Determining members of local groups via C#
I wondered whether anybody knows how to obtain membership of local groups on a remote server programmatically via C#. Would this require administrator permissions? And if so
-
This may possibly help. I had to develop an app where we want to authenticate against active directory, and also examine the groups strings that the user is in.
For a couple of reasons we don't want to use windows authentication, but rather have our own forms based authentication. I developed the routine below to firstly authenticate the user, and secondly examine all the groups that the user belongs to. Perhaps it may help. The routine uses LogonUser to authenticate, and then gets the list of numerical guid-like group ids (SIDs) for that user, and translates each one to a human readable form.
Hope this helps, I had to synthesise this approach from a variety of different google searches.
private int validateUserActiveDirectory() { IntPtr token = IntPtr.Zero; int DBgroupLevel = 0; // make sure you're yourself -- recommended at msdn http://support.microsoft.com/kb/248187 RevertToSelf(); if (LogonUser(txtUserName.Value, propDomain, txtUserPass.Text, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, token) != 0) { // ImpersonateLoggedOnUser not required for us -- we are not doing impersonated stuff, but leave it here for completeness. //ImpersonateLoggedOnUser(token); // do impersonated stuff // end impersonated stuff // ensure that we are the original user CloseHandle(token); RevertToSelf(); System.Security.Principal.IdentityReferenceCollection groups = Context.Request.LogonUserIdentity.Groups; IdentityReference translatedGroup = default(IdentityReference); foreach (IdentityReference g in groups) { translatedGroup = g.Translate(typeof(NTAccount)); if (translatedGroup.Value.ToLower().Contains("desired group")) { inDBGroup = true; return 1; } } } else { return 0; } }
加载中...
- 热议问题