I am writing a permissions system for my WPF application that needs to work with both Active Directory and local machine accounts; the system may or may not be connected to a network.

我正在为我的WPF应用程序编写权限系统,该系统需要同时使用Active Directory和本地计算机帐户;系统可能连接也可能不连接到网络。

The user can log into the application with either an AD login or a local machine login. The application stores data in an SQL Server Express data base and each row will have an "owner".

用户可以使用AD登录或本地计算机登录来登录应用程序。应用程序将数据存储在SQL Server Express数据库中,每行都有一个“所有者”。

The application will only show rows that are "owned" by the logged in user.

应用程序将仅显示登录用户“拥有”的行。

Per this question, the recommended data to store to identify a user is the LDAP objectGUID which I can retrieve with the code below and store in a uniqueidentifier column.

根据这个问题,要存储以识别用户的推荐数据是LDAP objectGUID,我可以使用下面的代码检索它并存储在uniqueidentifier列中。

using System.DirectoryServices.AccountManangement;
using System.Security.Principal;

public class ActiveDirectoryHelper
{
    public static Guid? GetObjectGuidFromIdentity(WindowsIdentity identity)
    {
      string domainName = identity.Name.Split('\\')[0];

      PrincipalContext pc = null;
      if (domainName == Environment.MachineName)
      {
        pc = new PrincipalContext(ContextType.Machine);
      }
      else
      {
        pc = new PrincipalContext(ContextType.Domain, domainName);
      }

      UserPrincipal user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, identity.Name);
      return user.Guid;

  }
}

However, UserPrincipal.Guid is null for ContextType.MachineName.

但是,对于ContextType.MachineName,UserPrincipal.Guid为null。

Is there a single piece of information that I can store that can refer to either an AD account or a local account ?

我可以存储一条可以引用AD帐户或本地帐户的信息吗?

Or do I need to add another column to specify the directory type (AD/SAM) and use another column to store a different identifier (SID) ?

或者我是否需要添加另一列来指定目录类型(AD / SAM)并使用另一列来存储不同的标识符(SID)?

1 个解决方案

#1

---