Is there a way to get a list of roles a Windows authenticated user is in, without explicitly checking by WindowsPrincipal.IsInRole method?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
WindowsPrincipal.IsInRole just checks if the user is a member of the group with that name; a Windows Group is a Role. You can get a list of the groups that a user is a member of from the WindowsIdentity.Groups property.
You can get WindowsIdentity from your WindowsPrincipal:
WindowsIdentity identity = WindowsPrincipal.Identity as WindowsIdentity;
or you can get it from a factory method on WindowsIdentity:
WindowsIdentity identity = WindowsIdentity.GetCurrent();
WindowsIdenity.Groups is a collection of IdentityReference which just gives you the SID of the group. If you need the group names you will need to translate the IdentityReference into an NTAccount and get the Value:
var groupNames = from id in identity.Groups
select id.Translate(typeof(NTAccount)).Value;
回答2:
EDIT: Josh beat me to it! :)
Try this
using System;
using System.Security.Principal;
namespace ConsoleApplication5
{
internal class Program
{
private static void Main(string[] args)
{
var identity = WindowsIdentity.GetCurrent();
foreach (var groupId in identity.Groups)
{
var group = groupId.Translate(typeof (NTAccount));
Console.WriteLine(group);
}
}
}
}
回答3:
If you are not connected to the domain server, the Translate function may throw the following exception The trust relationship between this workstation and the primary domain failed.
But for most of the groups, it will be OK, so I use:
foreach(var s in WindowsIdentity.GetCurrent().Groups) {
try {
IdentityReference grp = s.Translate(typeof (NTAccount));
groups.Add(grp.Value);
}
catch(Exception) { }
}
回答4:
In an ASP.NET MVC site, you can do it like this:
Add this to your Web.config:
<system.web>
...
<roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" />
...
</system.web>
Then you can use Roles.GetRolesForUser() to get all the Windows groups that the user is a member of. Make sure you're using System.Web.Security.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 叛逆 的文章《How can I retrieve all the roles (groups) a user i》','https://www.manongdao.com/article-339029.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}