如何在 C# 中获取当前用户的 Active Directory 详细信息
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/637486/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to get the current user's Active Directory details in C#
提问by Sophia
I am working on an C# and ASP.Net application, that uses Windows Authentication.
我正在开发一个使用 Windows 身份验证的 C# 和 ASP.Net 应用程序。
i.e. in Web.config:
即在 Web.config 中:
<system.web>
<authentication mode="Windows" />
</system.web>
I want to get details for the current user (full name, email address, etc) from Active Directory.
我想从 Active Directory 获取当前用户的详细信息(全名、电子邮件地址等)。
I can get their pre Windows 2000 user login name (eg: SOMEDOMAIN\someuser) by using
我可以SOMEDOMAIN\someuser通过使用获得他们的预 Windows 2000 用户登录名(例如:)
string username = HttpContext.Current.Request.ServerVariables["AUTH_USER"];
I've worked out the LDAP query for the user, using their current login name (not their pre Windows 2000 user login name):
我已经为用户计算出 LDAP 查询,使用他们当前的登录名(不是他们的 Windows 2000 之前的用户登录名):
DirectorySearcher adSearch = new DirectorySearcher(
"([email protected])");
SearchResult adSearchResult = adSearch.FindOne();
However, I don't know how to either search AD for the user using their pre W2K login name, or get their login name in the '[email protected]' format.
但是,我不知道如何使用他们的前 W2K 登录名为用户搜索 AD,或者以“[email protected]”格式获取他们的登录名。
Any ideas?
有任何想法吗?
采纳答案by Alan
The "pre Windows 2000" name i.e. DOMAIN\SomeBody, the Somebodyportion is known as sAMAccountName.
“Windows 2000 之前的”名称,即DOMAIN\SomeBody该Somebody部分称为 sAMAccountName。
So try:
所以尝试:
using(DirectoryEntry de = new DirectoryEntry("LDAP://MyDomainController"))
{
using(DirectorySearcher adSearch = new DirectorySearcher(de))
{
adSearch.Filter = "(sAMAccountName=someuser)";
SearchResult adSearchResult = adSearch.FindOne();
}
}
[email protected] is the UserPrincipalName, but it isn't a required field.
[email protected] 是 UserPrincipalName,但它不是必填字段。
回答by marc_s
Alan already gave you the right answer - use the sAMAccountNameto filter your user.
Alan 已经给了您正确的答案 - 使用sAMAccountName过滤您的用户。
I would add a recommendation on your use of DirectorySearcher- if you only want one or two pieces of information, add them into the "PropertiesToLoad"collection of the DirectorySearcher.
我想您所使用的添加一个建议DirectorySearcher-如果你只想要的信息的一个或两片,将它们添加到"PropertiesToLoad"集合DirectorySearcher。
Instead of retrieving the whole big user object and then picking out one or two items, this will just return exactly those bits you need.
不是检索整个大用户对象然后挑选一两个项目,这将只返回您需要的那些位。
Sample:
样本:
adSearch.PropertiesToLoad.Add("sn"); // surname = last name
adSearch.PropertiesToLoad.Add("givenName"); // given (or first) name
adSearch.PropertiesToLoad.Add("mail"); // e-mail addresse
adSearch.PropertiesToLoad.Add("telephoneNumber"); // phone number
Those are just the usual AD/LDAP property names you need to specify.
这些只是您需要指定的常用 AD/LDAP 属性名称。
回答by Dmitri Kouminov
Add reference to COM "Active DS Type Library"
添加对 COM“Active DS 类型库”的引用
Int32 nameTypeNT4 = (int) ActiveDs.ADS_NAME_TYPE_ENUM.ADS_NAME_TYPE_NT4;
Int32 nameTypeDN = (int) ActiveDs.ADS_NAME_TYPE_ENUM.ADS_NAME_TYPE_1779;
Int32 nameTypeUserPrincipalName = (int) ActiveDs.ADS_NAME_TYPE_ENUM.ADS_NAME_TYPE_USER_PRINCIPAL_NAME;
ActiveDs.NameTranslate nameTranslate = new ActiveDs.NameTranslate();
// Convert NT name DOMAIN\User into AD distinguished name
// "CN= User\, Name,OU=IT,OU=All Users,DC=Company,DC=com"
nameTranslate.Set(nameTypeNT4, ntUser);
String distinguishedName = nameTranslate.Get(nameTypeDN);
Console.WriteLine(distinguishedName);
// Convert AD distinguished name "CN= User\, Name,OU=IT,OU=All Users,DC=Company,DC=com"
// into NT name DOMAIN\User
ntUser = String.Empty;
nameTranslate.Set(nameTypeDN, distinguishedName);
ntUser = nameTranslate.Get(nameTypeNT4);
Console.WriteLine(ntUser);
// Convert NT name DOMAIN\User into AD UserPrincipalName [email protected]
nameTranslate.Set(nameTypeNT4, ntUser);
String userPrincipalName = nameTranslate.Get(nameTypeUserPrincipalName);
Console.WriteLine(userPrincipalName);
回答by Brent Pabst
If you're using .NET 3.5 SP1+ the better way to do this is to take a look at the
如果您使用 .NET 3.5 SP1+,更好的方法是查看
System.DirectoryServices.AccountManagement namespace.
It has methods to find people and you can pretty much pass in any username format you want and then returns back most of the basic information you would need. If you need help on loading the more complex objects and properties check out the source code for http://umanage.codeplex.comits got it all.
它具有查找人员的方法,您几乎可以输入您想要的任何用户名格式,然后返回您需要的大部分基本信息。如果您在加载更复杂的对象和属性方面需要帮助,请查看http://umanage.codeplex.com的源代码。
Brent
布伦特
