基于深度优先的递归判断域用户是否是某个组的成员引用System.DirectoryServices并导入名称空间
using
System.DirectoryServices;功能:判断域用户(登录名)是否是某个域安全组的成员,域用户可能属于多个组,并且所属的组可能又属于多个组,所以需要递归调用.
private
DirectoryEntry entry
=
new
DirectoryEntry(
"
LDAP://domain
"
,
@"
domain\username
"
,
"
password
"
);
private
bool
UserisGroupMember(
string
UserLogin,
string
RoleName)
{ 
DirectorySearcher mySearcher
=
new
DirectorySearcher(entry); mySearcher.Filter
=
string
.Format (
"
(&(objectClass=user)(sAMAccountName={0}))
"
,UserLogin ); mySearcher.PropertiesToLoad.Add (
"
memberof
"
); SearchResult mysr
=
mySearcher.FindOne();
if
(mysr.Properties .Count
>
1
)
//
返回两个属性,一个是内置的adspath,另一个是PropertiesToLoad加载的
{ 
string
[] memberof
=
new
string
[mysr.Properties[
"
memberof
"
].Count ];
int
i
=
0
;
foreach
( Object myColl
in
mysr.Properties[
"
memberof
"
])
{ memberof[i]
=
myColl.ToString ().Substring (
3
,myColl.ToString ().IndexOf(
"
,
"
)
-
3
);
if
(memberof[i]
==
RoleName)
return
true
; i
++
;
}//其实这一层循环是广度优先算法,因为考虑到一个人直接属于某个安全组的可能性要大一些,这样做效率更高.如果把下面这个循环放到上面的if的esle中,就是完全的深度优先了.
foreach
(
string
GroupName
in
memberof)
if
(MemberisGroupMember(GroupName,RoleName))
return
true
; }
return
false
;
}
private
bool
MemberisGroupMember(
string
GroupName,
string
RoleName)
{ DirectorySearcher mySearcher
=
new
DirectorySearcher(entry); mySearcher.Filter
=
string
.Format (
"
(&(objectClass=group)(CN={0}))
"
,GroupName ); mySearcher.PropertiesToLoad.Add (
"
memberof
"
); SearchResult mysr
=
mySearcher.FindOne();
string
memberof;
if
(mysr.Properties.Count
>
1
)
//
返回两个属性,一个是内置的adspath,另一个是PropertiesToLoad加载的
{
foreach
( Object myColl
in
mysr.Properties[
"
memberof
"
])
{ memberof
=
myColl.ToString ().Substring (
3
,myColl.ToString ().IndexOf(
"
,
"
)
-
3
);
if
(memberof
==
RoleName)
return
true
;
else
if
(MemberisGroupMember(memberof,RoleName))
return
true
; }
}
return
false
; }
