How can I determine if a Windows Identity corresponds to a local or a domain user?
I have a WindowsIdentity, which corresponds to an authenticated user. How can I determine if the identity corresponds to a Local User on the machine, a domain user who has been
-
Not sure about mapped domain Admins. I just check for Local and domain Admin of the domain the user is a logged into. Dont access the strings like "builtin\Admin" they differ based on OS language version.
I like to use .net 4.5 Principals approach. You can do something similar if you can use 4.5
So with regard to the Question How can I differentiate between
- DomainUser and LocalUsers
- LocalUser and MappedDomainUser
- DomainUser and MappedDomainUser
Sample code
using System; using System.DirectoryServices.ActiveDirectory; using System.Security.Principal namespace xxxxx { public class UserEnvTools { public static bool IsDomainAdmin() { //returns TRUE for a machine that is on a workgroup So consider GetDomain methods based on scenario if (WindowsIdentity.GetCurrent().User.AccountDomainSid == null) return false; var domainAdmins = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, WindowsIdentity.GetCurrent().User.AccountDomainSid); var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent()); return prin != null && (prin.IsInRole(domainAdmins)); } public static bool IsDomainUser() { //returns TRUE for a machine that is on a workgroup So consider GetDomain methods based on scenario if (WindowsIdentity.GetCurrent().User.AccountDomainSid == null) return false; var domainUsers = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, WindowsIdentity.GetCurrent().User.AccountDomainSid); var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent()); return prin != null && (prin.IsInRole(domainUsers)); } public static bool IsLocalAdmin() { var localAdmins = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null); var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent()); return prin != null && (prin.IsInRole(localAdmins)); } public static bool IsLocalUser() { var localUsers = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null); var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent()); return prin != null && (prin.IsInRole(localUsers)); } // Current security context applies public static Domain GetCurrentUserDomain() { try { return System.DirectoryServices.ActiveDirectory.Domain.GetCurrentDomain(); } // It may be better not to ctach such errors? catch (ActiveDirectoryOperationException) // no Controller/AD Forest can not be contacted {return null;} catch (ActiveDirectoryObjectNotFoundException) // The USers Domain is not known to the controller {return null;} } public static Domain GetCurrentMachineDomain() { try { return System.DirectoryServices.ActiveDirectory.Domain.GetComputerDomain(); } // It may be better not to ctach such errors? catch (ActiveDirectoryOperationException) // no controller or machine is not on a domain { return null; } catch (ActiveDirectoryObjectNotFoundException) // controller found, but the machine is not known { return null; } }讨论(0) -
Assuming
WindowsIdentity.Nameworks likeEnvironment.UserDomainName, if the user name begins with the machine name then it's not on the domain otherwise it is on the domain. This allows you to writepublic static bool IsDomain(WindowsIdentity identity) { string prefix = identity.Name.Split('\\')[0]; if (prefix != Environment.MachineName) return true; else return false; }The UserDomainName property first attempts to get the domain name component of the Windows account name for the current user. If that attempt fails, this property attempts to get the domain name associated with the user name provided by the UserName property. If that attempt fails because the host computer is not joined to a domain, then the host computer name is returned.
You may also filter against a list of available domains (e.g. stored in a DB) for the edge case that a computer name and the domain name are the same.
讨论(0)
加载中...
- 热议问题