• (转) C#对域用户的操作

    [csharp] view plaincopyprint?
    1. using System; 
    2. using System.DirectoryServices; 
    3.   
    4. namespace SystemFrameworks.Helper 
    6.      /// 
    7.      ///活动目录辅助类。封装一系列活动目录操作相关的方法。 
    8.      /// 
    9.      public sealed class ADHelper 
    10.      { 
    11.          /// 
    12.          ///域名 
    13.          /// 
    14.          private static string DomainName = "MyDomain"
    15.          /// 
    16.          /// LDAP 地址 
    17.          /// 
    18.          private static string LDAPDomain = "DC=MyDomain,DC=local"
    19.          /// 
    20.          /// LDAP绑定路径 
    21.          /// 
    22.          private static string ADPath = "LDAP://brooks.mydomain.local"
    23.          /// 
    24.          ///登录帐号 
    25.          /// 
    26.          private static string ADUser = "Administrator"
    27.          /// 
    28.          ///登录密码 
    29.          /// 
    30.          private static string ADPassword = "password"
    31.          /// 
    32.          ///扮演类实例 
    33.          /// 
    34.          private static IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName); 
    35.   
    36.          /// 
    37.          ///用户登录验证结果 
    38.          /// 
    39.          public enum LoginResult 
    40.          { 
    41.               /// 
    42.               ///正常登录 
    43.               /// 
    44.               LOGIN_USER_OK = 0, 
    45.               /// 
    46.               ///用户不存在 
    47.               /// 
    48.               LOGIN_USER_DOESNT_EXIST, 
    49.               /// 
    50.               ///用户帐号被禁用 
    51.               /// 
    52.               LOGIN_USER_ACCOUNT_INACTIVE, 
    53.               /// 
    54.               ///用户密码不正确 
    55.               /// 
    56.               LOGIN_USER_PASSWORD_INCORRECT 
    57.          } 
    58.   
    59.          /// 
    60.          ///用户属性定义标志 
    61.          /// 
    62.          public enum ADS_USER_FLAG_ENUM 
    63.          { 
    64.               /// 
    65.               ///登录脚本标志。如果通过 ADSI LDAP 进行读或写操作时,该标志失效。如果通过 ADSI WINNT,该标志为只读。 
    66.               /// 
    67.               ADS_UF_SCRIPT = 0X0001, 
    68.               /// 
    69.               ///用户帐号禁用标志 
    70.               /// 
    71.               ADS_UF_ACCOUNTDISABLE = 0X0002, 
    72.               /// 
    73.               ///主文件夹标志 
    74.               /// 
    75.               ADS_UF_HOMEDIR_REQUIRED = 0X0008, 
    76.               /// 
    77.               ///过期标志 
    78.               /// 
    79.               ADS_UF_LOCKOUT = 0X0010, 
    80.               /// 
    81.               ///用户密码不是必须的 
    82.               /// 
    83.               ADS_UF_PASSWD_NOTREQD = 0X0020, 
    84.               /// 
    85.               ///密码不能更改标志 
    86.               /// 
    87.               ADS_UF_PASSWD_CANT_CHANGE = 0X0040, 
    88.               /// 
    89.               ///使用可逆的加密保存密码 
    90.               /// 
    91. ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,
    92.               /// 
    93.               ///本地帐号标志 
    94.               /// 
    95.               ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100, 
    96.               /// 
    97.               ///普通用户的默认帐号类型 
    98.               /// 
    99.               ADS_UF_NORMAL_ACCOUNT = 0X0200, 
    100.               /// 
    101.               ///跨域的信任帐号标志 
    102.               /// 
    103.               ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800, 
    104.               /// 
    105.               ///工作站信任帐号标志 
    106.               /// 
    107.               ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x1000, 
    108.               /// 
    109.               ///服务器信任帐号标志 
    110.               /// 
    111.               ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000, 
    112.               /// 
    113.               ///密码永不过期标志 
    114.               /// 
    115.               ADS_UF_DONT_EXPIRE_PASSWD = 0X10000, 
    116.               /// 
