从Active Directory中获取用户信息
在用户通过AD验证后《基于Active Directory的用户验证》,下一步检索用户信息并显示。
1. 从AD中检索用户信息
/// <summary>
/// This will return a DirectoryEntry object if the user does exist
/// </summary>
/// <param name="UserName"></param>
/// <returns></returns>
public static DirectoryEntry GetUser(string UserName)
{
//create an instance of the DirectoryEntry
DirectoryEntry de = GetDirectoryObject();
//create instance of the direcory searcher
DirectorySearcher deSearch = new DirectorySearcher();
deSearch.SearchRoot =de;
//set the search filter
deSearch.Filter = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" + UserName + "))";
deSearch.SearchScope = SearchScope.Subtree;
//find the first instance
SearchResult results= deSearch.FindOne();
//if found then return, otherwise return Null
if(results !=null)
{
de= new DirectoryEntry(results.Path,ADUser,ADPassword,AuthenticationTypes.Secure);
//if so then return the DirectoryEntry object
return de;
}
else
{
return null;
}
}
创建DirectoryEntry对象实例,注意这里的ADUser/ADPassword不是普通用户帐户,而是具有Account Operator或Administrator的权限。 ADPath可以为空,因为轻量目录访问协议 (LDAP) 提供程序依靠 Windows定位器服务来查找客户端的最佳域控制器 (DC)。但是,要利用无服务器绑定功能,客户端必须在 Active Directory 域控制器上具有帐户,而且无服务器绑定所使用的域控制器将始终位于默认域(与执行绑定的线程的当前安全上下文关联的域)中。(From MSDN)
/// <summary>
/// This is an internal method for retreiving a new directoryentry object
/// </summary>
/// <returns></returns>
private static DirectoryEntry GetDirectoryObject()
{
DirectoryEntry oDE;
oDE = new DirectoryEntry(ADPath, ADUser, ADPassword, AuthenticationTypes.Secure);
return oDE;
}
2. 示例-简单显示AD中帐户属性及属性值
这里简单以string的形式输出:
public string GetUserInfo(string UserName)
{
DirectoryEntry objDirEnt= ADHelper.GetUser(UserName);
StringBuilder sbUserInfo = new StringBuilder();
sbUserInfo.Append("Name = " + objDirEnt.Name + Environment.NewLine);
sbUserInfo.Append("Path = " + objDirEnt.Path + Environment.NewLine + Environment.NewLine);
sbUserInfo.Append("SchemaClassName = " + objDirEnt.SchemaClassName + Environment.NewLine);
sbUserInfo.Append("***" + Environment.NewLine);
sbUserInfo.Append("Properties:" + Environment.NewLine);
foreach(String Key in objDirEnt.Properties.PropertyNames)
{
sbUserInfo.AppendFormat("\t{0} = ", Key);
sbUserInfo.Append("");
foreach(Object objValue in objDirEnt.Properties[Key])
{
sbUserInfo.AppendFormat("\t\t{0}" + Environment.NewLine, objValue);
}
}
return sbUserInfo.ToString();
}
也可以直接访问需要的属性:
string strFirstName = =GetProperty(userSearchResult,"givenName");
/// <summary>
/// This is an override that will allow a property to be extracted directly from
/// a searchresult object
/// </summary>
/// <param name="searchResult"></param>
/// <param name="PropertyName"></param>
/// <returns></returns>
public static string GetProperty(SearchResult searchResult, string PropertyName)
{
if(searchResult.Properties.Contains(PropertyName))
{
return searchResult.Properties[PropertyName][0].ToString() ;
}
else
{
return string.Empty;
}
}
具体用户界面User Interface,请参考如下Reference 1.
References:
1. Rickie, 更新Active Directory/Exchange Address Book的小工具
2. Craig Aroa, ADHelper - An Active Directory Class, http://www.c-sharpcorner.com/Code/2002/Sept/ADClass.asp
3. Rickie, 基于Active Directory的用户验证