堆栈内存溢出
  简体   繁体   English

在活动目录域中使用User.IsInRole()检查组成员身份

[英]using User.IsInRole() across active directory domains to check for group membership

 原文  2012-08-06 21:41:35       windows/ active-directory/ windows-server-2008/ trust

问题描述

I have two domains that are set up with a two way trust. 我有两个通过双向信任设置的域。

Domain A has a group (group A) with a member (User A). 域A具有一个具有成员(用户A)的组(A组)。

Domain B has a group (group B) with Group A (from the other domain) as a member. 域B有一个组(组B),其中组A(来自另一个域)是成员。

I'm checking with: 我正在检查: 

if(User.IsInRole(group B))
{
  // logging in as User A should provide access because this use is part of Group A which is part of Group B
}

but that's not working. 但这不起作用。

what am I missing here? 我在这里想念什么?

1 个解决方案

解决方案1
 0  2015-07-07 15:25:11

This fails for me when run on a machine logged in as the user and joined to that domain. 在以用户身份登录并加入该域的计算机上运行时,这对我而言失败。 

        private static SecurityIdentifier GetGroupSid(string domainName, string groupName)
    {
        using (var d = Domain.GetDomain(new DirectoryContext(DirectoryContextType.Domain, domainName)))
        {
            using (var context = new PrincipalContext(ContextType.Domain, d.Name))
            {
                using (var group = GroupPrincipal.FindByIdentity(context, groupName))
                {
                    return group.Sid;
                }
            }
        }
    }
    [Test]
    public void should_check_role_with_sid()
    {

        var barDomain = "bar.example.com";
        var groupinBar = GetGroupSid(barDomain, "group_in_bar");
        var identity = WindowsIdentity.GetCurrent();
        var windowsPrincipal = new WindowsPrincipal(identity);
        Assert.That(windowsPrincipal.IsInRole(groupinBar), Is.True, "Checking role " + groupinBar);
    }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 根据具有排除项的组成员身份更改活动目录用户属性 - Change active directory users properties based on group membership with exclusions 从 C++ 应用程序中,如何检查 Active Directory 中的特定用户是否属于特定安全组? - From a C++ application, how can I check if a specific user in Active Directory is part of a particular security group? Active Directory用户条目和组条目 - Active Directory user entry, and group entry 如何在用户的Active Directory中添加分散组? - How to add the distrubtion group in Active Directory for a user? 使用Powershell更新Active Directory中的Active Directory用户属性 - Updating Active Directory user properties in Active Directory using Powershell 如何导出Active Directory成员资格? - How do I export Active Directory membership? 从Active Directory获取用户的组成员身份 - Get a user's group memberships from Active Directory 在Windows C ++中检查自定义组的成员身份 - Check membership of custom group in Windows C++ 使用Powershell检查Win32_group成员资格 - Check Win32_group membership with powershell 有没有办法检查计算机的 AD 组成员资格? - Is there a way to check AD group membership for a computer?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM