從Active Directory中擷取使用者資訊

從 Active Directory 中擷取使用者資訊

在使用者通過AD驗證後《基于Active Directory的使用者驗證》，下一步檢索使用者資訊并顯示。

1. 從 AD 中檢索使用者資訊

/// <summary>

/// This will return a DirectoryEntry object if the user does exist

/// </summary>

/// <param name="UserName"></param>

/// <returns></returns>

public static DirectoryEntry GetUser(string UserName)

{

      //create an instance of the DirectoryEntry

      DirectoryEntry de = GetDirectoryObject();

      //create instance of the direcory searcher

      DirectorySearcher deSearch = new DirectorySearcher();

      deSearch.SearchRoot =de;

      //set the search filter

      deSearch.Filter = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" + UserName + "))";

      deSearch.SearchScope = SearchScope.Subtree;

      //find the first instance

      SearchResult results= deSearch.FindOne();

      //if found then return, otherwise return Null

      if(results !=null)

      {

            de= new DirectoryEntry(results.Path,ADUser,ADPassword,AuthenticationTypes.Secure);

            //if so then return the DirectoryEntry object

            return de;

      }

      else

      {

            return null;

      }

}

建立DirectoryEntry對象執行個體，注意這裡的ADUser/ADPassword不是普通使用者帳戶，而是具有Account Operator或Administrator的權限。 ADPath可以為空，因為輕量目錄通路協定 (LDAP) 提供程式依靠 Windows定位器服務來查找用戶端的最佳域控制器 (DC)。但是，要利用無伺服器綁定功能，用戶端必須在 Active Directory 域控制器上具有帳戶，而且無伺服器綁定所使用的域控制器将始終位于預設域（與執行綁定的線程的目前安全上下文關聯的域）中。（From MSDN）

/// <summary>

/// This is an internal method for retreiving a new directoryentry object

/// </summary>

/// <returns></returns>

private static DirectoryEntry GetDirectoryObject()

{

      DirectoryEntry oDE;

      oDE = new DirectoryEntry(ADPath, ADUser, ADPassword, AuthenticationTypes.Secure);

      return oDE;

}

2. 示例－簡單顯示 AD 中帳戶屬性及屬性值

這裡簡單以string的形式輸出:

public string GetUserInfo(string UserName)

{

      DirectoryEntry objDirEnt= ADHelper.GetUser(UserName);

      StringBuilder sbUserInfo = new StringBuilder();

      sbUserInfo.Append("Name = " + objDirEnt.Name + Environment.NewLine);

      sbUserInfo.Append("Path = " + objDirEnt.Path + Environment.NewLine + Environment.NewLine);

      sbUserInfo.Append("SchemaClassName = " + objDirEnt.SchemaClassName + Environment.NewLine);

      sbUserInfo.Append("***" + Environment.NewLine);

      sbUserInfo.Append("Properties:" + Environment.NewLine);

      foreach(String Key in objDirEnt.Properties.PropertyNames)

      {

            sbUserInfo.AppendFormat("/t{0} = ", Key);

            sbUserInfo.Append("");

            foreach(Object objValue in objDirEnt.Properties[Key])

            {

                  sbUserInfo.AppendFormat("/t/t{0}" + Environment.NewLine, objValue);

           }

      }

      return sbUserInfo.ToString();

}

也可以直接通路需要的屬性：

string strFirstName = =GetProperty(userSearchResult,"givenName");

/// <summary>

/// This is an override that will allow a property to be extracted directly from

/// a searchresult object

/// </summary>

/// <param name="searchResult"></param>

/// <param name="PropertyName"></param>

/// <returns></returns>

public static string GetProperty(SearchResult searchResult, string PropertyName)

{

      if(searchResult.Properties.Contains(PropertyName))

      {

            return searchResult.Properties[PropertyName][0].ToString() ;

      }

      else

      {

            return string.Empty;

      }

}

具體使用者界面User Interface，請參考如下Reference 1.

References:

1. Rickie, 更新Active Directory/Exchange Address Book的小工具

2. Craig Aroa, ADHelper - An Active Directory Class, http://www.c-sharpcorner.com/Code/2002/Sept/ADClass.asp

3. Rickie, 基于Active Directory的使用者驗證