[英]Filter Active Directory users by Company name, Asp.net Core 2.1
The Question问题
I am looking for a way to filter users from active directory based upon the current logged in users Active Directory Company name (found with the AD profile).我正在寻找一种方法,根据当前登录的用户 Active Directory 公司名称(通过 AD 配置文件找到)从 Active Directory 中过滤用户。
To search AD i am currently using the following code, which returns all users including system accounts -要搜索 AD,我目前使用以下代码,该代码返回所有用户,包括系统帐户 -
PrincipalContext context = new PrincipalContext(ContextType.Domain, "mydomain");
var domainUsers = new List<string>();
var userPrincipal = new UserPrincipal(context);
using (var search = new PrincipalSearcher(userPrincipal))
{
foreach (var user in search.FindAll())
{
if (user.DisplayName != null)
{
domainUsers.Add(user.DisplayName);
}
}
}
I am looking for a way to only return users that match the Company name of the current AD logged in user.我正在寻找一种仅返回与当前 AD 登录用户的公司名称匹配的用户的方法。 ie if the company name was Test123 the search results would only include all other users that belong to the Test123 company.
即,如果公司名称是 Test123,则搜索结果将仅包括属于 Test123 公司的所有其他用户。
Background背景
I am developing an asp.net MVC 2.1 web app that requires a dropdown list of users from active directory.我正在开发一个 asp.net MVC 2.1 web 应用程序,它需要来自活动目录的用户下拉列表。
Search All users in Active Directory and match against
company
field.搜索 Active Directory 中的所有用户并匹配
company
字段。
While iterating through a list of all users found based on the query, you can convert the Principal
to DirectoryEntry
since Principal doesnt have the information you need.在遍历基于查询找到的所有用户的列表时,您可以将
Principal
转换为DirectoryEntry
因为 Principal 没有您需要的信息。 DirectoryEntry
has the properties that you can look up and work with, in terms of filtering. DirectoryEntry
具有您可以在过滤方面查找和使用的属性。 Only "company" is used in this example.本示例中仅使用“公司”。
PrincipalContext context = new PrincipalContext(ContextType.Domain, "mydomain");
var domainUsers = new List<string>();
var userPrincipal = new UserPrincipal(context);
string myCompany = "Test123";
using (var search = new PrincipalSearcher(userPrincipal))
{
foreach (Principal user in search.FindAll())
{
string usersCompany = ((DirectoryEntry)user.GetUnderlyingObject())?.Properties["company"]?.Value?.ToString();
if (user.DisplayName != null && usersCompany != null && usersCompany.Equals(myCompany))
{
domainUsers.Add(user.DisplayName);
}
}
}
EDIT编辑
For performance reason, I would recommend using DirectorySearcher
instead of using PrincipalSearcher
.出于性能原因,我建议使用
DirectorySearcher
而不是PrincipalSearcher
。 Here is the other version.这是另一个版本。 Search is done before the
FindAll()
is executed.在执行
FindAll()
之前完成搜索。
string myCompany = "Test123";
string searchQuery = $"(&(objectCategory=user)(objectClass=user)(company={myCompany}))";
// You can define the fields you want retrieved from AD (Noted by @GabrielLuci)
DirectorySearcher ds = new DirectorySearcher(searchQuery,
new string[] { "DisplayName" });
foreach(SearchResult user in ds.FindAll())
{
domainUsers.Add(user.Properties["DisplayName"][0].ToString());
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.