ADHelper 活动目录用户操作类
2007-04-01 11:39
323 查看
[align=left]using System;[/align]
[align=left]using System.DirectoryServices;[/align]
[align=left] [/align]
[align=left]namespace SystemFrameworks.Helper[/align]
[align=left]{[/align]
[align=left] ///[/align]
[align=left] ///活动目录辅助类。封装一系列活动目录操作相关的方法。[/align]
[align=left] ///[/align]
[align=left] public sealed class ADHelper[/align]
[align=left] {[/align]
[align=left] ///[/align]
[align=left] ///域名[/align]
[align=left] ///[/align]
[align=left] private static string DomainName = "MyDomain";[/align]
[align=left] ///[/align]
[align=left] /// LDAP 地址[/align]
[align=left] ///[/align]
[align=left] private static string LDAPDomain = "DC=MyDomain,DC=local";[/align]
[align=left] ///[/align]
[align=left] /// LDAP绑定路径[/align]
[align=left] ///[/align]
[align=left] private static string ADPath = "LDAP://brooks.mydomain.local";[/align]
[align=left] ///[/align]
[align=left] ///登录帐号[/align]
[align=left] ///[/align]
[align=left] private static string ADUser = "Administrator";[/align]
[align=left] ///[/align]
[align=left] ///登录密码[/align]
[align=left] ///[/align]
[align=left] private static string ADPassword = "password";[/align]
[align=left] ///[/align]
[align=left] ///扮演类实例[/align]
[align=left] ///[/align]
[align=left] private static IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName);[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///用户登录验证结果[/align]
[align=left] ///[/align]
[align=left] public enum LoginResult[/align]
[align=left] {[/align]
[align=left] ///[/align]
[align=left] ///正常登录[/align]
[align=left] ///[/align]
[align=left] LOGIN_USER_OK = 0,[/align]
[align=left] ///[/align]
[align=left] ///用户不存在[/align]
[align=left] ///[/align]
[align=left] LOGIN_USER_DOESNT_EXIST,[/align]
[align=left] ///[/align]
[align=left] ///用户帐号被禁用[/align]
[align=left] ///[/align]
[align=left] LOGIN_USER_ACCOUNT_INACTIVE,[/align]
[align=left] ///[/align]
[align=left] ///用户密码不正确[/align]
[align=left] ///[/align]
[align=left] LOGIN_USER_PASSWORD_INCORRECT[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///用户属性定义标志[/align]
[align=left] ///[/align]
[align=left] public enum ADS_USER_FLAG_ENUM[/align]
[align=left] {[/align]
[align=left] ///[/align]
[align=left] ///登录脚本标志。如果通过 ADSI LDAP 进行读或写操作时,该标志失效。如果通过 ADSI WINNT,该标志为只读。[/align]
[align=left] ///[/align]
[align=left] ADS_UF_SCRIPT = 0X0001,[/align]
[align=left] ///[/align]
[align=left] ///用户帐号禁用标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_ACCOUNTDISABLE = 0X0002,[/align]
[align=left] ///[/align]
[align=left] ///主文件夹标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_HOMEDIR_REQUIRED = 0X0008,[/align]
[align=left] ///[/align]
[align=left] ///过期标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_LOCKOUT = 0X0010,[/align]
[align=left] ///[/align]
[align=left] ///用户密码不是必须的[/align]
[align=left] ///[/align]
[align=left] ADS_UF_PASSWD_NOTREQD = 0X0020,[/align]
[align=left] ///[/align]
[align=left] ///密码不能更改标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_PASSWD_CANT_CHANGE = 0X0040,[/align]
[align=left] ///[/align]
[align=left] ///使用可逆的加密保存密码[/align]
[align=left] ///[/align]
[align=left] ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,[/align]
[align=left] ///[/align]
[align=left] ///本地帐号标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100,[/align]
[align=left] ///[/align]
[align=left] ///普通用户的默认帐号类型[/align]
[align=left] ///[/align]
[align=left] ADS_UF_NORMAL_ACCOUNT = 0X0200,[/align]
[align=left] ///[/align]
[align=left] ///跨域的信任帐号标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800,[/align]
[align=left] ///[/align]
[align=left] ///工作站信任帐号标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x1000,[/align]
[align=left] ///[/align]
[align=left] ///服务器信任帐号标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000,[/align]
[align=left] ///[/align]
[align=left] ///密码永不过期标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_DONT_EXPIRE_PASSWD = 0X10000,[/align]
[align=left] ///[/align]
[align=left] /// MNS 帐号标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_MNS_LOGON_ACCOUNT = 0X20000,[/align]
[align=left] ///[/align]
[align=left] ///交互式登录必须使用智能卡[/align]
[align=left] ///[/align]
[align=left] ADS_UF_SMARTCARD_REQUIRED = 0X40000,[/align]
[align=left] ///[/align]
[align=left] ///当设置该标志时,服务帐号(用户或计算机帐号)将通过 Kerberos 委托信任[/align]
[align=left] ///[/align]
[align=left] ADS_UF_TRUSTED_FOR_DELEGATION = 0X80000,[/align]
[align=left] ///[/align]
[align=left] ///当设置该标志时,即使服务帐号是通过 Kerberos 委托信任的,敏感帐号不能被委托[/align]
[align=left] ///[/align]
[align=left] ADS_UF_NOT_DELEGATED = 0X100000,[/align]
[align=left] ///[/align]
[align=left] ///此帐号需要 DES 加密类型[/align]
[align=left] ///[/align]
[align=left] ADS_UF_USE_DES_KEY_ONLY = 0X200000,[/align]
[align=left] ///[/align]
[align=left] ///不要进行 Kerberos 预身份验证[/align]
[align=left] ///[/align]
[align=left] ADS_UF_DONT_REQUIRE_PREAUTH = 0X4000000,[/align]
[align=left] ///[/align]
[align=left] ///用户密码过期标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_PASSWORD_EXPIRED = 0X800000,[/align]
[align=left] ///[/align]
[align=left] ///用户帐号可委托标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0X1000000[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] public ADHelper()[/align]
[align=left] {[/align]
[align=left] //[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] #region GetDirectoryObject[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///获得DirectoryEntry对象实例,以管理员登陆AD[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] private static DirectoryEntry GetDirectoryObject()[/align]
[align=left] {[/align]
[align=left] DirectoryEntry entry = new DirectoryEntry(ADPath, ADUser, ADPassword, AuthenticationTypes.Secure);[/align]