    117.               /// MNS 帐号标志 
    118.               /// 
    119.               ADS_UF_MNS_LOGON_ACCOUNT = 0X20000, 
    120.               /// 
    121.               ///交互式登录必须使用智能卡 
    122.               /// 
    123.               ADS_UF_SMARTCARD_REQUIRED = 0X40000, 
    124.               /// 
    125.               ///当设置该标志时,服务帐号(用户或计算机帐号)将通过 Kerberos 委托信任 
    126.               /// 
    127.               ADS_UF_TRUSTED_FOR_DELEGATION = 0X80000, 
    128.               /// 
    129.               ///当设置该标志时,即使服务帐号是通过 Kerberos 委托信任的,敏感帐号不能被委托 
    130.               /// 
    131.               ADS_UF_NOT_DELEGATED = 0X100000, 
    132.               /// 
    133.               ///此帐号需要 DES 加密类型 
    134.               /// 
    135.               ADS_UF_USE_DES_KEY_ONLY = 0X200000, 
    136.               /// 
    137.               ///不要进行 Kerberos 预身份验证 
    138.               /// 
    139.               ADS_UF_DONT_REQUIRE_PREAUTH = 0X4000000, 
    140.               /// 
    141.               ///用户密码过期标志 
    142.               /// 
    143.               ADS_UF_PASSWORD_EXPIRED = 0X800000, 
    144.               /// 
    145.               ///用户帐号可委托标志 
    146.               /// 
    147.               ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0X1000000 
    148.          } 
    149.   
    150.          public ADHelper() 
    151.          { 
    152.               // 
    153.          } 
    155.          #region GetDirectoryObject 
    156.   
    157.          /// 
    158.          ///获得DirectoryEntry对象实例,以管理员登陆AD 
    159.          /// 
    160.          /// 
    161.          private static DirectoryEntry GetDirectoryObject() 
    162.          { 
    163.               DirectoryEntry entry = new DirectoryEntry(ADPath, ADUser, ADPassword, AuthenticationTypes.Secure);
    164.               return entry; 
    165.          } 
    166.   
    167.          /// 
    168.          ///根据指定用户名和密码获得相应DirectoryEntry实体 
    169.          /// 
    170.          /// 
    171.          /// 
    172.          /// 
    173.          private static DirectoryEntry GetDirectoryObject(string userName, string password) 
    174.          { 
    175.               DirectoryEntry entry = new DirectoryEntry(ADPath, userName, password, AuthenticationTypes.None); 
    176.               return entry; 
    177.          } 
    178.   
    179.          /// 
    180.          /// i.e. /CN=Users,DC=creditsights, DC=cyberelves, DC=Com 
    181.          /// 
    182.          /// 
    183.          /// 
    184.          private static DirectoryEntry GetDirectoryObject(string domainReference) 
    185.          { 
    186.               DirectoryEntry entry = new DirectoryEntry(ADPath + domainReference, ADUser, ADPassword, AuthenticationTypes.Secure); 
    187.               return entry; 
    188.          } 
    189.   
    190.          /// 
    191.          ///获得以UserName,Password创建的DirectoryEntry 
    192.          /// 
    193.          /// 
    194.          /// 
    195.          /// 
    196.          /// 
    197.          private static DirectoryEntry GetDirectoryObject(string domainReference, string userName, string password) 
    198.          { 
    199.               DirectoryEntry entry = new DirectoryEntry(ADPath + domainReference, userName, password, AuthenticationTypes.Secure); 
    200.               return entry; 
    201.          } 
    203.          #endregion 
    205.          #region GetDirectoryEntry 
    206.   
    207.          /// 
    208.          ///根据用户公共名称取得用户的 对象 
    209.          /// 
    210.          /// 用户公共名称 
    211.          ///如果找到该用户,则返回用户的 对象;否则返回 null 
    212.          public static DirectoryEntry GetDirectoryEntry(string commonName) 
    213.          { 
    214.               DirectoryEntry de = GetDirectoryObject(); 
    215.               DirectorySearcher deSearch = new DirectorySearcher(de); 
    216.               deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))"
    217.               deSearch.SearchScope = SearchScope.Subtree; 
    218.   
