I am working on an C# and ASP.Net application, that uses Windows Authentication.
我正在研究c#和ASP。Net应用程序,使用Windows身份验证。
i.e. in Web.config:
在web . config中即:
<system.web>
<authentication mode="Windows" />
</system.web>
I want to get details for the current user (full name, email address, etc) from Active Directory.
我想从Active Directory中获取当前用户的详细信息(全名、电子邮件地址等)。
I can get their pre Windows 2000 user login name (eg: SOMEDOMAIN\someuser) by using
我可以使用他们的pre Windows 2000用户登录名(例如:SOMEDOMAIN\someuser)
string username = HttpContext.Current.Request.ServerVariables["AUTH_USER"];
I've worked out the LDAP query for the user, using their current login name (not their pre Windows 2000 user login name):
我使用用户当前的登录名(而不是他们的windows2000用户登录名)计算出了用户的LDAP查询:
DirectorySearcher adSearch = new DirectorySearcher(
"(userprincipalname=someuser@somedomain.com.au)");
SearchResult adSearchResult = adSearch.FindOne();
However, I don't know how to either search AD for the user using their pre W2K login name, or get their login name in the 'someuser@somedomain.com.au' format.
但是,我不知道如何使用他们的pre W2K登录名搜索用户的广告,或者以“someuser@somedomain.com.au”格式获取他们的登录名。
Any ideas?
什么好主意吗?
4 个解决方案
#1
49
The "pre Windows 2000" name i.e. DOMAIN\SomeBody, the Somebody portion is known as sAMAccountName.
“pre - Windows 2000”的名称,即域\某人,某人的部分称为sAMAccountName。
So try:
所以尝试:
using(DirectoryEntry de = new DirectoryEntry("LDAP://MyDomainController"))
{
using(DirectorySearcher adSearch = new DirectorySearcher(de))
{
adSearch.Filter = "(sAMAccountName=someuser)";
SearchResult adSearchResult = adSearch.FindOne();
}
}
someuser@somedomain.com.au is the UserPrincipalName, but it isn't a required field.
someuser@somedomain.com.au是UserPrincipalName,但它不是必需字段。
#2
42
Alan already gave you the right answer - use the sAMAccountName to filter your user.
Alan已经给出了正确的答案——使用sAMAccountName来过滤用户。
I would add a recommendation on your use of DirectorySearcher - if you only want one or two pieces of information, add them into the "PropertiesToLoad" collection of the DirectorySearcher.
我建议您使用DirectorySearcher——如果您只想要一两个信息片段,请将它们添加到DirectorySearcher的“PropertiesToLoad”集合中。
Instead of retrieving the whole big user object and then picking out one or two items, this will just return exactly those bits you need.
它不会检索整个大型用户对象,然后选择一到两个条目,而是返回您需要的那些位。
Sample:
示例:
adSearch.PropertiesToLoad.Add("sn"); // surname = last name
adSearch.PropertiesToLoad.Add("givenName"); // given (or first) name
adSearch.PropertiesToLoad.Add("mail"); // e-mail addresse
adSearch.PropertiesToLoad.Add("telephoneNumber"); // phone number
Those are just the usual AD/LDAP property names you need to specify.
这些只是通常需要指定的AD/LDAP属性名。
#3
11
Add reference to COM "Active DS Type Library"
添加对COM“活动DS类型库”的引用
Int32 nameTypeNT4 = (int) ActiveDs.ADS_NAME_TYPE_ENUM.ADS_NAME_TYPE_NT4;
Int32 nameTypeDN = (int) ActiveDs.ADS_NAME_TYPE_ENUM.ADS_NAME_TYPE_1779;
Int32 nameTypeUserPrincipalName = (int) ActiveDs.ADS_NAME_TYPE_ENUM.ADS_NAME_TYPE_USER_PRINCIPAL_NAME;
ActiveDs.NameTranslate nameTranslate = new ActiveDs.NameTranslate();
// Convert NT name DOMAIN\User into AD distinguished name
// "CN= User\\, Name,OU=IT,OU=All Users,DC=Company,DC=com"
nameTranslate.Set(nameTypeNT4, ntUser);
String distinguishedName = nameTranslate.Get(nameTypeDN);
Console.WriteLine(distinguishedName);
// Convert AD distinguished name "CN= User\\, Name,OU=IT,OU=All Users,DC=Company,DC=com"
// into NT name DOMAIN\User
ntUser = String.Empty;
nameTranslate.Set(nameTypeDN, distinguishedName);
ntUser = nameTranslate.Get(nameTypeNT4);
Console.WriteLine(ntUser);
// Convert NT name DOMAIN\User into AD UserPrincipalName Name.User@Company.com
nameTranslate.Set(nameTypeNT4, ntUser);
String userPrincipalName = nameTranslate.Get(nameTypeUserPrincipalName);
Console.WriteLine(userPrincipalName);
#4
4
If you're using .NET 3.5 SP1+ the better way to do this is to take a look at the
如果您正在使用。net 3.5 SP1+,最好的方法是查看一下
System.DirectoryServices.AccountManagement namespace.