[align=left] return entry;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///根据指定用户名和密码获得相应DirectoryEntry实体[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] private static DirectoryEntry GetDirectoryObject(string userName, string password)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry entry = new DirectoryEntry(ADPath, userName, password, AuthenticationTypes.None);[/align]
[align=left] return entry;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] /// i.e. /CN=Users,DC=creditsights, DC=cyberelves, DC=Com[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] private static DirectoryEntry GetDirectoryObject(string domainReference)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry entry = new DirectoryEntry(ADPath + domainReference, ADUser, ADPassword, AuthenticationTypes.Secure);[/align]
[align=left] return entry;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///获得以UserName,Password创建的DirectoryEntry[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] private static DirectoryEntry GetDirectoryObject(string domainReference, string userName, string password)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry entry = new DirectoryEntry(ADPath + domainReference, userName, password, AuthenticationTypes.Secure);[/align]
[align=left] return entry;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] #endregion[/align]
[align=left] [/align]
[align=left] #region GetDirectoryEntry[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///根据用户公共名称取得用户的 对象[/align]
[align=left] ///[/align]
///
用户公共名称
[align=left] ///如果找到该用户,则返回用户的 对象;否则返回 null[/align]
[align=left] public static DirectoryEntry GetDirectoryEntry(string commonName)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryObject();[/align]
[align=left] DirectorySearcher deSearch = new DirectorySearcher(de);[/align]
[align=left] deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";[/align]
[align=left] deSearch.SearchScope = SearchScope.Subtree;[/align]
[align=left] [/align]
[align=left] try[/align]
[align=left] {[/align]
[align=left] SearchResult result = deSearch.FindOne();[/align]
[align=left] de = new DirectoryEntry(result.Path);[/align]
[align=left] return de;[/align]
[align=left] }[/align]
[align=left] catch[/align]
[align=left] {[/align]
[align=left] return null;[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///根据用户公共名称和密码取得用户的 对象。[/align]
[align=left] ///[/align]
///
用户公共名称
///
用户密码
[align=left] ///如果找到该用户,则返回用户的 对象;否则返回 null[/align]
[align=left] public static DirectoryEntry GetDirectoryEntry(string commonName, string password)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryObject(commonName, password);[/align]
[align=left] DirectorySearcher deSearch = new DirectorySearcher(de);[/align]
[align=left] deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";[/align]
[align=left] deSearch.SearchScope = SearchScope.Subtree;[/align]
[align=left] [/align]
[align=left] try[/align]
[align=left] {[/align]
[align=left] SearchResult result = deSearch.FindOne();[/align]
[align=left] de = new DirectoryEntry(result.Path);[/align]
[align=left] return de;[/align]
[align=left] }[/align]
[align=left] catch[/align]
[align=left] {[/align]
[align=left] return null;[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///根据用户帐号称取得用户的 对象[/align]
[align=left] ///[/align]
///
用户帐号名
[align=left] ///如果找到该用户,则返回用户的 对象;否则返回 null[/align]
[align=left] public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryObject();[/align]
[align=left] DirectorySearcher deSearch = new DirectorySearcher(de);[/align]
[align=left] deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";[/align]
[align=left] deSearch.SearchScope = SearchScope.Subtree;[/align]
[align=left] [/align]
[align=left] try[/align]
[align=left] {[/align]
[align=left] SearchResult result = deSearch.FindOne();[/align]
[align=left] de = new DirectoryEntry(result.Path);[/align]
[align=left] return de;[/align]
[align=left] }[/align]
[align=left] catch[/align]
[align=left] {[/align]
[align=left] return null;[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///根据用户帐号和密码取得用户的 对象[/align]
[align=left] ///[/align]
///
用户帐号名
///
用户密码
[align=left] ///如果找到该用户,则返回用户的 对象;否则返回 null[/align]
[align=left] public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName, string password)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);[/align]
[align=left] if (de != null)[/align]
[align=left] {[/align]
[align=left] string commonName = de.Properties["cn"][0].ToString();[/align]
[align=left] [/align]
[align=left] if (GetDirectoryEntry(commonName, password) != null)[/align]
[align=left] return GetDirectoryEntry(commonName, password);[/align]
[align=left] else[/align]
[align=left] return null;[/align]
[align=left] }[/align]
[align=left] else[/align]
[align=left] {[/align]
[align=left] return null;[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///根据组名取得用户组的 对象[/align]
[align=left] ///[/align]
///
组名
[align=left] ///[/align]
[align=left] public static DirectoryEntry GetDirectoryEntryOfGroup(string groupName)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryObject();[/align]
[align=left] DirectorySearcher deSearch = new DirectorySearcher(de);[/align]
[align=left] deSearch.Filter = "(&(objectClass=group)(cn=" + groupName + "))";[/align]
[align=left] deSearch.SearchScope = SearchScope.Subtree;[/align]
[align=left] [/align]
[align=left] try[/align]
[align=left] {[/align]
[align=left] SearchResult result = deSearch.FindOne();[/align]
[align=left] de = new DirectoryEntry(result.Path);[/align]
[align=left] return de;[/align]
[align=left] }[/align]
[align=left] catch[/align]
[align=left] {[/align]
[align=left] return null;[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] #endregion[/align]
[align=left] [/align]