    219.               try 
    220.               { 
    221.                    SearchResult result = deSearch.FindOne(); 
    222.                    de = new DirectoryEntry(result.Path); 
    223.                    return de; 
    224.               } 
    225.               catch 
    226.               { 
    227.                    return null
    228.               } 
    229.          } 
    230.   
    231.          /// 
    232.          ///根据用户公共名称和密码取得用户的 对象。 
    233.          /// 
    234.          /// 用户公共名称 
    235.          /// 用户密码 
    236.          ///如果找到该用户,则返回用户的 对象;否则返回 null 
    237.          public static DirectoryEntry GetDirectoryEntry(string commonName, string password) 
    238.          { 
    239.               DirectoryEntry de = GetDirectoryObject(commonName, password); 
    240.               DirectorySearcher deSearch = new DirectorySearcher(de); 
    241.               deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))"
    242.               deSearch.SearchScope = SearchScope.Subtree; 
    243.   
    244.               try 
    245.               { 
    246.                    SearchResult result = deSearch.FindOne(); 
    247.                    de = new DirectoryEntry(result.Path); 
    248.                    return de; 
    249.               } 
    250.               catch 
    251.               { 
    252.                    return null
    253.               } 
    254.          } 
    255.   
    256.          /// 
    257.          ///根据用户帐号称取得用户的 对象 
    258.          /// 
    259.          /// 用户帐号名 
    260.          ///如果找到该用户,则返回用户的 对象;否则返回 null 
    261.          public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName) 
    262.          { 
    263.               DirectoryEntry de = GetDirectoryObject(); 
    264.               DirectorySearcher deSearch = new DirectorySearcher(de); 
    265.               deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))"
    266.               deSearch.SearchScope = SearchScope.Subtree; 
    267.   
    268.               try 
    269.               { 
    270.                    SearchResult result = deSearch.FindOne(); 
    271.                    de = new DirectoryEntry(result.Path); 
    272.                    return de; 
    273.               } 
    274.               catch 
    275.               { 
    276.                    return null
    277.               } 
    278.          } 
    279.   
    280.          /// 
    281.          ///根据用户帐号和密码取得用户的 对象 
    282.          /// 
    283.          /// 用户帐号名 
    284.          /// 用户密码 
    285.          ///如果找到该用户,则返回用户的 对象;否则返回 null 
    286.          public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName, string password) 
    287.          { 
    288.               DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName); 
    289.               if (de != null
    290.               { 
    291.                    string commonName = de.Properties["cn"][0].ToString(); 
    292.   
    293.                    if (GetDirectoryEntry(commonName, password) != null
    294.                        return GetDirectoryEntry(commonName, password); 
    295.                    else 
    296.                        return null
    297.               } 
    298.               else 
    299.               { 
    300.                    return null
    301.               } 
    302.          } 
    303.   
    304.          /// 
    305.          ///根据组名取得用户组的 对象 
    306.          /// 
    307.          /// 组名 
    308.          /// 
    309.          public static DirectoryEntry GetDirectoryEntryOfGroup(string groupName) 
    310.          { 
    311.               DirectoryEntry de = GetDirectoryObject(); 
    312.               DirectorySearcher deSearch = new DirectorySearcher(de); 
    313.               deSearch.Filter = "(&(objectClass=group)(cn=" + groupName + "))"
    314.               deSearch.SearchScope = SearchScope.Subtree; 
    315.   
    316.               try 
    317.               { 
    318.                    SearchResult result = deSearch.FindOne(); 
    319.                    de = new DirectoryEntry(result.Path); 
    320.                    return de; 
    321.               } 
    322.               catch 
    323.               { 
    324.                    return null
    325.               } 
    326.          } 
    328.          #endregion 
    330.          #region GetProperty 
    331.   
