See if user is part of Active Directory group in C# + Asp.net
I need a way to see if a user is part of an active directory group from my .Net 3.5 asp.net c# application.
I am using the standard ldap authentication example off o
-
Brandon Johnson, loved it, I used what you had, but made the following change:
private static string[] GetGroupNames(string domainName, string userName) { List<string> result = new List<string>(); using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, domainName)) { using (PrincipalSearchResult<Principal> src = UserPrincipal.FindByIdentity(principalContext, userName).GetGroups(principalContext)) { src.ToList().ForEach(sr => result.Add(sr.SamAccountName)); } } return result.ToArray(); }讨论(0) -
The code below will work in .net 4.0
private static string[] GetGroupNames(string userName) { List<string> result = new List<string>(); using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "YOURDOMAIN")) { using (PrincipalSearchResult<Principal> src = UserPrincipal.FindByIdentity(pc, userName).GetGroups(pc)) { src.ToList().ForEach(sr => result.Add(sr.SamAccountName)); } } return result.ToArray(); }讨论(0) -
How about this
How to write LDAP query to test if user is member of a group?
讨论(0) -
How to check user is in AD member and specific AD group member
//This Reference and DLL must be attach in your project //using System.DirectoryServices.AccountManagement; public bool IsAuthenticated(string username, string pwd) { using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "xxx.com")) // Your Domain Name { if (pc.ValidateCredentials(username, password)) //User and Password is OK for Active Directory { UserPrincipal user = UserPrincipal.FindByIdentity(pc, username); //Get User Active Directory Information Details if (user != null) { var groups = user.GetAuthorizationGroups(); // Get User Authorized Active Directory Groups foreach (GroupPrincipal group in groups) { if (group.Name.Equals("SpecificActiveDirectoryGroupName")) //Check if user specific group members { return true; } } } } } return false; }讨论(0) -
If you want to check the user groups membership including the nested groups which is indirectly linked to the user parent group you can try use the "tokenGroups" properties as below:
Using System.DirectoryServices public static bool IsMemberOfGroupsToCheck(string DomainServer, string LoginID, string LoginPassword) { string UserDN = "CN=John.Doe-A,OU=Administration Accounts,OU=User Directory,DC=ABC,DC=com" string ADGroupsDNToCheck = "CN=ADGroupTocheck,OU=Administration Groups,OU=Group Directory,DC=ABC,DC=com"; byte[] sid, parentSID; bool check = false; DirectoryEntry parentEntry; DirectoryEntry basechildEntry; string octetSID; basechildEntry = new DirectoryEntry("LDAP://" + DomainServer + "/" + UserDN, LoginID, LoginPassword); basechildEntry.RefreshCache(new String[] { "tokenGroups" }); parentEntry = new DirectoryEntry("LDAP://" + DomainServer + "/" + ADGroupsDNToCheck, LoginID, LoginPassword); parentSID = (byte[])parentEntry.Properties["objectSID"].Value; octetSID = ConvertToOctetString(parentSID, false, false); foreach(Object GroupSid in basechildEntry.Properties["tokenGroups"]) { sid = (byte[])GroupSid; if (ConvertToOctetString(sid,false,false) == octetSID) { check = true; break; } } basechildEntry.Dispose(); parentEntry.Dispose(); return check; }讨论(0) -
Simplest Solution
PrincipalContext pc = new PrincipalContext((Environment.UserDomainName == Environment.MachineName ? ContextType.Machine : ContextType.Domain), Environment.UserDomainName); GroupPrincipal gp = GroupPrincipal.FindByIdentity(pc, "{GroupName}"); UserPrincipal up = UserPrincipal.FindByIdentity(pc, Environment.UserName); up.IsMemberOf(gp);讨论(0)
加载中...
- 热议问题