[align=left] #region GetProperty[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///获得指定 指定属性名对应的值[/align]
[align=left] ///[/align]
///
///
属性名称
[align=left] ///属性值[/align]
[align=left] public static string GetProperty(DirectoryEntry de, string propertyName)[/align]
[align=left] {[/align]
[align=left] if(de.Properties.Contains(propertyName))[/align]
[align=left] {[/align]
[align=left] return de.Properties[propertyName][0].ToString() ;[/align]
[align=left] }[/align]
[align=left] else[/align]
[align=left] {[/align]
[align=left] return string.Empty;[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///获得指定搜索结果 中指定属性名对应的值[/align]
[align=left] ///[/align]
///
///
属性名称
[align=left] ///属性值[/align]
[align=left] public static string GetProperty(SearchResult searchResult, string propertyName)[/align]
[align=left] {[/align]
[align=left] if(searchResult.Properties.Contains(propertyName))[/align]
[align=left] {[/align]
[align=left] return searchResult.Properties[propertyName][0].ToString() ;[/align]
[align=left] }[/align]
[align=left] else[/align]
[align=left] {[/align]
[align=left] return string.Empty;[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] #endregion[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///设置指定 的属性值[/align]
[align=left] ///[/align]
///
///
属性名称
///
属性值
[align=left] public static void SetProperty(DirectoryEntry de, string propertyName, string propertyValue)[/align]
[align=left] {[/align]
[align=left] if(propertyValue != string.Empty || propertyValue != "" || propertyValue != null)[/align]
[align=left] {[/align]
[align=left] if(de.Properties.Contains(propertyName))[/align]
[align=left] {[/align]
[align=left] de.Properties[propertyName][0] = propertyValue; [/align]
[align=left] }[/align]
[align=left] else[/align]
[align=left] {[/align]
[align=left] de.Properties[propertyName].Add(propertyValue);[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///创建新的用户[/align]
[align=left] ///[/align]
///
DN 位置。例如:OU=共享平台 或 CN=Users
///
公共名称
///
帐号
///
密码
[align=left] ///[/align]
[align=left] public static DirectoryEntry CreateNewUser(string ldapDN, string commonName, string sAMAccountName, string password)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry entry = GetDirectoryObject();[/align]
[align=left] DirectoryEntry subEntry = entry.Children.Find(ldapDN);[/align]
[align=left] DirectoryEntry deUser = subEntry.Children.Add("CN=" + commonName, "user");[/align]
[align=left] deUser.Properties["sAMAccountName"].Value = sAMAccountName;[/align]
[align=left] deUser.CommitChanges();[/align]
[align=left] ADHelper.EnableUser(commonName);[/align]
[align=left] ADHelper.SetPassword(commonName, password);[/align]
[align=left] deUser.Close();[/align]
[align=left] return deUser;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///创建新的用户。默认创建在 Users 单元下。[/align]
[align=left] ///[/align]
///
公共名称
///
帐号
///
密码
[align=left] ///[/align]
[align=left] public static DirectoryEntry CreateNewUser(string commonName, string sAMAccountName, string password)[/align]
[align=left] {[/align]
[align=left] return CreateNewUser("CN=Users", commonName, sAMAccountName, password);[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///判断指定公共名称的用户是否存在[/align]
[align=left] ///[/align]
///
用户公共名称
[align=left] ///如果存在,返回 true;否则返回 false[/align]
[align=left] public static bool IsUserExists(string commonName)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryObject();[/align]
[align=left] DirectorySearcher deSearch = new DirectorySearcher(de);[/align]
[align=left] deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))"; // LDAP 查询串[/align]
[align=left] SearchResultCollection results = deSearch.FindAll();[/align]
[align=left] [/align]
[align=left] if (results.Count == 0)[/align]
[align=left] return false;[/align]
[align=left] else[/align]
[align=left] return true;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///判断用户帐号是否激活[/align]
[align=left] ///[/align]
///
用户帐号属性控制器
[align=left] ///如果用户帐号已经激活,返回 true;否则返回 false[/align]
[align=left] public static bool IsAccountActive(int userAccountControl)[/align]
[align=left] {[/align]
[align=left] int userAccountControl_Disabled = Convert.ToInt32(ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE);[/align]
[align=left] int flagExists = userAccountControl & userAccountControl_Disabled;[/align]
[align=left] [/align]
[align=left] if (flagExists > 0)[/align]
[align=left] return false;[/align]
[align=left] else[/align]
[align=left] return true;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///判断用户与密码是否足够以满足身份验证进而登录[/align]
[align=left] ///[/align]
///
用户公共名称
///
密码
[align=left] ///如能可正常登录,则返回 true;否则返回 false[/align]
[align=left] public static LoginResult Login(string commonName, string password)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryEntry(commonName);[/align]
[align=left] [/align]
[align=left] if (de != null)[/align]
[align=left] {[/align]
[align=left] // 必须在判断用户密码正确前,对帐号激活属性进行判断;否则将出现异常。[/align]
[align=left] int userAccountControl = Convert.ToInt32(de.Properties["userAccountControl"][0]);[/align]
[align=left] de.Close();[/align]
[align=left] [/align]
[align=left] if (!IsAccountActive(userAccountControl))[/align]
[align=left] return LoginResult.LOGIN_USER_ACCOUNT_INACTIVE;[/align]
[align=left] [/align]
[align=left] if (GetDirectoryEntry(commonName, password) != null)[/align]
[align=left] return LoginResult.LOGIN_USER_OK;[/align]
[align=left] else[/align]
[align=left] return LoginResult.LOGIN_USER_PASSWORD_INCORRECT;[/align]
[align=left] }[/align]
[align=left] else[/align]
[align=left] {[/align]
[align=left] return LoginResult.LOGIN_USER_DOESNT_EXIST; [/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///判断用户帐号与密码是否足够以满足身份验证进而登录[/align]
[align=left] ///[/align]
///
用户帐号
///
密码
[align=left] ///如能可正常登录,则返回 true;否则返回 false[/align]
