堆栈内存溢出
  简体   繁体   English

如何在C#中获取给定用户/组的安全组权限

[英]How to get security group permissions for a given user/group in C#

 原文  2018-12-12 16:49:25       c#/ active-directory

问题描述

I'm trying to find out what permissions a user has to a given security group. 我试图找出用户对给定安全组具有哪些权限。 For example do the have Read, Read/Write, Admin, etc... 例如,具有读取,读取/写入,管理等...

I get the list of groups they belong to but can't figure out how to get the permissions for those groups. 我得到了它们所属的组的列表,但无法弄清楚如何获取这些组的权限。 

private static void FindUserById(PrincipalSearcher ps, PrincipalContext pc, string name)
{
    var up = new UserPrincipal(pc)
    {
        // EmailAddress = wildcard
        // GivenName = wildcard
        Name = name
    };

    ps.QueryFilter = up;

    foreach (var found in ps.FindAll())
    {
        if (found is UserPrincipal user)
        {
            string line = $"{{\"Name\":\"{user.DisplayName}\", \"Email\": \"{user.EmailAddress}\"}},";
            var groups = user.GetAuthorizationGroups();

            Console.WriteLine(line);
        }
    }
}

1 个解决方案

解决方案1
 0 已采纳  2018-12-12 17:56:41

GetAuthorizationGroups() will give you a list of GroupPrincipal objects. GetAuthorizationGroups()将为您提供GroupPrincipal对象的列表。 However, GroupPrincipal doesn't expose the object's permissions. 但是, GroupPrincipal不会公开对象的权限。 It does use DirectoryEntry behind the scenes, which you can get access to using: 它确实在后台使用DirectoryEntry ,您可以使用以下方法访问: 

var groupDe = (DirectoryEntry) group.GetUnderlyingObject();

Then you can use the ObjectSecurity property to view the permissions on the group object. 然后,您可以使用ObjectSecurity属性查看组对象的权限。

It's not terribly straight-forward though. 但是,这并不十分简单。 This question actually has some pretty thorough code to retrieve the permissions (right in the question). 这个问题实际上有一些相当详尽的代码来检索权限(在问题中正确)。 Particularly this: 特别是: 

var accessRules = groupDe.ObjectSecurity.GetAccessRules(true, true, typeof(NTAccount));

foreach (ActiveDirectoryAccessRule ar in accessRules)
{
    Console.WriteLine($"{ar.IdentityReference.ToString()}");
    Console.WriteLine($"Inherits - {ar.InheritanceType.ToString()}");
    Console.WriteLine($"ObjectType - {ar.ObjectType.ToString()}");
    Console.WriteLine($"InheritedObjectType - {ar.InheritedObjectType.ToString()}");
    Console.WriteLine($"ObjectFlags - {ar.ObjectFlags.ToString()}");
    Console.WriteLine($"AccessControlType - {ar.AccessControlType.ToString()}");
    Console.WriteLine($"ActiveDirectoryRights - {ar.ActiveDirectoryRights.ToString()}");


    Console.WriteLine($"IsInherited - {ar.IsInherited.ToString()}");
    Console.WriteLine($"PropagationFlags - {ar.PropagationFlags.ToString()}");
    Console.WriteLine("-------");
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用C#在Sharepoint 2010中检查用户或组的权限? - How to check permissions for a user or group in Sharepoint 2010 using C#? 使用C#(READ ACL)从LDAP获取组权限 - Get Group Permissions from LDAP with C# (READ ACL) 如何在 AD C# 中检查用户是否是通讯组列表/安全组的成员 - how to check whether a user is a member of distribution list/security group in AD C# .net:如何使用C#将用户添加到Active Directory安全组? - .net : How to add a user to a Active Directory Security Group using C#? 如何在C#中使用用户名和密码在活动目录中找到用户及其所属的安全组? - How do I find a user and the security group they belong to in active directory with their username and password in C#? 如何使用C#在sharepoint 2013中更改组权限 - How to change group permissions in sharepoint 2013 using C# 如何创建本地用户组(在C#中) - How to create a local user group (in C#) C#将安全组添加到另一个安全组 - C# Add security group to another security group 如果其他逻辑排除 AD 安全组的成员,如何获取 C#? - How to get C# If Else Logic To Exclude Members of an AD Security Group? 如何通过C#为安全组设置ManagedBy属性 - How to set ManagedBy property for Security Group via C#
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM