Using WEBAPI for Windows Local user management

1. Introduction

Recently, the design and implementation of the company's internal OAuth2.0-based unified identity Certification center, through the carding, the company part of the self-research system can be used OAuth2.0 authentication method, there are some system passive code, not open interface, using Windows users as the system users. In the face of this situation, at the same time, in order to achieve a central one-click Switch Account function, for the non-source, not open interface, using Windows users as system users of the system, separate development interface program, a database of direct operation database to synchronize account password to the database For systems that use Windows users as system users, deploy the Webapi interface on their deployed servers to synchronize administrative users and passwords. This article focuses on the new, deleted, and modified password capabilities of C # for Windows Local Users and lists the capabilities of all local users.

2. Active Directory and DirectoryEntry class

C # manages Windows users, searches on Baidu for a C # operation on a Windows local account, mainly through the import of Netapi32.dll files for Windows local account management. In the past, the ability to modify local user passwords using the DirectoryEntry class has been searched, and the DirectoryEntry class encapsulates nodes or objects in the Active Directory Domain Services hierarchy, as well as adding, removing, and other features to users.

Active Directory
Active Directory is a directory service for Windows Standard Server, Windows Enterprise Server, and Windows Datacenter server. (Active directory cannot be run on Windows Web server, but it can be managed from a computer that is running Windows Web server.) Active Directory stores information about network objects and makes it easy for administrators and users to find and use this information. Active Directory uses a structured approach to data storage, which is used as a basis for logically hierarchical organization of directory information.

Refer to: Basic concepts of Active directory

DirectoryEntry class
The DirectoryEntry class is located under the System.DirectoryServices table space and encapsulates the nodes or objects in the Active Directory Domain Services hierarchy. The DirectoryEntry class uses Active Directory Services Interfaces (ADSI) technology. ADSI is a collection of interfaces that Microsoft provides for flexible tools to handle various network providers. ADSI enables administrators to locate and manage resources on the network relatively easily, regardless of the size of the network.

Refer to: DirectoryEntry class

3. Managing Local Users

Using system;using system.collections.generic;using system.directoryservices;using system.linq;using System.Web; Namespace oauthclient.common{public class Windowsuser:iuser {private static readonly string PATH = "WinNT        ://"+ Environment.MachineName;  <summary>///For all users//</summary>//<returns></returns> public            List<user> Getalluser () {list<user> List = new list<user> ();                using (DirectoryEntry Deroot = new DirectoryEntry (PATH)) {if (Deroot.children! = null) {foreach (DirectoryEntry de in Deroot.children) {if (DE.                            schemaClassName = = "User" | | De.                            schemaClassName = = "Computer" | | De.                      schemaClassName = = "Domain") {User user = new User ()      {name = de. Name, FullName = de. properties["FullName"].                            Value.tostring ()}; List.                        ADD (user);            }}} return list; }}///<summary>//new users///</summary>//<param name= "user" ><            /param>//<returns></returns> public string AddUser (user user) {try  {using (DirectoryEntry Deroot = new DirectoryEntry (PATH)) {using                     (DirectoryEntry de = DEROOT.CHILDREN.ADD (user.name, "user")) {de. properties["FullName"]. ADD (User.fullname); User name de. Invoke ("SetPassword", User.password); User Password de.       Invoke ("Put", "Description", user.description);//user Detailed description                 De. Invoke ("Put", "UserFlags", 66049);                        Password never expires de.commitchanges ();                    return "OK"; }}} catch (Exception ex) {return ex.            Message; }}///<summary>//Remove users///</summary>//<param name= "name" ><             /param>//<returns></returns> public string Removeuser (string name) {Try                    {using (DirectoryEntry Deroot = new DirectoryEntry (PATH)) { using (DirectoryEntry user = DeRoot.Children.Find (name, "user")) {if (user! = N ull) dir.                        Children.remove (user);                    return "OK"; }}} catch (Exception ex) {return ex.    Message;        }}///<summary>//Modify user password///</summary>//<param name= "use            R "></param>///<returns></returns> public string ChangePassword (user user) {                    try {using (DirectoryEntry Deroot = new DirectoryEntry (PATH)) { using (DirectoryEntry de = dir. Children.find (User.Name, "user")) {de.                        Invoke ("SetPassword", new object[] {user.password});                        De.commitchanges ();                    return "OK"; }}} catch (Exception ex) {return ex.            Message; }        }    }}

4. Notes under Webapi

1. Under Webapi, if you use the DirectoryEntry class, you need to add Microsoft.Web.Infrastructure a reference.
2. In Web. config, you would add the following configuration section, or you would report an error denying access.

 <system.web>        <identity impersonate="true" />  </system.web>

Using WEBAPI for Windows Local user management