C# accessing active directory with different user credentials
There is a new user creation application that we have just provided our users. However these users need the ability to creation users through the application even though the
-
You can use the DirectoryEntry class directly and specify the username and password:
DirectoryEntry de = new DirectoryEntry(path); de.Username = "username"; de.Password = "password";And access Active Directory from the de object. Or you can use the
WindowsIdentityclass and and impersonate a User:WindowsIdentity newId = new WindowsIdentity(safeTokenHandle.DangerousGetHandle()); WindowsImpersonationContext impersonatedUser = newId.Impersonate();A full code sample is available at:
Impersonation and DirectoryEntry
讨论(0) -
You can use privileged credentials to connect to AD or to impersonate a privileged user as other answers have suggested.
But this has security implications, since it means your users would be able to use these privileged credentials for other, non-authorized, purposes.
A more secure solution would be to create a web service that runs under a service account with appropriate AD permissions. Users can authenticate to the web service using Windows authentication, and the web service would create users on their behalf. It could use authorization to restrict what users are allowed to do (e.g. only create users in their own department).
讨论(0) -
Use the DirectoryEntry constructor that takes username, password and authenticationType parameters.
As an aside, the
DirectoryEntryDirectorySearcherandSearchResultCollectiontypes areIDisposable- you need to dispose them, probably withusingstatements.讨论(0) -
Use the DirectoryEntry Constructor (String, String, String, AuthenticationTypes) that takes a username and password instead of impersonation.
DirectoryEntry directoryEntry = new DirectoryEntry("IIS://" + serverName + "/W3SVC/1/Root", @"domain\username", "password", AuthenticationTypes.Secure | AuthenticationTypes.Sealing);Reference
讨论(0)
加载中...
- 热议问题