基於深度優先的遞迴判斷域使用者是否是某個組的成員
引用System.DirectoryServices
並匯入名稱空間
using
System.DirectoryServices;
功能:判斷域使用者(登入名稱)是否是某個域安全性群組的成員,域使用者可能屬於多個組,並且所屬的組可能又屬於多個組,所以需要遞迴調用.
private
DirectoryEntry entry
=
new
DirectoryEntry(
"
LDAP://domain
"
,
@"
domain\username
"
,
"
password
"
);
private
bool
UserisGroupMember(
string
UserLogin,
string
RoleName)
{
DirectorySearcher mySearcher
=
new
DirectorySearcher(entry);
mySearcher.Filter
=
string
.Format (
"
(&(objectClass=user)(sAMAccountName={0}))
"
,UserLogin );
mySearcher.PropertiesToLoad.Add (
"
memberof
"
);
SearchResult mysr
=
mySearcher.FindOne();
if
(mysr.Properties .Count
>
1
)
//
返回兩個屬性,一個是內建的adspath,另一個是PropertiesToLoad載入的
{
string
[] memberof
=
new
string
[mysr.Properties[
"
memberof
"
].Count ];
int
i
=
0
;
foreach
( Object myColl
in
mysr.Properties[
"
memberof
"
])
{
memberof[i]
=
myColl.ToString ().Substring (
3
,myColl.ToString ().IndexOf(
"
,
"
)
-
3
);
if
(memberof[i]
==
RoleName)
return
true
;
i
++
;
}//其實這一層迴圈是廣度優先演算法,因為考慮到一個人直接屬於某個安全性群組的可能性要大一些,這樣做效率更高.如果把下面這個迴圈放到上面的if的esle中,就是完全的深度優先了.
foreach
(
string
GroupName
in
memberof)
if
(MemberisGroupMember(GroupName,RoleName))
return
true
;
}
return
false
;
}
private
bool
MemberisGroupMember(
string
GroupName,
string
RoleName)
{
DirectorySearcher mySearcher
=
new
DirectorySearcher(entry);
mySearcher.Filter
=
string
.Format (
"
(&(objectClass=group)(CN={0}))
"
,GroupName );
mySearcher.PropertiesToLoad.Add (
"
memberof
"
);
SearchResult mysr
=
mySearcher.FindOne();
string
memberof;
if
(mysr.Properties.Count
>
1
)
//
返回兩個屬性,一個是內建的adspath,另一個是PropertiesToLoad載入的
{
foreach
( Object myColl
in
mysr.Properties[
"
memberof
"
])
{
memberof
=
myColl.ToString ().Substring (
3
,myColl.ToString ().IndexOf(
"
,
"
)
-
3
);
if
(memberof
==
RoleName)
return
true
;
else
if
(MemberisGroupMember(memberof,RoleName))
return
true
;
}
}
return
false
;
}
