从SharePoint组中的Active Directory获取用户权限

时间:2012-03-30 15:16:02

标签: c# .net sharepoint sharepoint-2007 moss

我的任务是涉及以下方案的一些SharePoint工作。

在某些情况下,用户位于活动目录组中,其权限直接绑定到AD组,在某些情况下,AD组已分配给SharePoint组。

我的问题是,如果用户未直接分配到组/权限但实际上在Active Directory组中,我该如何检查SPUser的权限?我需要检查用户的权限级别。

例如:

用户:UserX 属于AD组“SHAREPOINT_POWER_USERS”,该组具有“Contribute”权限,属于SharePoint组“IT支持组”。

是否有一种方法以编程方式检索此信息,因为用户不存在于advaned权限或sharepoint组中?我可以通过执行以下操作来访问它:

//Pseudocode to access groups
SPUser user = SPContext.Current.Web.CurrentUser;
SPGroupCollection collection = user.Groups;

请告诉我这是如何运作的。

感谢。

3 个答案:

答案 0 :(得分:5)

易。使用SPUtility.GetPrincipalsInGroup

这里有一个很好的例子:Getting members of an AD domain group using Sharepoint API

答案 1 :(得分:0)

如果我有AD用户UserX,则添加到AD Group“TestADGroup” 现在,在sharepoint中,我有这个AD组到“TestSPGroup”

如果UserX已登录,则以下内容将返回true web.IsCurrentUserMemberOfGroup(web.Groups [ “TestSPGroup”] ID);

http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.iscurrentusermemberofgroup.aspx

答案 2 :(得分:0)

您可以直接反对AD本身,获取成员的组,如果其中一个组成员拥有该对象的权限,则授予权限(即显示对象等)。

尝试:http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C#39 

public ArrayList Groups(string userDn, bool recursive)
{
    ArrayList groupMemberships = new ArrayList();
    return AttributeValuesMultiString("memberOf", userDn,
        groupMemberships, recursive);
}

public string AttributeValuesSingleString
    (string attributeName, string objectDn)
{
    string strValue;
    DirectoryEntry ent = new DirectoryEntry(objectDn);
    strValue = ent.Properties[attributeName].Value.ToString();
    ent.Close();
    ent.Dispose();
    return strValue;
}

public string GetObjectDistinguishedName(objectClass objectCls,
    returnType returnValue, string objectName, string LdapDomain)
{
    string distinguishedName = string.Empty;
    string connectionPrefix = "LDAP://" + LdapDomain;
    DirectoryEntry entry = new DirectoryEntry(connectionPrefix);
    DirectorySearcher mySearcher = new DirectorySearcher(entry);

    switch (objectCls)
    {
        case objectClass.user:
            mySearcher.Filter = "(&(objectClass=user)
        (|(cn=" + objectName + ")(sAMAccountName=" + objectName + ")))";
            break;
        case objectClass.group:
            mySearcher.Filter = "(&(objectClass=group)
        (|(cn=" + objectName + ")(dn=" + objectName + ")))";
            break;
        case objectClass.computer:
            mySearcher.Filter = "(&(objectClass=computer)
            (|(cn=" + objectName + ")(dn=" + objectName + ")))";
            break;
    }
    SearchResult result = mySearcher.FindOne();

    if (result == null)
    {
        throw new NullReferenceException
        ("unable to locate the distinguishedName for the object " +
        objectName + " in the " + LdapDomain + " domain");
    }
    DirectoryEntry directoryObject = result.GetDirectoryEntry();
    if (returnValue.Equals(returnType.distinguishedName))
    {
        distinguishedName = "LDAP://" + directoryObject.Properties
            ["distinguishedName"].Value;
    }
    if (returnValue.Equals(returnType.ObjectGUID))
    {
        distinguishedName = directoryObject.Guid.ToString();
    }
    entry.Close();
    entry.Dispose();
    mySearcher.Dispose();
    return distinguishedName;
}
相关问题
最新问题