    332.          /// 
    333.          ///获得指定 指定属性名对应的值 
    334.          /// 
    335.          ///  
    336.          /// 属性名称 
    337.          ///属性值 
    338.          public static string GetProperty(DirectoryEntry de, string propertyName) 
    339.          { 
    340.               if(de.Properties.Contains(propertyName)) 
    341.               { 
    342.                    return de.Properties[propertyName][0].ToString() ; 
    343.               } 
    344.               else 
    345.               { 
    346.                    return string.Empty; 
    347.               } 
    348.          } 
    349.   
    350.          /// 
    351.          ///获得指定搜索结果 中指定属性名对应的值 
    352.          /// 
    353.          ///  
    354.          /// 属性名称 
    355.          ///属性值 
    356.          public static string GetProperty(SearchResult searchResult, string propertyName) 
    357.          { 
    358.               if(searchResult.Properties.Contains(propertyName)) 
    359.               { 
    360.                    return searchResult.Properties[propertyName][0].ToString() ; 
    361.               } 
    362.               else 
    363.               { 
    364.                    return string.Empty; 
    365.               } 
    366.          } 
    368.          #endregion 
    369.   
    370.          /// 
    371.          ///设置指定 的属性值 
    372.          /// 
    373.          ///  
    374.          /// 属性名称 
    375.          /// 属性值 
    376.          public static void SetProperty(DirectoryEntry de, string propertyName, string propertyValue) 
    377.          { 
    378.               if(propertyValue != string.Empty || propertyValue != "" || propertyValue != null
    379.               { 
    380.                    if(de.Properties.Contains(propertyName)) 
    381.                    { 
    382.                        de.Properties[propertyName][0] = propertyValue;  
    383.                    } 
    384.                    else 
    385.                    { 
    386.                        de.Properties[propertyName].Add(propertyValue); 
    387.                    } 
    388.               } 
    389.          } 
    390.   
    391.          /// 
    392.          ///创建新的用户 
    393.          /// 
    394.          /// DN 位置。例如:OU=共享平台 或 CN=Users 
    395.          /// 公共名称 
    396.          /// 帐号 
    397.          /// 密码 
    398.          /// 
    399.          public static DirectoryEntry CreateNewUser(string ldapDN, string commonName, string sAMAccountName, string password) 
    400.          { 
    401.               DirectoryEntry entry = GetDirectoryObject(); 
    402.               DirectoryEntry subEntry = entry.Children.Find(ldapDN); 
    403.               DirectoryEntry deUser = subEntry.Children.Add("CN=" + commonName, "user"); 
    404.               deUser.Properties["sAMAccountName"].Value = sAMAccountName; 
    405.               deUser.CommitChanges(); 
    406.               ADHelper.EnableUser(commonName); 
    407.               ADHelper.SetPassword(commonName, password); 
    408.               deUser.Close(); 
    409.               return deUser; 
    410.          } 
    411.   
    412.          /// 
    413.          ///创建新的用户。默认创建在 Users 单元下。 
    414.          /// 
    415.          /// 公共名称 
    416.          /// 帐号 
    417.          /// 密码 
    418.          /// 
    419.          public static DirectoryEntry CreateNewUser(string commonName, string sAMAccountName, string password) 
    420.          { 
    421.               return CreateNewUser("CN=Users", commonName, sAMAccountName, password); 
    422.          } 
    423.   
    424.          /// 
    425.          ///判断指定公共名称的用户是否存在 
    426.          /// 
    427.          /// 用户公共名称 
    428.          ///如果存在,返回 true;否则返回 false 
    429.          public static bool IsUserExists(string commonName) 
    430.          { 
    431.               DirectoryEntry de = GetDirectoryObject(); 
    432.               DirectorySearcher deSearch = new DirectorySearcher(de); 
    433.               deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";       // LDAP 查询串 
    434.               SearchResultCollection results = deSearch.FindAll(); 
    435.   
    436.               if (results.Count == 0) 
    437.                    return false
    438.               else 
    439.                    return true
    440.          } 
    441.   
