Asp.net

從 asp.net 獲取經過身份驗證的 AD 使用者 objectGuid

  • January 25, 2013

我在 ASP.NET 應用程序中使用 Windows 身份驗證。我想知道如何最好地從目前登錄的使用者那裡獲取 objectGuid?

問候,埃吉爾。

您可以使用 System.DirectoryServices 命名空間來執行此操作。

Dim entry As DirectoryServices.DirectoryEntry
Dim mySearcher As System.DirectoryServices.DirectorySearcher
Dim result As System.DirectoryServices.SearchResult
Dim myEntry As DirectoryEntry
Dim domainName As String
Dim userId As String
Dim objectGuid As Guid

'Split the username into domain and userid parts
domainName = Page.User.Identity.Name.Substring(0, Page.User.Identity.Name.IndexOf("\"))
userId = Page.User.Identity.Name.Substring(Page.User.Identity.Name.IndexOf("\") + 1)

'Start at the top level domain
entry = New DirectoryEntry(domainName)

mySearcher = New DirectorySearcher(entry)

'Build a filter for just the user
mySearcher.Filter = ("(&(anr=" & userId & ")(objectClass=user))")

'Get the search result ...
result = mySearcher.FindOne

'... and then get the AD entry that goes with it
myEntry = result.GetDirectoryEntry

'The Guid property is the objectGuid
objectGuid = myEntry.Guid

可能有更好的方法來做到這一點,但這有效!

建議的解決方案相當昂貴。與其通過域和使用者名進行搜尋,更好的解決方案是使用 SID 來查找帳戶:

// using System.Security.Principal;
IPrincipal userPrincipal = HttpContext.Current.User;
WindowsIdentity windowsId = userPrincipal.Identity as WindowsIdentity;
if (windowsId != null)
{
   SecurityIdentifier sid = windowsId.User;

   using(DirectoryEntry userDe = new DirectoryEntry("LDAP://<SID=" + sid.Value + ">"))
   {
       Guid objectGuid = new Guid(userDe.NativeGuid);
   }
}

引用自:https://stackoverflow.com/questions/315403

相關問答

Asp.net

System.DirectoryServices - 伺服器無法執行

  • February 27, 2018
檢視問答
Asp.net

ASP.NET 中的 ActiveDirectory 目前使用者名

  • August 30, 2013
檢視問答
Asp.net

ASP.NET 中的 Windows 身份驗證模式使用 Active Directory 組名(Windows 2000 之前)?

  • January 12, 2010
檢視問答
Asp.net

使用表單身份驗證進行模擬

  • June 30, 2009
檢視問答
Asp.net

Web 應用程序使用視窗域帳戶進行身份驗證

  • December 11, 2008
檢視問答
Asp.net

ASP.NET MVC 如何創建自定義角色提供程序

  • August 12, 2021
檢視問答