[align=left] public static LoginResult LoginByAccount(string sAMAccountName, string password)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);[/align]
[align=left] [/align]
[align=left] if (de != null)[/align]
[align=left] {[/align]
[align=left] // 必须在判断用户密码正确前,对帐号激活属性进行判断;否则将出现异常。[/align]
[align=left] int userAccountControl = Convert.ToInt32(de.Properties["userAccountControl"][0]);[/align]
[align=left] de.Close();[/align]
[align=left] [/align]
[align=left] if (!IsAccountActive(userAccountControl))[/align]
[align=left] return LoginResult.LOGIN_USER_ACCOUNT_INACTIVE;[/align]
[align=left] [/align]
[align=left] if (GetDirectoryEntryByAccount(sAMAccountName, password) != null)[/align]
[align=left] return LoginResult.LOGIN_USER_OK;[/align]
[align=left] else[/align]
[align=left] return LoginResult.LOGIN_USER_PASSWORD_INCORRECT;[/align]
[align=left] }[/align]
[align=left] else[/align]
[align=left] {[/align]
[align=left] return LoginResult.LOGIN_USER_DOESNT_EXIST; [/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///设置用户密码,管理员可以通过它来修改指定用户的密码。[/align]
[align=left] ///[/align]
///
用户公共名称
///
用户新密码
[align=left] public static void SetPassword(string commonName, string newPassword)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryEntry(commonName);[/align]
[align=left] [/align]
[align=left] // 模拟超级管理员,以达到有权限修改用户密码[/align]
[align=left] impersonate.BeginImpersonate();[/align]
[align=left] de.Invoke("SetPassword", new object[]{newPassword});[/align]
[align=left] impersonate.StopImpersonate();[/align]
[align=left] [/align]
[align=left] de.Close();[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///设置帐号密码,管理员可以通过它来修改指定帐号的密码。[/align]
[align=left] ///[/align]
///
用户帐号
///
用户新密码
[align=left] public static void SetPasswordByAccount(string sAMAccountName, string newPassword)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);[/align]
[align=left] [/align]
[align=left] // 模拟超级管理员,以达到有权限修改用户密码[/align]
[align=left] IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName);[/align]
[align=left] impersonate.BeginImpersonate();[/align]
[align=left] de.Invoke("SetPassword", new object[]{newPassword});[/align]
[align=left] impersonate.StopImpersonate();[/align]
[align=left] [/align]
[align=left] de.Close();[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///修改用户密码[/align]
[align=left] ///[/align]
///
用户公共名称
///
旧密码
///
新密码
[align=left] public static void ChangeUserPassword (string commonName, string oldPassword, string newPassword)[/align]
[align=left] {[/align]
[align=left] // to-do: 需要解决密码策略问题[/align]
[align=left] DirectoryEntry oUser = GetDirectoryEntry(commonName);[/align]
[align=left] oUser.Invoke("ChangePassword", new Object[]{oldPassword, newPassword});[/align]
[align=left] oUser.Close();[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///启用指定公共名称的用户[/align]
[align=left] ///[/align]
///
用户公共名称
[align=left] public static void EnableUser(string commonName)[/align]
[align=left] {[/align]
[align=left] EnableUser(GetDirectoryEntry(commonName));[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///启用指定 的用户[/align]
[align=left] ///[/align]
///
[align=left] public static void EnableUser(DirectoryEntry de)[/align]
[align=left] {[/align]
[align=left] impersonate.BeginImpersonate();[/align]
[align=left] de.Properties["userAccountControl"][0] = ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD;[/align]
[align=left] de.CommitChanges();[/align]
[align=left] impersonate.StopImpersonate();[/align]
[align=left] de.Close();[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///禁用指定公共名称的用户[/align]
[align=left] ///[/align]
///
用户公共名称
[align=left] public static void DisableUser(string commonName)[/align]
[align=left] {[/align]
[align=left] DisableUser(GetDirectoryEntry(commonName));[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///禁用指定 的用户[/align]
[align=left] ///[/align]
///
[align=left] public static void DisableUser(DirectoryEntry de)[/align]
[align=left] {[/align]
[align=left] impersonate.BeginImpersonate();[/align]
[align=left] de.Properties["userAccountControl"][0]=ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE;[/align]
[align=left] de.CommitChanges();[/align]
[align=left] impersonate.StopImpersonate();[/align]
[align=left] de.Close();[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///将指定的用户添加到指定的组中。默认为 Users 下的组和用户。[/align]
[align=left] ///[/align]
///
用户公共名称
///
组名
[align=left] public static void AddUserToGroup(string userCommonName, string groupName)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);[/align]
[align=left] DirectoryEntry oUser = GetDirectoryEntry(userCommonName);[/align]
[align=left] [/align]
[align=left] impersonate.BeginImpersonate();[/align]
[align=left] oGroup.Properties["member"].Add(oUser.Properties["distinguishedName"].Value);[/align]
[align=left] oGroup.CommitChanges();[/align]
[align=left] impersonate.StopImpersonate();[/align]
[align=left] [/align]
[align=left] oGroup.Close();[/align]
[align=left] oUser.Close();[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///将用户从指定组中移除。默认为 Users 下的组和用户。[/align]
[align=left] ///[/align]
///
用户公共名称
///
组名
[align=left] public static void RemoveUserFromGroup(string userCommonName, string groupName)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);[/align]
[align=left] DirectoryEntry oUser = GetDirectoryEntry(userCommonName);[/align]
[align=left] [/align]
[align=left] impersonate.BeginImpersonate();[/align]
[align=left] oGroup.Properties["member"].Remove(oUser.Properties["distinguishedName"].Value);[/align]
[align=left] oGroup.CommitChanges();[/align]
[align=left] impersonate.StopImpersonate();[/align]
[align=left] [/align]
[align=left] oGroup.Close();[/align]
