Active Directory - 用户的角色

问题描述

我了解如何使用 User.Identity 和 User.IsInRole

I understand how to use User.Identity and User.IsInRole

有没有办法查看用户的所有角色?

Is there a way to see all of the roles a user is in?

我们有很多组，有些人在很多组中，但我不想写 User.IsInRole 20+ 次.

We have a lot of groups and some people are in a lot of groups, but I don't want to write a User.IsInRole 20+ times.

推荐答案

在 Active Directory 上下文中，您所指的角色实际上是用户所属的安全(或授权)组.

In an Active Directory context, the Roles you refer to are really the security (or authorization) groups a user is a member of.

因此，如果您使用 .NET 3.5 及更高版本，则应查看 System.DirectoryServices.AccountManagement (S.DS.AM) 命名空间.在此处阅读所有相关信息:

So if you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

• 在 .NET Framework 3.5 中管理目录安全主体莉>
• 有关 System.DirectoryServices.AccountManagement 的 MSDN 文档

基本上，您可以定义域上下文并轻松找到 AD 中的用户和/或组:

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
   // find a user
   UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

   if(user != null)
   {
       // get the authorization groups - those are the "roles" 
       var groups = user.GetAuthorizationGroups();

       foreach(Principal principal in groups)
       {
           // do something with the group (or role) in question
       }
   }
}

新的 S.DS.AM 使在 AD 中与用户和组一起玩变得非常容易！

The new S.DS.AM makes it really easy to play around with users and groups in AD!