[英]using User.IsInRole() across active directory domains to check for group membership
I have two domains that are set up with a two way trust. 我有两个通过双向信任设置的域。
Domain A has a group (group A) with a member (User A). 域A具有一个具有成员(用户A)的组(A组)。
Domain B has a group (group B) with Group A (from the other domain) as a member. 域B有一个组(组B),其中组A(来自另一个域)是成员。
I'm checking with: 我正在检查:
if(User.IsInRole(group B))
{
// logging in as User A should provide access because this use is part of Group A which is part of Group B
}
but that's not working. 但这不起作用。
what am I missing here? 我在这里想念什么?
This fails for me when run on a machine logged in as the user and joined to that domain. 在以用户身份登录并加入该域的计算机上运行时,这对我而言失败。
private static SecurityIdentifier GetGroupSid(string domainName, string groupName)
{
using (var d = Domain.GetDomain(new DirectoryContext(DirectoryContextType.Domain, domainName)))
{
using (var context = new PrincipalContext(ContextType.Domain, d.Name))
{
using (var group = GroupPrincipal.FindByIdentity(context, groupName))
{
return group.Sid;
}
}
}
}
[Test]
public void should_check_role_with_sid()
{
var barDomain = "bar.example.com";
var groupinBar = GetGroupSid(barDomain, "group_in_bar");
var identity = WindowsIdentity.GetCurrent();
var windowsPrincipal = new WindowsPrincipal(identity);
Assert.That(windowsPrincipal.IsInRole(groupinBar), Is.True, "Checking role " + groupinBar);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.