[align=left] oUser.Close();[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///用户模拟角色类。实现在程序段内进行用户角色模拟。[/align]
[align=left] ///[/align]
[align=left] public class IdentityImpersonation[/align]
[align=left] {[/align]
[align=left] [DllImport("advapi32.dll", SetLastError=true)][/align]
[align=left] public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);[/align]
[align=left] [/align]
[align=left] [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)][/align]
[align=left] public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);[/align]
[align=left] [/align]
[align=left] [DllImport("kernel32.dll", CharSet=CharSet.Auto)][/align]
[align=left] public extern static bool CloseHandle(IntPtr handle);[/align]
[align=left] [/align]
[align=left] // 要模拟的用户的用户名、密码、域(机器名)[/align]
[align=left] private String _sImperUsername;[/align]
[align=left] private String _sImperPassword;[/align]
[align=left] private String _sImperDomain;[/align]
[align=left] // 记录模拟上下文[/align]
[align=left] private WindowsImpersonationContext _imperContext;[/align]
[align=left] private IntPtr _adminToken;[/align]
[align=left] private IntPtr _dupeToken;[/align]
[align=left] // 是否已停止模拟[/align]
[align=left] private Boolean _bClosed;[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///构造函数[/align]
[align=left] ///[/align]
///
所要模拟的用户的用户名
///
所要模拟的用户的密码
///
所要模拟的用户所在的域
[align=left] public IdentityImpersonation(String impersonationUsername, String impersonationPassword, String impersonationDomain) [/align]
[align=left] {[/align]
[align=left] _sImperUsername = impersonationUsername;[/align]
[align=left] _sImperPassword = impersonationPassword;[/align]
[align=left] _sImperDomain = impersonationDomain;[/align]
[align=left] [/align]
[align=left] _adminToken = IntPtr.Zero;[/align]
[align=left] _dupeToken = IntPtr.Zero;[/align]
[align=left] _bClosed = true;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///析构函数[/align]
[align=left] ///[/align]
[align=left] ~IdentityImpersonation() [/align]
[align=left] {[/align]
[align=left] if(!_bClosed) [/align]
[align=left] {[/align]
[align=left] StopImpersonate();[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///开始身份角色模拟。[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] public Boolean BeginImpersonate() [/align]
[align=left] {[/align]
[align=left] Boolean bLogined = LogonUser(_sImperUsername, _sImperDomain, _sImperPassword, 2, 0, ref _adminToken);[/align]
[align=left] [/align]
[align=left] if(!bLogined) [/align]
[align=left] {[/align]
[align=left] return false;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] Boolean bDuped = DuplicateToken(_adminToken, 2, ref _dupeToken);[/align]
[align=left] [/align]
[align=left] if(!bDuped) [/align]
[align=left] {[/align]
[align=left] return false;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] WindowsIdentity fakeId = new WindowsIdentity(_dupeToken);[/align]
[align=left] _imperContext = fakeId.Impersonate();[/align]
[align=left] [/align]
[align=left] _bClosed = false;[/align]
[align=left] [/align]
[align=left] return true;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///停止身分角色模拟。[/align]
[align=left] ///[/align]
[align=left] public void StopImpersonate() [/align]
[align=left] {[/align]
[align=left] _imperContext.Undo();[/align]
[align=left] CloseHandle(_dupeToken);[/align]
[align=left] CloseHandle(_adminToken);[/align]
[align=left] _bClosed = true;[/align]
[align=left] }[/align]
}
[align=left][/align]
[align=left]}[/align]
[align=left]using System.DirectoryServices;[/align]
[align=left] [/align]
[align=left]namespace SystemFrameworks.Helper[/align]
[align=left]{[/align]
[align=left] ///[/align]
[align=left] ///活动目录辅助类。封装一系列活动目录操作相关的方法。[/align]
[align=left] ///[/align]
[align=left] public sealed class ADHelper[/align]
[align=left] {[/align]
[align=left] ///[/align]
[align=left] ///域名[/align]
[align=left] ///[/align]
[align=left] private static string DomainName = "MyDomain";[/align]
[align=left] ///[/align]
[align=left] /// LDAP 地址[/align]
[align=left] ///[/align]
[align=left] private static string LDAPDomain = "DC=MyDomain,DC=local";[/align]
[align=left] ///[/align]
[align=left] /// LDAP绑定路径[/align]
[align=left] ///[/align]
[align=left] private static string ADPath = "LDAP://brooks.mydomain.local";[/align]
[align=left] ///[/align]
[align=left] ///登录帐号[/align]
[align=left] ///[/align]
[align=left] private static string ADUser = "Administrator";[/align]
[align=left] ///[/align]
[align=left] ///登录密码[/align]
[align=left] ///[/align]
[align=left] private static string ADPassword = "password";[/align]
[align=left] ///[/align]
[align=left] ///扮演类实例[/align]
[align=left] ///[/align]
[align=left] private static IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName);[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///用户登录验证结果[/align]
[align=left] ///[/align]
[align=left] public enum LoginResult[/align]
[align=left] {[/align]
[align=left] ///[/align]
[align=left] ///正常登录[/align]
[align=left] ///[/align]
[align=left] LOGIN_USER_OK = 0,[/align]
[align=left] ///[/align]
[align=left] ///用户不存在[/align]
[align=left] ///[/align]
[align=left] LOGIN_USER_DOESNT_EXIST,[/align]
[align=left] ///[/align]
[align=left] ///用户帐号被禁用[/align]
[align=left] ///[/align]
[align=left] LOGIN_USER_ACCOUNT_INACTIVE,[/align]
[align=left] ///[/align]
[align=left] ///用户密码不正确[/align]
[align=left] ///[/align]
[align=left] LOGIN_USER_PASSWORD_INCORRECT[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///用户属性定义标志[/align]
[align=left] ///[/align]
[align=left] public enum ADS_USER_FLAG_ENUM[/align]
[align=left] {[/align]
[align=left] ///[/align]
[align=left] ///登录脚本标志。如果通过 ADSI LDAP 进行读或写操作时,该标志失效。如果通过 ADSI WINNT,该标志为只读。[/align]
[align=left] ///[/align]
[align=left] ADS_UF_SCRIPT = 0X0001,[/align]
[align=left] ///[/align]
