 4.0,VB)
如果在域上使用集成的Windows安全性.
Page.User.IsInRole("domain\GroupName") 将检查经过身份验证的用户是否是指定组的成员.
如果您要检查除经过身份验证的用户之外的其他用户组成员身份.
用于检查具有相同用户主体的多个组的两个阶段:
Dim MyPrincipal As New System.Security.Principal.WindowsPrincipal _
(New System.Security.Principal.WindowsIdentity("UserID"))
Dim blnValid1 As Boolean = MyPrincipal.IsInRole("domain\GroupName")
签入单一团体的单一阶段:
Dim blnValid2 As Boolean = New System.Security.Principal.WindowsPrincipal _
(New System.Security.Principal.WindowsIdentity("userID")).IsInRole("domain\GroupName")
注意:: IsInRole方法适用于嵌套组.如果您的顶级组具有作为成员的子组,并且该用户是该子组的成员.
我认为我的最终功能是让用户的所有AD组都包含嵌套组而不显式递归:
导入System.Security.Principal
Private Function GetGroups(userName As String) As List(Of String)
Dim result As New List(Of String)
Dim wi As WindowsIdentity = New WindowsIdentity(userName)
For Each group As IdentityReference In wi.Groups
Try
result.Add(group.Translate(GetType(NTAccount)).ToString())
Catch ex As Exception
End Try
Next
result.Sort()
Return result
End Function
所以只需使用GetGroups("userID").由于此方法使用用户的SID,因此不会进行显式LDAP调用.如果您使用自己的用户名,它将使用缓存的凭据,因此此功能非常快.
Try Catch是必要的,因为在大公司中AD很大,以至于一些SID在太空中迷失了.
我在这里找到了这个。
''' <summary>
''' Function to return all the groups the user is a member od
''' </summary>
''' <param name="_path">Path to bind to the AD</param>
''' <param name="username">Username of the user</param>
''' <param name="password">password of the user</param>
Private Function GetGroups(ByVal _path As String, ByVal username As String, _
ByVal password As String) As Collection
Dim Groups As New Collection
Dim dirEntry As New _
System.DirectoryServices.DirectoryEntry(_path, username, password)
Dim dirSearcher As New DirectorySearcher(dirEntry)
dirSearcher.Filter = String.Format("(sAMAccountName={0}))", username)
dirSearcher.PropertiesToLoad.Add("memberOf")
Dim propCount As Integer
Try
Dim dirSearchResults As SearchResult = dirSearcher.FindOne()
propCount = dirSearchResults.Properties("memberOf").Count
Dim dn As String
Dim equalsIndex As String
Dim commaIndex As String
For i As Integer = 0 To propCount - 1
dn = dirSearchResults.Properties("memberOf")(i)
equalsIndex = dn.IndexOf("=", 1)
commaIndex = dn.IndexOf(",", 1)
If equalsIndex = -1 Then
Return Nothing
End If
If Not Groups.Contains(dn.Substring((equalsIndex + 1), _
(commaIndex - equalsIndex) - 1)) Then
Groups.Add(dn.Substring((equalsIndex + 1), & _
(commaIndex - equalsIndex) - 1))
End If
Next
Catch ex As Exception
If ex.GetType Is GetType(System.NullReferenceException) Then
MessageBox.Show("Selected user isn't a member of any groups " & _
"at this time.", "No groups listed", _
MessageBoxButtons.OK, MessageBoxIcon.Error)
'they are still a good user just does not
'have a "memberOf" attribute so it errors out.
'code to do something else here if you want
Else
MessageBox.Show(ex.Message.ToString, "Search Error", & _
MessageBoxButtons.OK, MessageBoxIcon.Error)
End If
End Try
Return Groups
End Function
End Class