stackoom
  简体   繁体   中英

c# check if the user member of a group?

 原文  2010-12-06 11:51:31       c#/ authentication/ active-directory/ authorization

Question

I have a code that I use to check if the user is member of the AD, worked perfectly,

now I want to add the possibility to check if the user also a member of a group!

what do I need to modify to achieve that, I did some work, but it fails!

so here is my code: 

        //Authenticate a User Against the Directory
        private bool Authenticate(string userName,string password, string domain)
        {

            if (userName == "" || password == "")
            {
                return false;
            }

            bool authentic = false;
            try
            {
                DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain,userName, password);
                object nativeObject = entry.NativeObject;
                authentic = true;
            }
            catch (DirectoryServicesCOMException) { }
            return authentic;
        }

I want to make it like this: 

private bool Authenticate(string userName,string password, string domain, string group)

3 answers

solution1
 24  2010-12-06 12:00:04

This is not available on Windows XP or earlier.

Anyway, in order to check for group membership, you can use this code: 

bool IsInGroup(string user, string group)
{
    using (var identity = new WindowsIdentity(user))
    {
        var principal = new WindowsPrincipal(identity);
        return principal.IsInRole(group);
    }
}

solution2
 7  2010-12-06 12:02:04

在ASP.Net中,您将使用Page.User.IsInRole("RoleName")或者在Windows中,您可以使用System.Threading.Thread.CurrentPrincipal.IsInRole("RoleName")

solution3
 6 ACCPTED  2011-01-05 11:26:51

I solve it with this code 

public bool AuthenticateGroup(string userName, string password, string domain, string group)
    {


        if (userName == "" || password == "")
        {
            return false;
        }

        try
        {
            DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain, userName, password);
            DirectorySearcher mySearcher = new DirectorySearcher(entry);
            mySearcher.Filter = "(&(objectClass=user)(|(cn=" + userName + ")(sAMAccountName=" + userName + ")))";
            SearchResult result = mySearcher.FindOne();

            foreach (string GroupPath in result.Properties["memberOf"])
            {
                if (GroupPath.Contains(group))
                {
                    return true;
                }
            }
        }
        catch (DirectoryServicesCOMException)
        {
        }
        return false;
    }

it works fine for me, and it can be use with a machine not part of the Domain Controller / Active Directory

Thank you all for the help

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question check if user is a member of a group how to check whether a user is a member of distribution list/security group in AD C# Check if user is part of administrator group - C# LDAP : Check if a user is member of a group Check if user is a member of a group (ldap) How to check permissions for a user or group in Sharepoint 2010 using C#? quickest way to check if a user exists in an active directory group in c# how to check if current user is in admin group c# How to check if user is a member of crossdomain group in ldap? ActiveDirectory DirectorySearcher: Check if user is member of a group
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM