如何在ASP.NET MVC中使用PrincipalContext传递UserPrincipal

时间:2014-01-08 16:23:11

标签: .net asp.net-mvc asp.net-mvc-4 active-directory

我有以下代码连接到我们的AD: - 

List<DomainContext> results = new List<DomainContext>();
string ADServerName = System.Web.Configuration.WebConfigurationManager.AppSettings["ADServerName"];

using (var context = new PrincipalContext(ContextType.Domain, ADServerName))
using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
{

以上工作在我们的Dev机器上,AD和asp.net mvc在同一台机器上。目前我需要连接到我们在不同机器上的分段AD。所以我需要将AD服务帐户(用户名和密码)传递给PrincipalContext。有人可以建议吗?我在网上看到我需要使用UserPrincipal,如下所示: - 

public UserPrincipal(
    PrincipalContext context,
    string samAccountName,
    string password,
    bool enabled
)

但我不确定如何相应地修改我的代码?

由于

修改 我试过这个只显示在其尊贵帐户中有brancjA或brachB的用户: - 

public List<DomainContext> GetADUsers(string term=null)
        {
            string[] types = new string[] { "BranchA", "BranchB" };
            List<DomainContext> results = new List<DomainContext>();
            string ADServerName = System.Web.Configuration.WebConfigurationManager.AppSettings["ADServerName"];
            using (var context = new PrincipalContext(ContextType.Domain, ADServerName, "username", "password"))
            using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
            {
                var searchResults = searcher.FindAll();



                foreach (Principal p in searchResults)
                {
                   if ((term == null || p.SamAccountName.ToString().ToUpper().StartsWith(term.ToUpper())) && (types.Contains(p.DistinguishedName)))

但结果是没有用户被退回。你能建议吗?

1 个答案:

答案 0 :(得分:2)

您是在谈论创建PrincipalContext并提供特定凭据(用户名+密码)吗?

查看fabolous MSDN documentation on PrincipalContext - 免费提供任何人 - 使用它!

如您所见,PrincipalContext有几个重载的构造函数允许各种场景:

enter image description here

您可能想要使用this constructor here

public PrincipalContext(
    ContextType contextType,
    string name,
    string userName,
    string password
)

这允许您传入用户名和密码,以便在此上下文中用于所有AD操作。

更新:关于仅返回“普通”用户(并忽略“服务帐户”)的后续问题 - 当您使用PrincipalSearcher时,您可以定义“逐个查询“校长进行搜索:

// create your domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
   // define a "query-by-example" principal - here, we search for a UserPrincipal 
   // and with the first name (GivenName) of "Bruce" and a last name (Surname) of "Miller"
   UserPrincipal qbeUser = new UserPrincipal(ctx);
   qbeUser.GivenName = "Bruce";
   qbeUser.Surname = "Miller";

   // create your principal searcher passing in the QBE principal    
   PrincipalSearcher srch = new PrincipalSearcher(qbeUser);

   // find all matches
   foreach(var found in srch.FindAll())
   {
       // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....          
   }
}

当然,根据您的需要,您可能希望在您创建的“按示例查询”用户主体上指定其他属性:

  • DisplayName(通常:名字+空格+姓氏)
  • SAM Account Name - 您的Windows / AD帐户名称
  • User Principal Name - 您的“username@yourcompany.com”样式名称

您可以在UserPrincipal上指定任何属性,并将其用作PrincipalSearcher的“按示例查询”。真的 - 你只需要找到正确的方法来表达区分“正常”用户和PrincipalSearcher中“服务帐户”的标准,你应该能够做到这一点

更新#2:我的意思是这样的:

// create list to hold results
List<Principal> allNormalUsers = new List<Principal>();            

// first, search OU=BranchA
using (var context = new PrincipalContext(ContextType.Domain, ADServerName, "OU=BranchA,OU=Users", "username", "password"))
using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
{
    allNormalUsers.AddRange(searcher.FindAll());
}

// after that, search OU=BranchB
using (var context = new PrincipalContext(ContextType.Domain, ADServerName, "OU=BranchB,OU=Users", "username", "password"))
using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
{
    allNormalUsers.AddRange(searcher.FindAll());
}

// and now your "allNormalUsers" should contain all "normal" users from OU=BranchA 
// and from OU=BranchB
相关问题
最新问题