    442.          /// 
    443.          ///判断用户帐号是否激活 
    444.          /// 
    445.          /// 用户帐号属性控制器 
    446.          ///如果用户帐号已经激活,返回 true;否则返回 false 
    447.          public static bool IsAccountActive(int userAccountControl) 
    448.          { 
    449.               int userAccountControl_Disabled = Convert.ToInt32(ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE); 
    450.               int flagExists = userAccountControl & userAccountControl_Disabled; 
    451.   
    452.               if (flagExists > 0) 
    453.                    return false
    454.               else 
    455.                    return true
    456.          } 
    457.   
    458.          /// 
    459.          ///判断用户与密码是否足够以满足身份验证进而登录 
    460.          /// 
    461.          /// 用户公共名称 
    462.          /// 密码 
    463.          ///如能可正常登录,则返回 true;否则返回 false 
    464.          public static LoginResult Login(string commonName, string password) 
    465.          { 
    466.               DirectoryEntry de = GetDirectoryEntry(commonName); 
    467.   
    468.               if (de != null
    469.               { 
    470.                    // 必须在判断用户密码正确前,对帐号激活属性进行判断;否则将出现异常。 
    471.                    int userAccountControl = Convert.ToInt32(de.Properties["userAccountControl"][0]); 
    472.                    de.Close(); 
    473.   
    474.                    if (!IsAccountActive(userAccountControl)) 
    475.                        return LoginResult.LOGIN_USER_ACCOUNT_INACTIVE; 
    476.   
    477.                    if (GetDirectoryEntry(commonName, password) != null
    478.                        return LoginResult.LOGIN_USER_OK; 
    479.                    else 
    480.                        return LoginResult.LOGIN_USER_PASSWORD_INCORRECT; 
    481.               } 
    482.               else 
    483.               { 
    484.                    return LoginResult.LOGIN_USER_DOESNT_EXIST;  
    485.               } 
    486.          } 
    487.   
    488.          /// 
    489.          ///判断用户帐号与密码是否足够以满足身份验证进而登录 
    490.          /// 
    491.          /// 用户帐号 
    492.          /// 密码 
    493.          ///如能可正常登录,则返回 true;否则返回 false 
    494.          public static LoginResult LoginByAccount(string sAMAccountName, string password) 
    495.          { 
    496.               DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName); 
    497.                     
    498.               if (de != null
    499.               { 
    500.                    // 必须在判断用户密码正确前,对帐号激活属性进行判断;否则将出现异常。 
    501.                    int userAccountControl = Convert.ToInt32(de.Properties["userAccountControl"][0]); 
    502.                    de.Close(); 
    503.   
    504.                    if (!IsAccountActive(userAccountControl)) 
    505.                        return LoginResult.LOGIN_USER_ACCOUNT_INACTIVE; 
    506.   
    507.                    if (GetDirectoryEntryByAccount(sAMAccountName, password) != null
    508.                        return LoginResult.LOGIN_USER_OK; 
    509.                    else 
    510.                        return LoginResult.LOGIN_USER_PASSWORD_INCORRECT; 
    511.               } 
    512.               else 
    513.               { 
    514.                    return LoginResult.LOGIN_USER_DOESNT_EXIST;  
    515.               } 
    516.          } 
    517.   
    518.          /// 
    519.          ///设置用户密码,管理员可以通过它来修改指定用户的密码。 
    520.          /// 
    521.          /// 用户公共名称 
    522.          /// 用户新密码 
    523.          public static void SetPassword(string commonName, string newPassword) 
    524.          { 
    525.               DirectoryEntry de = GetDirectoryEntry(commonName); 
    526.                
    527.               // 模拟超级管理员,以达到有权限修改用户密码 
    528.               impersonate.BeginImpersonate(); 
    529.               de.Invoke("SetPassword", new object[]{newPassword}); 
    530.               impersonate.StopImpersonate(); 
    531.   
    532.               de.Close(); 
    533.          } 
    534.   
