1. 技术文章
  2. c# check if the user member of a group?

c# check if the user member of a group?

本秂侑毒 提交于 2019-12-17 18:57:14

问题


I have a code that I use to check if the user is member of the AD, worked perfectly,

now I want to add the possibility to check if the user also a member of a group!

what do I need to modify to achieve that, I did some work, but it fails!

so here is my code:

        //Authenticate a User Against the Directory
        private bool Authenticate(string userName,string password, string domain)
        {

            if (userName == "" || password == "")
            {
                return false;
            }

            bool authentic = false;
            try
            {
                DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain,userName, password);
                object nativeObject = entry.NativeObject;
                authentic = true;
            }
            catch (DirectoryServicesCOMException) { }
            return authentic;
        }

I want to make it like this:

private bool Authenticate(string userName,string password, string domain, string group)

回答1:


This is not available on Windows XP or earlier.

Anyway, in order to check for group membership, you can use this code:

bool IsInGroup(string user, string group)
{
    using (var identity = new WindowsIdentity(user))
    {
        var principal = new WindowsPrincipal(identity);
        return principal.IsInRole(group);
    }
}



回答2:


In ASP.Net you will use Page.User.IsInRole("RoleName") or in Windows you can use System.Threading.Thread.CurrentPrincipal.IsInRole("RoleName")




回答3:


I solve it with this code

public bool AuthenticateGroup(string userName, string password, string domain, string group)
    {


        if (userName == "" || password == "")
        {
            return false;
        }

        try
        {
            DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain, userName, password);
            DirectorySearcher mySearcher = new DirectorySearcher(entry);
            mySearcher.Filter = "(&(objectClass=user)(|(cn=" + userName + ")(sAMAccountName=" + userName + ")))";
            SearchResult result = mySearcher.FindOne();

            foreach (string GroupPath in result.Properties["memberOf"])
            {
                if (GroupPath.Contains(group))
                {
                    return true;
                }
            }
        }
        catch (DirectoryServicesCOMException)
        {
        }
        return false;
    }

it works fine for me, and it can be use with a machine not part of the Domain Controller / Active Directory

Thank you all for the help



来源:https://stackoverflow.com/questions/4366090/c-sharp-check-if-the-user-member-of-a-group

标签
c#
authentication
active-directory
authorization
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!