[align=left] ///用户帐号禁用标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_ACCOUNTDISABLE = 0X0002,[/align]
[align=left] ///[/align]
[align=left] ///主文件夹标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_HOMEDIR_REQUIRED = 0X0008,[/align]
[align=left] ///[/align]
[align=left] ///过期标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_LOCKOUT = 0X0010,[/align]
[align=left] ///[/align]
[align=left] ///用户密码不是必须的[/align]
[align=left] ///[/align]
[align=left] ADS_UF_PASSWD_NOTREQD = 0X0020,[/align]
[align=left] ///[/align]
[align=left] ///密码不能更改标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_PASSWD_CANT_CHANGE = 0X0040,[/align]
[align=left] ///[/align]
[align=left] ///使用可逆的加密保存密码[/align]
[align=left] ///[/align]
[align=left] ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,[/align]
[align=left] ///[/align]
[align=left] ///本地帐号标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100,[/align]
[align=left] ///[/align]
[align=left] ///普通用户的默认帐号类型[/align]
[align=left] ///[/align]
[align=left] ADS_UF_NORMAL_ACCOUNT = 0X0200,[/align]
[align=left] ///[/align]
[align=left] ///跨域的信任帐号标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800,[/align]
[align=left] ///[/align]
[align=left] ///工作站信任帐号标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x1000,[/align]
[align=left] ///[/align]
[align=left] ///服务器信任帐号标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000,[/align]
[align=left] ///[/align]
[align=left] ///密码永不过期标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_DONT_EXPIRE_PASSWD = 0X10000,[/align]
[align=left] ///[/align]
[align=left] /// MNS 帐号标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_MNS_LOGON_ACCOUNT = 0X20000,[/align]
[align=left] ///[/align]
[align=left] ///交互式登录必须使用智能卡[/align]
[align=left] ///[/align]
[align=left] ADS_UF_SMARTCARD_REQUIRED = 0X40000,[/align]
[align=left] ///[/align]
[align=left] ///当设置该标志时,服务帐号(用户或计算机帐号)将通过 Kerberos 委托信任[/align]
[align=left] ///[/align]
[align=left] ADS_UF_TRUSTED_FOR_DELEGATION = 0X80000,[/align]
[align=left] ///[/align]
[align=left] ///当设置该标志时,即使服务帐号是通过 Kerberos 委托信任的,敏感帐号不能被委托[/align]
[align=left] ///[/align]
[align=left] ADS_UF_NOT_DELEGATED = 0X100000,[/align]
[align=left] ///[/align]
[align=left] ///此帐号需要 DES 加密类型[/align]
[align=left] ///[/align]
[align=left] ADS_UF_USE_DES_KEY_ONLY = 0X200000,[/align]
[align=left] ///[/align]
[align=left] ///不要进行 Kerberos 预身份验证[/align]
[align=left] ///[/align]
[align=left] ADS_UF_DONT_REQUIRE_PREAUTH = 0X4000000,[/align]
[align=left] ///[/align]
[align=left] ///用户密码过期标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_PASSWORD_EXPIRED = 0X800000,[/align]
[align=left] ///[/align]
[align=left] ///用户帐号可委托标志[/align]
[align=left] ///[/align]
[align=left] ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0X1000000[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] public ADHelper()[/align]
[align=left] {[/align]
[align=left] //[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] #region GetDirectoryObject[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///获得DirectoryEntry对象实例,以管理员登陆AD[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] private static DirectoryEntry GetDirectoryObject()[/align]
[align=left] {[/align]
[align=left] DirectoryEntry entry = new DirectoryEntry(ADPath, ADUser, ADPassword, AuthenticationTypes.Secure);[/align]
[align=left] return entry;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///根据指定用户名和密码获得相应DirectoryEntry实体[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] private static DirectoryEntry GetDirectoryObject(string userName, string password)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry entry = new DirectoryEntry(ADPath, userName, password, AuthenticationTypes.None);[/align]
[align=left] return entry;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] /// i.e. /CN=Users,DC=creditsights, DC=cyberelves, DC=Com[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] private static DirectoryEntry GetDirectoryObject(string domainReference)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry entry = new DirectoryEntry(ADPath + domainReference, ADUser, ADPassword, AuthenticationTypes.Secure);[/align]
[align=left] return entry;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///获得以UserName,Password创建的DirectoryEntry[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] private static DirectoryEntry GetDirectoryObject(string domainReference, string userName, string password)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry entry = new DirectoryEntry(ADPath + domainReference, userName, password, AuthenticationTypes.Secure);[/align]
[align=left] return entry;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] #endregion[/align]
[align=left] [/align]
[align=left] #region GetDirectoryEntry[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///根据用户公共名称取得用户的 对象[/align]
[align=left] ///[/align]
///
用户公共名称
[align=left] ///如果找到该用户,则返回用户的 对象;否则返回 null[/align]
[align=left] public static DirectoryEntry GetDirectoryEntry(string commonName)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryObject();[/align]
[align=left] DirectorySearcher deSearch = new DirectorySearcher(de);[/align]
[align=left] deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";[/align]
[align=left] deSearch.SearchScope = SearchScope.Subtree;[/align]
[align=left] [/align]
[align=left] try[/align]
[align=left] {[/align]
[align=left] SearchResult result = deSearch.FindOne();[/align]
[align=left] de = new DirectoryEntry(result.Path);[/align]
[align=left] return de;[/align]
[align=left] }[/align]
[align=left] catch[/align]
[align=left] {[/align]
[align=left] return null;[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///根据用户公共名称和密码取得用户的 对象。[/align]
[align=left] ///[/align]
///
用户公共名称
///
用户密码
