All geek questions in one place

Definition of members of local groups through C #

I was wondering if anyone knows how to use C # to access local groups on a remote server. Will this require administrator permission? And if there is any way to confirm the currently registered membership (or not) of these groups?

+3
source share
6 answers

Howto: (Almost) Everything in Active Directory through C # is very useful, and it also contains instructions on how to iterate AD members in a group.

public ArrayList Groups(string userDn, bool recursive)
{
    ArrayList groupMemberships = new ArrayList();
    return AttributeValuesMultiString("memberOf", userDn,
        groupMemberships, recursive);
}

You will also need this function:

public ArrayList AttributeValuesMultiString(string attributeName,
     string objectDn, ArrayList valuesCollection, bool recursive)
{
    DirectoryEntry ent = new DirectoryEntry(objectDn);
    PropertyValueCollection ValueCollection = ent.Properties[attributeName];
    IEnumerator en = ValueCollection.GetEnumerator();

    while (en.MoveNext())
    {
        if (en.Current != null)
        {
            if (!valuesCollection.Contains(en.Current.ToString()))
            {
                valuesCollection.Add(en.Current.ToString());
                if (recursive)
                {
                    AttributeValuesMultiString(attributeName, "LDAP://" +
                    en.Current.ToString(), valuesCollection, true);
                }
            }
        }
    }
    ent.Close();
    ent.Dispose();
    return valuesCollection;
}

If you now want to use this AD method, you can use the information in this article, but it uses unmanaged code:

http://www.codeproject.com/KB/cs/groupandmembers.aspx

, :

alt text

+4

.net 3.5 System.DirectoryServices.AccountManagement, , System.DirectoryServices. Dominick Baier , : -

public static bool IsUserInGroup(string username, string groupname, ContextType type)
{
    PrincipalContext context = new PrincipalContext(type);

    UserPrincipal user = UserPrincipal.FindByIdentity(
        context,
        IdentityType.SamAccountName,
        username);
    GroupPrincipal group = GroupPrincipal.FindByIdentity(
        context, groupname);

    return user.IsMemberOf(group);
}

, , , !: -)

+2

, -, WMI?

0

, WMI . system.directoryservices.accountmanagement. YMMV, .

0

, System.DirectoryServices.AccountManagement. System.DirectoryServices.ActiveDirectory, COM Interop, ...

0

. , , , .

For several reasons, we don’t want to use Windows authentication, but we have our own forms-based authentication. I developed the subroutine below to first authenticate the user, and secondly, to study all the groups to which the user belongs. Perhaps this may help. This procedure uses LogonUser for authentication, and then obtains a list of group identifiers (SIDs) for this user and converts them into a human-readable form.

Hope this helps, I had to synthesize this approach from various Google searches.

private int validateUserActiveDirectory()
{
    IntPtr token = IntPtr.Zero;
    int DBgroupLevel = 0;

    // make sure you're yourself -- recommended at msdn http://support.microsoft.com/kb/248187
    RevertToSelf();

    if (LogonUser(txtUserName.Value, propDomain, txtUserPass.Text, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, token) != 0) {
        // ImpersonateLoggedOnUser not required for us -- we are not doing impersonated stuff, but leave it here for completeness.
        //ImpersonateLoggedOnUser(token);
        // do impersonated stuff
        // end impersonated stuff

        // ensure that we are the original user
        CloseHandle(token);
        RevertToSelf();

        System.Security.Principal.IdentityReferenceCollection groups = Context.Request.LogonUserIdentity.Groups;
        IdentityReference translatedGroup = default(IdentityReference);

        foreach (IdentityReference g in groups) {
            translatedGroup = g.Translate(typeof(NTAccount));
            if (translatedGroup.Value.ToLower().Contains("desired group")) {
                inDBGroup = true;
                return 1;
            }
        }
    }
    else {
        return 0;
    }
}
0
source

Source: https://habr.com/ru/post/1696693/

More articles:


All Articles