    535.          /// 
    536.          ///设置帐号密码,管理员可以通过它来修改指定帐号的密码。 
    537.          /// 
    538.          /// 用户帐号 
    539.          /// 用户新密码 
    540.          public static void SetPasswordByAccount(string sAMAccountName, string newPassword) 
    541.          { 
    542.               DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName); 
    543.   
    544.               // 模拟超级管理员,以达到有权限修改用户密码 
    545.               IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName); 
    546.               impersonate.BeginImpersonate(); 
    547.               de.Invoke("SetPassword", new object[]{newPassword}); 
    548.               impersonate.StopImpersonate(); 
    549.   
    550.               de.Close(); 
    551.          } 
    552.   
    553.          /// 
    554.          ///修改用户密码 
    555.          /// 
    556.          /// 用户公共名称 
    557.          /// 旧密码 
    558.          /// 新密码 
    559.          public static void ChangeUserPassword (string commonName, string oldPassword, string newPassword) 
    560.          { 
    561.               // to-do: 需要解决密码策略问题 
    562.               DirectoryEntry oUser = GetDirectoryEntry(commonName); 
    563.               oUser.Invoke("ChangePassword", new Object[]{oldPassword, newPassword}); 
    564.               oUser.Close(); 
    565.          } 
    566.   
    567.          /// 
    568.          ///启用指定公共名称的用户 
    569.          /// 
    570.          /// 用户公共名称 
    571.          public static void EnableUser(string commonName) 
    572.          { 
    573.               EnableUser(GetDirectoryEntry(commonName)); 
    574.          } 
    575.   
    576.          /// 
    577.          ///启用指定 的用户 
    578.          /// 
    579.          ///  
    580.          public static void EnableUser(DirectoryEntry de) 
    581.          { 
    582.               impersonate.BeginImpersonate(); 
    583.               de.Properties["userAccountControl"][0] = ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD; 
    584.               de.CommitChanges(); 
    585.               impersonate.StopImpersonate(); 
    586.               de.Close(); 
    587.          } 
    588.   
    589.          /// 
    590.          ///禁用指定公共名称的用户 
    591.          /// 
    592.          /// 用户公共名称 
    593.          public static void DisableUser(string commonName) 
    594.          { 
    595.               DisableUser(GetDirectoryEntry(commonName)); 
    596.          } 
    597.   
    598.          /// 
    599.          ///禁用指定 的用户 
    600.          /// 
    601.          ///  
    602.          public static void DisableUser(DirectoryEntry de) 
    603.          { 
    604.               impersonate.BeginImpersonate(); 
    605.               de.Properties["userAccountControl"][0]=ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE; 
    606.               de.CommitChanges(); 
    607.               impersonate.StopImpersonate(); 
    608.               de.Close(); 
    609.          } 
    610.   
    611.          /// 
    612.          ///将指定的用户添加到指定的组中。默认为 Users 下的组和用户。 
    613.          /// 
    614.          /// 用户公共名称 
    615.          /// 组名 
    616.          public static void AddUserToGroup(string userCommonName, string groupName) 
    617.           { 
    618.               DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName); 
    619.               DirectoryEntry oUser = GetDirectoryEntry(userCommonName); 
    620.                
    621.               impersonate.BeginImpersonate(); 
    622.               oGroup.Properties["member"].Add(oUser.Properties["distinguishedName"].Value); 
    623.               oGroup.CommitChanges(); 
    624.               impersonate.StopImpersonate(); 
    625.   
    626.               oGroup.Close(); 
    627.               oUser.Close(); 
    628.          } 
    629.   
    630.          /// 
    631.          ///将用户从指定组中移除。默认为 Users 下的组和用户。 
    632.          /// 
    633.          /// 用户公共名称 
    634.          /// 组名 
    635.          public static void RemoveUserFromGroup(string userCommonName, string groupName) 
    636.          { 
    637.               DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName); 
    638.               DirectoryEntry oUser = GetDirectoryEntry(userCommonName); 
    639.                
