如何在使用AccountManagement Extension Class时设置二进制属性?

时间:2013-01-28 16:46:30

标签: c# .net-4.0 active-directory directoryservices account-management

我正在使用custom class to expose some custom schema in Active Directory。我存储一个二进制blob,根据项目要求,这些数据必须存储在AD中,我不能使用外部存储(如果可以的话,我会这样做)。

当我创建用户时,它会保存blob。我也可以很好地检索blob并获取我的所有数据。问题是如果我需要更新值并且我收到错误

小例子程序:

using System;
using System.DirectoryServices.AccountManagement;

namespace SandboxConsole40
{
    class Program
    {
        static void Main(string[] args)
        {
            using(var context = new PrincipalContext(ContextType.Domain))
            {
                using (var clear = ExamplePrincipal.FindByIdentity(context, "example"))
                {
                    if (clear != null)
                        clear.Delete();
                }

                using (var create = new ExamplePrincipal(context, "example", "Password1", false))
                {
                    create.Save();
                }

                using (var set = ExamplePrincipal.FindByIdentity(context, "example"))
                {
                    set.BlobData = new byte[] { 0xDE, 0xAD, 0xBE, 0xEF }; //This fails with method 2.
                    set.Save();
                }

                using (var lookup = ExamplePrincipal.FindByIdentity(context, "example"))
                {
                    Console.WriteLine(BitConverter.ToString(lookup.BlobData));
                }

                using (var update = ExamplePrincipal.FindByIdentity(context, "example"))
                {
                    update.BlobData = new byte[] { 0x12, 0x34, 0x56, 0x67 };
                    update.Save(); //This save fails with method 1.
                }
            }

            Console.WriteLine("Done");
            Console.ReadLine();
        }

        [DirectoryObjectClass("user")]
        [DirectoryRdnPrefix("CN")]
        class ExamplePrincipal : UserPrincipal
        {
            public ExamplePrincipal(PrincipalContext context) : base(context) { }

            public ExamplePrincipal(PrincipalContext context, string samAccountName, string password, bool enabled)
                : base(context, samAccountName, password, enabled) { }

            public static new ExamplePrincipal FindByIdentity(PrincipalContext context, string identityValue)
            {
                return (ExamplePrincipal)FindByIdentityWithType(context, typeof(ExamplePrincipal), identityValue);
            }

            [DirectoryProperty("vwBlobData")]
            public byte[] BlobData
            {
                get
                {
                    if (ExtensionGet("vwBlobData").Length != 1)
                        return null;

                    return (byte[])ExtensionGet("vwBlobData")[0];
                }
                set
                {
                    //method 1
                    this.ExtensionSet("vwBlobData",  value );

                    //method 2
                    //this.ExtensionSet("vwBlobData", new object[] { value});
                }
            }
        }
    }
}

如果我使用方法1,我在update.Save()操作

上会出现以下异常
System.DirectoryServices.AccountManagement.PrincipalOperationException was unhandled
  HResult=-2146233087
  Message=The specified directory service attribute or value already exists.

  Source=System.DirectoryServices.AccountManagement
  ErrorCode=-2147016691
  StackTrace:
       //Snip
  InnerException: System.DirectoryServices.DirectoryServicesCOMException
       HResult=-2147016691
       Message=The specified directory service attribute or value already exists.

       Source=System.DirectoryServices
       ErrorCode=-2147016691
       ExtendedError=8321
       ExtendedErrorMessage=00002081: AtrErr: DSID-030F154F, #1:
    0: 00002081: DSID-030F154F, problem 1006 (ATT_OR_VALUE_EXISTS), data 0, Att 82818fec (vwBlobData)

       StackTrace:
            //Snip
       InnerException: 

如果我使用方法2,我会从this.ExtensionSet来电的set.BlobData来电中获得例外。

System.ArgumentException was unhandled
  HResult=-2147024809
  Message=Collections whose elements are another collection cannot be set by ExtensionClasses.
  Source=System.DirectoryServices.AccountManagement
  StackTrace:
      //Snip
  InnerException: 


总结:我可以设置当前未设置的值,但如果我想覆盖现有值,则会收到错误。

1 个答案:

答案 0 :(得分:3)

我找到了一个解决办法,首先将值设置为null,不再抛出异常。

using (var update = ExamplePrincipal.FindByIdentity(context, "example"))
{
    update.BlobData = null;
    update.Save();
    update.BlobData = new byte[] { 0x12, 0x34, 0x56, 0x67 };
    update.Save(); //No longer fails with method 1.
}

如果有一个“正确”的方式,我会暂时搁置这个问题以确定是否有其他人可以回答。


找到第二个解决方案,不需要强制保存。

[DirectoryProperty("vwBlobData")]
public byte[] BlobData
{
    get
    {
        if (ExtensionGet("vwBlobData").Length != 1)
            return null;

        return (byte[])ExtensionGet("vwBlobData")[0];
    }
    set
    {
        ((DirectoryEntry)this.GetUnderlyingObject())
                             .Properties["vwBlobData"].Value = value;
    }
}

通过直接转换为基础对象,您可以直接设置值。我使用ILSpy检查并处理AccountManagement包装器处理底层对象,因此Dispose()调用不需要GetUnderlyingObject()


最佳解决方案

我发现第二个工作需要将对象保持工作,所以我采用了两种方法。当你还没有持久化对象,当对象为null,以及对象已经有值时,这种方法有效。

[DirectoryProperty("vwBlobData")]
public byte[] BlobData
{
    get
    {
        if (ExtensionGet("vwBlobData").Length != 1)
            return null;

        return (byte[])ExtensionGet("vwBlobData")[0];
    }
    set
    {
        if(ExtensionGet("vwBlobData").Length == 0)
            this.ExtensionSet("vwBlobData", data); 
        else
            ((DirectoryEntry)this.GetUnderlyingObject())
                                 .Properties["vwBlobData"].Value = data;
    }
}