从Active Directory中获取用户信息

从 Active Directory 中获取用户信息 <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

 

在用户通过 AD 验证后《 基于Active Directory的用户验证 》，下一步检索用户信息并显示。

 

1. 从 AD 中检索用户信息

/// <summary>

/// This will return a DirectoryEntry object if the user does exist

/// </summary>

/// <param name="UserName"></param>

/// <returns></returns>

public static DirectoryEntry GetUser(string UserName)

{

      //create an instance of the DirectoryEntry

      DirectoryEntry de = GetDirectoryObject();

 

      //create instance of the direcory searcher

      DirectorySearcher deSearch = new DirectorySearcher();

     

      deSearch.SearchRoot =de;

      //set the search filter

      deSearch.Filter = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" + UserName + "))";

      deSearch.SearchScope = SearchScope.Subtree;

    

      //find the first instance

      SearchResult results= deSearch.FindOne();

 

      //if found then return, otherwise return Null

      if(results !=null)

      {

            de= new DirectoryEntry(results.Path,ADUser,ADPassword,AuthenticationTypes.Secure);

            //if so then return the DirectoryEntry object

            return de;

      }

      else

      {

            return null;

      }

}

 

创建 DirectoryEntry 对象实例，注意这里的 ADUser/ADPassword 不是普通用户帐户，而是具有 Account Operator 或 Administrator 的权限。 ADPath 可以为空，因为轻量目录访问协议 (LDAP) 提供程序依靠 Windows 定位器服务来查找客户端的最佳域控制器 (DC) 。但是，要利用无服务器绑定功能，客户端必须在 Active Directory 域控制器上具有帐户，而且无服务器绑定所使用的域控制器将始终位于默认域（与执行绑定的线程的当前安全上下文关联的域）中。（ From MSDN ）

 

/// <summary>

/// This is an internal method for retreiving a new directoryentry object

/// </summary>

/// <returns></returns>

private static DirectoryEntry GetDirectoryObject()

{

      DirectoryEntry oDE;

     

      oDE = new DirectoryEntry(ADPath, ADUser, ADPassword, AuthenticationTypes.Secure);

 

      return oDE;

}

 

2. 示例－简单显示 AD 中帐户属性及属性值

这里简单以 string 的形式输出 :

public string GetUserInfo(string UserName)

{

      DirectoryEntry objDirEnt= ADHelper.GetUser(UserName);

      StringBuilder sbUserInfo = new StringBuilder();

 

      sbUserInfo.Append("Name = " + objDirEnt.Name + Environment.NewLine);

      sbUserInfo.Append("Path = " + objDirEnt.Path + Environment.NewLine + Environment.NewLine);

      sbUserInfo.Append("SchemaClassName = " + objDirEnt.SchemaClassName + Environment.NewLine);

      sbUserInfo.Append("***" + Environment.NewLine);

      sbUserInfo.Append("Properties:" + Environment.NewLine);

 

      foreach(String Key in objDirEnt.Properties.PropertyNames)

      {

            sbUserInfo.AppendFormat("\t{0} = ", Key);

            sbUserInfo.Append("");

            foreach(Object objValue in objDirEnt.Properties[Key])

            {

                  sbUserInfo.AppendFormat("\t\t{0}" + Environment.NewLine, objValue);

           }

      }

 

      return sbUserInfo.ToString();

}

 

也可以直接访问需要的属性：

string strFirstName = =GetProperty(userSearchResult,"givenName");

 

/// <summary>

/// This is an override that will allow a property to be extracted directly from

/// a searchresult object

/// </summary>

/// <param name="searchResult"></param>

/// <param name="PropertyName"></param>

/// <returns></returns>

public static string GetProperty(SearchResult searchResult, string PropertyName)

{

      if(searchResult.Properties.Contains(PropertyName))

      {

            return searchResult.Properties[PropertyName][0].ToString() ;

      }

      else

      {

            return string.Empty;

      }

}

转载于:https://blog.51cto.com/lj1987/276847