    640.               impersonate.BeginImpersonate(); 
    641.               oGroup.Properties["member"].Remove(oUser.Properties["distinguishedName"].Value); 
    642.               oGroup.CommitChanges(); 
    643.               impersonate.StopImpersonate(); 
    644.   
    645.               oGroup.Close(); 
    646.               oUser.Close(); 
    647.          } 
    648.   
    649.      } 
    650.   
    651.      /// 
    652.      ///用户模拟角色类。实现在程序段内进行用户角色模拟。 
    653.      /// 
    654.      public class IdentityImpersonation 
    655.      { 
    656.          [DllImport("advapi32.dll", SetLastError=true)] 
    657.          public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); 
    658.   
    659.          [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)] 
    660.          public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle); 
    661.   
    662.          [DllImport("kernel32.dll", CharSet=CharSet.Auto)] 
    663.          public extern static bool CloseHandle(IntPtr handle); 
    664.   
    665.          // 要模拟的用户的用户名、密码、域(机器名) 
    666.          private String _sImperUsername; 
    667.          private String _sImperPassword; 
    668.          private String _sImperDomain; 
    669.          // 记录模拟上下文 
    670.          private WindowsImpersonationContext _imperContext; 
    671.          private IntPtr _adminToken; 
    672.          private IntPtr _dupeToken; 
    673.          // 是否已停止模拟 
    674.          private Boolean _bClosed; 
    675.   
    676.          /// 
    677.          ///构造函数 
    678.          /// 
    679.          /// 所要模拟的用户的用户名 
    680.          /// 所要模拟的用户的密码 
    681.          /// 所要模拟的用户所在的域 
    682.          public IdentityImpersonation(String impersonationUsername, String impersonationPassword, String impersonationDomain)  
    683.          { 
    684.               _sImperUsername = impersonationUsername; 
    685.               _sImperPassword = impersonationPassword; 
    686.               _sImperDomain = impersonationDomain; 
    687.   
    688.               _adminToken = IntPtr.Zero; 
    689.               _dupeToken = IntPtr.Zero; 
    690.               _bClosed = true
    691.          } 
    692.   
    693.          /// 
    694.          ///析构函数 
    695.          /// 
    696.          ~IdentityImpersonation()  
    697.          { 
    698.               if(!_bClosed)  
    699.               { 
    700.                    StopImpersonate(); 
    701.               } 
    702.          } 
    703.   
    704.          /// 
    705.          ///开始身份角色模拟。 
    706.          /// 
    707.          /// 
    708.          public Boolean BeginImpersonate()  
    709.          { 
    710.               Boolean bLogined = LogonUser(_sImperUsername, _sImperDomain, _sImperPassword, 2, 0, ref _adminToken); 
    711.                          
    712.               if(!bLogined)  
    713.               { 
    714.                    return false
    715.               } 
    716.   
    717.               Boolean bDuped = DuplicateToken(_adminToken, 2, ref _dupeToken); 
    718.   
    719.               if(!bDuped)  
    720.               { 
    721.                    return false
    722.               } 
    723.   
    724.               WindowsIdentity fakeId = new WindowsIdentity(_dupeToken); 
    725.               _imperContext = fakeId.Impersonate(); 
    726.   
    727.               _bClosed = false
    728.   
    729.               return true
    730.          } 
    731.   
    732.          /// 
    733.          ///停止身分角色模拟。 
    734.          /// 
    735.          public void StopImpersonate()  
    736.          { 
    737.               _imperContext.Undo(); 
    738.               CloseHandle(_dupeToken); 
    739.               CloseHandle(_adminToken); 
    740.               _bClosed = true
    741.          } 
    742.      } 
    744.   
    745. 简单的应用 
    746. [WebMethod] 
    747.   public string IsAuthenticated(string UserID,string Password) 
    748.   { 
    749.             string _path = "LDAP://" + adm + "/DC=lamda,DC=com,DC=cn";//"LDAP://172.75.200.1/DC=名字,DC=com,DC=cn"
    750.    string _filterAttribute=null
    751.    