It has methods to find people and you can pretty much pass in any username format you want and then returns back most of the basic information you would need. If you need help on loading the more complex objects and properties check out the source code for http://umanage.codeplex.com its got it all.
它有方法找到人,你可以用任何你想要的用户名格式,然后返回大部分你需要的基本信息。如果您需要帮助加载更复杂的对象和属性,请查看http://umanage.codeplex.com的源代码。
Brent
布兰特
#1
49
The "pre Windows 2000" name i.e. DOMAIN\SomeBody, the Somebody portion is known as sAMAccountName.
“pre - Windows 2000”的名称,即域\某人,某人的部分称为sAMAccountName。
So try:
所以尝试:
using(DirectoryEntry de = new DirectoryEntry("LDAP://MyDomainController"))
{
using(DirectorySearcher adSearch = new DirectorySearcher(de))
{
adSearch.Filter = "(sAMAccountName=someuser)";
SearchResult adSearchResult = adSearch.FindOne();
}
}
someuser@somedomain.com.au is the UserPrincipalName, but it isn't a required field.
someuser@somedomain.com.au是UserPrincipalName,但它不是必需字段。
#2
42
Alan already gave you the right answer - use the sAMAccountName to filter your user.
Alan已经给出了正确的答案——使用sAMAccountName来过滤用户。
I would add a recommendation on your use of DirectorySearcher - if you only want one or two pieces of information, add them into the "PropertiesToLoad" collection of the DirectorySearcher.
我建议您使用DirectorySearcher——如果您只想要一两个信息片段,请将它们添加到DirectorySearcher的“PropertiesToLoad”集合中。
Instead of retrieving the whole big user object and then picking out one or two items, this will just return exactly those bits you need.
它不会检索整个大型用户对象,然后选择一到两个条目,而是返回您需要的那些位。
Sample:
示例:
adSearch.PropertiesToLoad.Add("sn"); // surname = last name
adSearch.PropertiesToLoad.Add("givenName"); // given (or first) name
adSearch.PropertiesToLoad.Add("mail"); // e-mail addresse
adSearch.PropertiesToLoad.Add("telephoneNumber"); // phone number
Those are just the usual AD/LDAP property names you need to specify.
这些只是通常需要指定的AD/LDAP属性名。
#3
11
Add reference to COM "Active DS Type Library"
添加对COM“活动DS类型库”的引用
Int32 nameTypeNT4 = (int) ActiveDs.ADS_NAME_TYPE_ENUM.ADS_NAME_TYPE_NT4;
Int32 nameTypeDN = (int) ActiveDs.ADS_NAME_TYPE_ENUM.ADS_NAME_TYPE_1779;
Int32 nameTypeUserPrincipalName = (int) ActiveDs.ADS_NAME_TYPE_ENUM.ADS_NAME_TYPE_USER_PRINCIPAL_NAME;
ActiveDs.NameTranslate nameTranslate = new ActiveDs.NameTranslate();
// Convert NT name DOMAIN\User into AD distinguished name
// "CN= User\\, Name,OU=IT,OU=All Users,DC=Company,DC=com"
nameTranslate.Set(nameTypeNT4, ntUser);
String distinguishedName = nameTranslate.Get(nameTypeDN);
Console.WriteLine(distinguishedName);
// Convert AD distinguished name "CN= User\\, Name,OU=IT,OU=All Users,DC=Company,DC=com"
// into NT name DOMAIN\User
ntUser = String.Empty;
nameTranslate.Set(nameTypeDN, distinguishedName);
ntUser = nameTranslate.Get(nameTypeNT4);
Console.WriteLine(ntUser);
// Convert NT name DOMAIN\User into AD UserPrincipalName Name.User@Company.com
nameTranslate.Set(nameTypeNT4, ntUser);
String userPrincipalName = nameTranslate.Get(nameTypeUserPrincipalName);
Console.WriteLine(userPrincipalName);
#4
4
If you're using .NET 3.5 SP1+ the better way to do this is to take a look at the
如果您正在使用。net 3.5 SP1+,最好的方法是查看一下
System.DirectoryServices.AccountManagement namespace.
It has methods to find people and you can pretty much pass in any username format you want and then returns back most of the basic information you would need. If you need help on loading the more complex objects and properties check out the source code for http://umanage.codeplex.com its got it all.
它有方法找到人,你可以用任何你想要的用户名格式,然后返回大部分你需要的基本信息。如果您需要帮助加载更复杂的对象和属性,请查看http://umanage.codeplex.com的源代码。
Brent
布兰特