问题描述
我了解如何使用 User.Identity 和 User.IsInRole
I understand how to use User.Identity and User.IsInRole
有没有办法查看用户的所有角色?
Is there a way to see all of the roles a user is in?
我们有很多组,有些人在很多组中,但我不想写 User.IsInRole 20+ 次.
We have a lot of groups and some people are in a lot of groups, but I don't want to write a User.IsInRole 20+ times.
推荐答案
在 Active Directory 上下文中,您所指的角色实际上是用户所属的安全(或授权)组.
In an Active Directory context, the Roles you refer to are really the security (or authorization) groups a user is a member of.
因此,如果您使用 .NET 3.5 及更高版本,则应查看 System.DirectoryServices.AccountManagement (S.DS.AM) 命名空间.在此处阅读所有相关信息:
So if you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:
- 在 .NET Framework 3.5 中管理目录安全主体莉>
- 有关 System.DirectoryServices.AccountManagement 的 MSDN 文档
基本上,您可以定义域上下文并轻松找到 AD 中的用户和/或组:
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain)) { // find a user UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName"); if(user != null) { // get the authorization groups - those are the "roles" var groups = user.GetAuthorizationGroups(); foreach(Principal principal in groups) { // do something with the group (or role) in question } } }
新的 S.DS.AM 使在 AD 中与用户和组一起玩变得非常容易!
The new S.DS.AM makes it really easy to play around with users and groups in AD!