c# AD域 权限管理

大家好，又见面了，我是你们的朋友全栈君。

我现在开始第一步,获取AD域用户所在的组,因为我想把菜单和界面按钮的功能由角色组来控制,用户加入角色组就可以获得相应的权限. 这是我的思路.

第一 如何关联AD域 并获取当前登录域的用户所在的角色组  ADUserMessage() 代码如下:

using System;
using System.Collections.Generic;
using System.DirectoryServices;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;

namespace WindowsFormsApplication1
{

    public class AdClass
    {

        public static string ADUserMessage()
        {

            //获取当前登录域的用户名 和域名
            // Console.WriteLine(“用户名:” + Environment.UserName+Environment.UserDomainName);    //Console类 调试的时候使用,在输出界面显示          
            string adgroup = “”;  //用户所属的角色组

            //DirectoryEntry 可封装 ActiveDirectory域服务层次结构中的节点或对象,使用此类绑定到对象、读取属性和更新特性
            DirectoryEntry entry = new DirectoryEntry(); //直接获取当前域用户所在的信息 //GetDirectoryObject(); 再次登录用户名和密码进行验证
            //DirectorySearcher类可对 Active Directory域服务层次结构执行查询;

            DirectorySearcher search = new DirectorySearcher(entry);
            //设置查询的过滤条件

            search.Filter = “(SamAccountName=” + Environment.UserName + “)”;
            StringBuilder groupNames = new StringBuilder();
            try
            {

                SearchResult result = search.FindOne();
                //得到当前登录用户所在角色组的个数
                int propertyCount = result.Properties[“memberOf”].Count;
                String dn = “”;
                int equalsIndex, commaIndex;

                if (result != null)
                {

                    MessageBox.Show(“域登录成功”);
                    MessageBox.Show(result.Path.ToString());
                    //当前登录用户MEMBER  OF 的信息
                    for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
                    {

                        dn = (String)result.Properties[“memberOf”][propertyCounter];                      
                        equalsIndex = dn.IndexOf(“=”, 1);
                        commaIndex = dn.IndexOf(“,”, 1);                       
                        if (-1 == equalsIndex)
                        {

                            adgroup = “”;
                        }
                        groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex – equalsIndex) – 1));
                        groupNames.Append(“/”);                        
                    }
                    //得到当前登录域用户的角色组
                    adgroup = groupNames.ToString();                   
                }
            }
            catch (Exception e1)
            {

                MessageBox.Show(e1.Message);
                adgroup = “”;               
            }           
            return adgroup;

        }

        //连接AD数据库  再次登录用户名和密码进行验证

       //”pssword” 是当前登录域的用户的密码; path : LDAP://IP地址/DC=,DC=
        /* private static DirectoryEntry GetDirectoryObject()
         {

             DirectoryEntry entry = null;
             try
             {

                 entry = new DirectoryEntry(path, Environment.UserName, “pssword”, AuthenticationTypes.Secure);
             }
             catch (Exception ex)
             {

                 MessageBox.Show(ex.Message);
             }
             return entry;
         }
         */

        public  static void GetAllOU()  //获取所有用户组
        {

            DirectoryEntry entry = new DirectoryEntry(“LDAP://“);
            DirectorySearcher search = new DirectorySearcher(entry);
            //search.Filter = (“(objectClass=organizationalUnit)”);
            search.Filter = (“(objectClass=user)”);
            foreach(SearchResult result in search.FindAll())
            {

                //Console.Write(result.GetDirectoryEntry().Name.ToString());
                Console.WriteLine(result.GetDirectoryEntry().Name.ToString());
                /*Console.WriteLine(result.GetDirectoryEntry().Properties[“objectClass”]);
                DirectoryEntry user2 = result.GetDirectoryEntry();
                foreach(string property in user2.Properties.PropertyNames)
                {

                    Console.WriteLine(“字段名:”+property);
                }
                */
            }
        }

        public static void GetMail()
        {

            DirectoryEntry entry = new DirectoryEntry(); //直接获取当前域用户所在的信息 //GetDirectoryObject(); 再次登录用户名和密码进行验证
            DirectorySearcher search = new DirectorySearcher(entry);
            search.Filter = “(SamAccountName=” + Environment.UserName + “)”;
            SearchResult resu2 = search.FindOne();
            DirectoryEntry user2 = resu2.GetDirectoryEntry();
            Console.WriteLine(user2.Properties[“mail”][0].ToString());
            Console.WriteLine(resu2.GetDirectoryEntry().Properties[“mail”][0].ToString());
           
           // Console.WriteLine(user2.Properties[“cn”][0].ToString());
           // Console.WriteLine(user2.Properties[“description”][0].ToString());
           // Console.WriteLine(user2.Properties[“telephoneNumber”][0].ToString());
           // Console.WriteLine(user2.Properties[“initials”][0].ToString());

        }

       public static DataSet GetAllGroup(string username1)  //获取指定用户所有角色组
        {

            MessageBox.Show(“1 username1=” + username1.ToString());

            StringBuilder userNames = new StringBuilder();
            //string adgroup = “”;

            DataSet ds = new DataSet();
            DataTable dt = new DataTable(“gptb”);
            ds.Tables.Add(dt);
            dt.Columns.Add(“GROUPNAME”);
                      

            DirectoryEntry entry = new DirectoryEntry(“LDAP://abc“);
            DirectorySearcher search = new DirectorySearcher(entry);
            //search.Filter = (“(objectClass=user)”);
            search.Filter = “(SamAccountName=” + username1.ToString() + “)”;
            SearchResult result = search.FindOne();
           
            int propertyCount = result.Properties[“memberOf”].Count;
            String dn = “”;
            int equalsIndex, commaIndex;
            //登录用户MEMBER  OF 的信息
            for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
            {

                dn = (String)result.Properties[“memberOf”][propertyCounter];
                equalsIndex = dn.IndexOf(“=”, 1);
                commaIndex = dn.IndexOf(“,”, 1);
                if (-1 == equalsIndex)
                {

                   //adgroup = “”;
                }
                userNames.Append(dn.Substring((equalsIndex + 1), (commaIndex – equalsIndex) – 1));
                //MessageBox.Show(“1=” + userNames.ToString());
                //userNames.Append(“/”);

               //将用户的角色组信息录入到dt中
                DataRow dr = dt.NewRow();
                dr[“GROUPNAME”] = userNames.ToString();
                dt.Rows.Add(dr);
                userNames.Remove(0, userNames.Length); //清空userName中的内容

            }
            //得到当前登录域用户的角色组
            //adgroup = userNames.ToString();            
            // return adgroup;
            return ds;
        }

    }
}

这样就获得了当前登录到域的用户所在的角色组,显示的结果为: Administrators/Domain Admins/Enterprise Admins/Schema Admins,根据用户组不同显示的结果不一样.