[align=left] ///如果找到该用户,则返回用户的 对象;否则返回 null[/align]
[align=left] public static DirectoryEntry GetDirectoryEntry(string commonName, string password)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryObject(commonName, password);[/align]
[align=left] DirectorySearcher deSearch = new DirectorySearcher(de);[/align]
[align=left] deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";[/align]
[align=left] deSearch.SearchScope = SearchScope.Subtree;[/align]
[align=left] [/align]
[align=left] try[/align]
[align=left] {[/align]
[align=left] SearchResult result = deSearch.FindOne();[/align]
[align=left] de = new DirectoryEntry(result.Path);[/align]
[align=left] return de;[/align]
[align=left] }[/align]
[align=left] catch[/align]
[align=left] {[/align]
[align=left] return null;[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///根据用户帐号称取得用户的 对象[/align]
[align=left] ///[/align]
///
用户帐号名
[align=left] ///如果找到该用户,则返回用户的 对象;否则返回 null[/align]
[align=left] public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryObject();[/align]
[align=left] DirectorySearcher deSearch = new DirectorySearcher(de);[/align]
[align=left] deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";[/align]
[align=left] deSearch.SearchScope = SearchScope.Subtree;[/align]
[align=left] [/align]
[align=left] try[/align]
[align=left] {[/align]
[align=left] SearchResult result = deSearch.FindOne();[/align]
[align=left] de = new DirectoryEntry(result.Path);[/align]
[align=left] return de;[/align]
[align=left] }[/align]
[align=left] catch[/align]
[align=left] {[/align]
[align=left] return null;[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///根据用户帐号和密码取得用户的 对象[/align]
[align=left] ///[/align]
///
用户帐号名
///
用户密码
[align=left] ///如果找到该用户,则返回用户的 对象;否则返回 null[/align]
[align=left] public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName, string password)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);[/align]
[align=left] if (de != null)[/align]
[align=left] {[/align]
[align=left] string commonName = de.Properties["cn"][0].ToString();[/align]
[align=left] [/align]
[align=left] if (GetDirectoryEntry(commonName, password) != null)[/align]
[align=left] return GetDirectoryEntry(commonName, password);[/align]
[align=left] else[/align]
[align=left] return null;[/align]
[align=left] }[/align]
[align=left] else[/align]
[align=left] {[/align]
[align=left] return null;[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///根据组名取得用户组的 对象[/align]
[align=left] ///[/align]
///
组名
[align=left] ///[/align]
[align=left] public static DirectoryEntry GetDirectoryEntryOfGroup(string groupName)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryObject();[/align]
[align=left] DirectorySearcher deSearch = new DirectorySearcher(de);[/align]
[align=left] deSearch.Filter = "(&(objectClass=group)(cn=" + groupName + "))";[/align]
[align=left] deSearch.SearchScope = SearchScope.Subtree;[/align]
[align=left] [/align]
[align=left] try[/align]
[align=left] {[/align]
[align=left] SearchResult result = deSearch.FindOne();[/align]
[align=left] de = new DirectoryEntry(result.Path);[/align]
[align=left] return de;[/align]
[align=left] }[/align]
[align=left] catch[/align]
[align=left] {[/align]
[align=left] return null;[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] #endregion[/align]
[align=left] [/align]
[align=left] #region GetProperty[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///获得指定 指定属性名对应的值[/align]
[align=left] ///[/align]
///
///
属性名称
[align=left] ///属性值[/align]
[align=left] public static string GetProperty(DirectoryEntry de, string propertyName)[/align]
[align=left] {[/align]
[align=left] if(de.Properties.Contains(propertyName))[/align]
[align=left] {[/align]
[align=left] return de.Properties[propertyName][0].ToString() ;[/align]
[align=left] }[/align]
[align=left] else[/align]
[align=left] {[/align]
[align=left] return string.Empty;[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///获得指定搜索结果 中指定属性名对应的值[/align]
[align=left] ///[/align]
///
///
属性名称
[align=left] ///属性值[/align]
[align=left] public static string GetProperty(SearchResult searchResult, string propertyName)[/align]
[align=left] {[/align]
[align=left] if(searchResult.Properties.Contains(propertyName))[/align]
[align=left] {[/align]
[align=left] return searchResult.Properties[propertyName][0].ToString() ;[/align]
[align=left] }[/align]
[align=left] else[/align]
[align=left] {[/align]
[align=left] return string.Empty;[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] #endregion[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///设置指定 的属性值[/align]
[align=left] ///[/align]
///
///
属性名称
///
属性值
[align=left] public static void SetProperty(DirectoryEntry de, string propertyName, string propertyValue)[/align]
[align=left] {[/align]
[align=left] if(propertyValue != string.Empty || propertyValue != "" || propertyValue != null)[/align]
[align=left] {[/align]
[align=left] if(de.Properties.Contains(propertyName))[/align]
[align=left] {[/align]
[align=left] de.Properties[propertyName][0] = propertyValue; [/align]
[align=left] }[/align]
[align=left] else[/align]
[align=left] {[/align]
[align=left] de.Properties[propertyName].Add(propertyValue);[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///创建新的用户[/align]
[align=left] ///[/align]
///
DN 位置。例如:OU=共享平台 或 CN=Users
///
公共名称
///
帐号
///
密码
[align=left] ///[/align]
[align=left] public static DirectoryEntry CreateNewUser(string ldapDN, string commonName, string sAMAccountName, string password)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry entry = GetDirectoryObject();[/align]
[align=left] DirectoryEntry subEntry = entry.Children.Find(ldapDN);[/align]
[align=left] DirectoryEntry deUser = subEntry.Children.Add("CN=" + commonName, "user");[/align]