    752.    DirectoryEntry entry = new DirectoryEntry(_path,UserID,Password); 
    753.     
    754.    try 
    755.    { 
    756.     //Bind to the native AdsObject to force authentication. 
    757.     DirectorySearcher search = new DirectorySearcher(entry); 
    758.     search.Filter = "(SAMAccountName=" + UserID + ")"
    759.     SearchResult result = search.FindOne(); 
    760.      
    761.     if(null == result) 
    762.     { 
    763.      _filterAttribute="登录失败: 未知的用户名或错误密码."
    764.     } 
    765.     else 
    766.     { 
    767.      _filterAttribute="true"
    768.     } 
    769.     
    770.    } 
    771.    catch (Exception ex) 
    772.    { 
    773.  
    774.  
    775.      return ex.Message; 
    776.    } 
    777.    return _filterAttribute; 
    778.   } 
    779.   [WebMethod] 
    780.   public string[] LDAPMessage(string UserID) 
    781.   { 
    782.    string _path = "LDAP://"+adm+"/DC=it2004,DC=名字,DC=com,DC=cn"
    783.    string[] _filterAttribute=new string[5]; 
    784.    string[] msg = {"samaccountname","displayname","department","company"}; 
    785.    DirectoryEntry entry = new DirectoryEntry(_path,"180037","790813"); 
    786.     
    787.    try 
    788.    {  
    789.  
    790.     Object obj = entry.NativeObject; 
    791.      
    792.     DirectorySearcher search = new DirectorySearcher(entry); 
    793.     search.Filter = "(SAMAccountName=" + UserID + ")"
    794.     SearchResult result = search.FindOne(); 
    795.      
    796.     if(null == result) 
    797.     { 
    798.      _filterAttribute[0]="登录失败: 未知的用户名或错误密码."
    799.     } 
    800.     else 
    801.     { 
    802.      _filterAttribute[0]="true";   
    803.      for(int propertyCounter = 1; propertyCounter < 5; propertyCounter++) 
    804.      { 
    805.         
    806.       if(propertyCounter==4 &&  result.Properties[msg[propertyCounter-1]][0]==null
    807.        break
    808.       _filterAttribute[propertyCounter]=result.Properties[msg[propertyCounter-1]][0].ToString(); 
    809.        
    810.      } 
    811.     } 
    812.     
    813.    } 
    814.    catch (Exception ex) 
    815.    { 
    816.     //_filterAttribute[0]=ex.Message; 
    817.    } 
    818.    return _filterAttribute; 
    819.   } 
    820.   [WebMethod] 
    821.   public string[] AllMembers()  
    822.   { 
    823.     
    824.    string[] msg; 
    825.    string _path = "LDAP://名字"
    826.    DirectoryEntry entry = new DirectoryEntry(_path,"180037","790813"); 
    827.     
    828.   
    829.    //Bind to the native AdsObject to force authentication. 
    830.    Object obj = entry.NativeObject; 
    831.    System.DirectoryServices.DirectorySearcher mySearcher = new System.DirectoryServices.DirectorySearcher(entry); 
    832.    mySearcher.Filter = "(SAMAccountName=180037)"
    833.    msg=new string[mySearcher.FindAll().Count]; 
    834.    int i=0; 
    835.    foreach(System.DirectoryServices.SearchResult result in mySearcher.FindAll())  
    836.    { 
    837.     msg[i++]=result.Path; 
    838.    } 
    839.    return msg; 
    840.   } 
    841.   
    843.   

     
  • 相关阅读:
    c# 自定义位数生成激活码
    接口interface和抽象类型abstract
    winform自动升级方案
    泛型介绍
    泛型约束形式
    登录状态保持Session/Cookie
    EFCore 2.0引用标量函数
    .net生成条形码
    通用手机号、身份证号等隐藏显示方法
    .net core api Post请求
  • 原文地址:https://www.cnblogs.com/wangyt223/p/2716075.html
Copyright © 2020-2023  润新知