问题
I have been using Linq to Active Directory a bit but I am finding it difficult to get a list of all roles of which the user is a member. I can retrieve a list of their immediate groups but it isn't recursive.
The reason I am trying to query AD directory is to work around the built-in Role Manager AspNetWindowsTokenRoleProvider which won't let you call Roles.GetRolesForUser(username) unless the username matches the current Windows Identity.
回答1:
Have you taken a look at this?
回答2:
If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:
Managing Directory Security Principals in the .NET Framework 3.5
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
if(user != null)
{
// find the roles....
var roles = user.GetAuthorizationGroups();
// enumerate over them
foreach (Principal p in roles)
{
// do something
}
}
The new S.DS.AM makes it really easy to play around with users and groups in AD:
来源:https://stackoverflow.com/questions/6247117/query-active-directory-to-get-a-users-roles-in-net