Check whether current user is a member of an activ

2020-02-29 05:56发布

问题:

I need to check whether current user is a member of an active directory group. I started with getting the current user as below. Now I want to know how to check this CurrentUser is in active directory group "CustomGroup"

string CurrentUser = WindowsIdentity.GetCurrent().Name;

回答1:

You can use the .NET 3.5 System.DirectoryServices.AccountManagement classes. See the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 for details. You can use something like:

string CurrentUser = WindowsIdentity.GetCurrent().Name;

PrincipalContext context = new PrincipalContext(ContextType.Domain, "Domain");
UserPrincipal upUser = UserPrincipal.FindByIdentity(context, CurrentUser);
if(upUser != null)
{
    if (upUser.IsMemberOf(context, IdentityType.SamAccountName, "CustomGroup")) 
    {
        // The user belongs to the group
    }
}


回答2:

Try thisin .NET 3.5 or 4:

PrincipalContext infPC = new PrincipalContext(ContextType.Domain, "domain", "login", "password");
UserPrincipal infUP = new UserPrincipal(infPC);
PrincipalSearcher infPS = new PrincipalSearcher();
UserPrincipal foundUP;
GroupPrincipal infGP = new GroupPrincipal(infPC);
GroupPrincipal foundGP;
string CurrentUser = WindowsIdentity.GetCurrent().Name;

infUP.SamAccountName = CurrentUser;
infPS.QueryFilter = infUP;
foundUP = infPS.FindOne();
infGP.Name = "CustomGroup";
infPS.QueryFilter = infGP;
foundGP = infPS.FindOne();
bool ismember = foundUP.IsMemberOf(foundGP);