[align=left] deUser.Properties["sAMAccountName"].Value = sAMAccountName;[/align]
[align=left] deUser.CommitChanges();[/align]
[align=left] ADHelper.EnableUser(commonName);[/align]
[align=left] ADHelper.SetPassword(commonName, password);[/align]
[align=left] deUser.Close();[/align]
[align=left] return deUser;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///创建新的用户。默认创建在 Users 单元下。[/align]
[align=left] ///[/align]
///
公共名称
///
帐号
///
密码
[align=left] ///[/align]
[align=left] public static DirectoryEntry CreateNewUser(string commonName, string sAMAccountName, string password)[/align]
[align=left] {[/align]
[align=left] return CreateNewUser("CN=Users", commonName, sAMAccountName, password);[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///判断指定公共名称的用户是否存在[/align]
[align=left] ///[/align]
///
用户公共名称
[align=left] ///如果存在,返回 true;否则返回 false[/align]
[align=left] public static bool IsUserExists(string commonName)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryObject();[/align]
[align=left] DirectorySearcher deSearch = new DirectorySearcher(de);[/align]
[align=left] deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))"; // LDAP 查询串[/align]
[align=left] SearchResultCollection results = deSearch.FindAll();[/align]
[align=left] [/align]
[align=left] if (results.Count == 0)[/align]
[align=left] return false;[/align]
[align=left] else[/align]
[align=left] return true;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///判断用户帐号是否激活[/align]
[align=left] ///[/align]
///
用户帐号属性控制器
[align=left] ///如果用户帐号已经激活,返回 true;否则返回 false[/align]
[align=left] public static bool IsAccountActive(int userAccountControl)[/align]
[align=left] {[/align]
[align=left] int userAccountControl_Disabled = Convert.ToInt32(ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE);[/align]
[align=left] int flagExists = userAccountControl & userAccountControl_Disabled;[/align]
[align=left] [/align]
[align=left] if (flagExists > 0)[/align]
[align=left] return false;[/align]
[align=left] else[/align]
[align=left] return true;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///判断用户与密码是否足够以满足身份验证进而登录[/align]
[align=left] ///[/align]
///
用户公共名称
///
密码
[align=left] ///如能可正常登录,则返回 true;否则返回 false[/align]
[align=left] public static LoginResult Login(string commonName, string password)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryEntry(commonName);[/align]
[align=left] [/align]
[align=left] if (de != null)[/align]
[align=left] {[/align]
[align=left] // 必须在判断用户密码正确前,对帐号激活属性进行判断;否则将出现异常。[/align]
[align=left] int userAccountControl = Convert.ToInt32(de.Properties["userAccountControl"][0]);[/align]
[align=left] de.Close();[/align]
[align=left] [/align]
[align=left] if (!IsAccountActive(userAccountControl))[/align]
[align=left] return LoginResult.LOGIN_USER_ACCOUNT_INACTIVE;[/align]
[align=left] [/align]
[align=left] if (GetDirectoryEntry(commonName, password) != null)[/align]
[align=left] return LoginResult.LOGIN_USER_OK;[/align]
[align=left] else[/align]
[align=left] return LoginResult.LOGIN_USER_PASSWORD_INCORRECT;[/align]
[align=left] }[/align]
[align=left] else[/align]
[align=left] {[/align]
[align=left] return LoginResult.LOGIN_USER_DOESNT_EXIST; [/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///判断用户帐号与密码是否足够以满足身份验证进而登录[/align]
[align=left] ///[/align]
///
用户帐号
///
密码
[align=left] ///如能可正常登录,则返回 true;否则返回 false[/align]
[align=left] public static LoginResult LoginByAccount(string sAMAccountName, string password)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);[/align]
[align=left] [/align]
[align=left] if (de != null)[/align]
[align=left] {[/align]
[align=left] // 必须在判断用户密码正确前,对帐号激活属性进行判断;否则将出现异常。[/align]
[align=left] int userAccountControl = Convert.ToInt32(de.Properties["userAccountControl"][0]);[/align]
[align=left] de.Close();[/align]
[align=left] [/align]
[align=left] if (!IsAccountActive(userAccountControl))[/align]
[align=left] return LoginResult.LOGIN_USER_ACCOUNT_INACTIVE;[/align]
[align=left] [/align]
[align=left] if (GetDirectoryEntryByAccount(sAMAccountName, password) != null)[/align]
[align=left] return LoginResult.LOGIN_USER_OK;[/align]
[align=left] else[/align]
[align=left] return LoginResult.LOGIN_USER_PASSWORD_INCORRECT;[/align]
[align=left] }[/align]
[align=left] else[/align]
[align=left] {[/align]
[align=left] return LoginResult.LOGIN_USER_DOESNT_EXIST; [/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///设置用户密码,管理员可以通过它来修改指定用户的密码。[/align]
[align=left] ///[/align]
///
用户公共名称
///
用户新密码
[align=left] public static void SetPassword(string commonName, string newPassword)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryEntry(commonName);[/align]
[align=left] [/align]
[align=left] // 模拟超级管理员,以达到有权限修改用户密码[/align]
[align=left] impersonate.BeginImpersonate();[/align]
[align=left] de.Invoke("SetPassword", new object[]{newPassword});[/align]
[align=left] impersonate.StopImpersonate();[/align]
[align=left] [/align]
[align=left] de.Close();[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///设置帐号密码,管理员可以通过它来修改指定帐号的密码。[/align]
[align=left] ///[/align]
///
用户帐号
///
用户新密码
[align=left] public static void SetPasswordByAccount(string sAMAccountName, string newPassword)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);[/align]
[align=left] [/align]
[align=left] // 模拟超级管理员,以达到有权限修改用户密码[/align]
[align=left] IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName);[/align]
[align=left] impersonate.BeginImpersonate();[/align]
[align=left] de.Invoke("SetPassword", new object[]{newPassword});[/align]
[align=left] impersonate.StopImpersonate();[/align]
[align=left] [/align]
[align=left] de.Close();[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///修改用户密码[/align]
[align=left] ///[/align]
///
用户公共名称
///
旧密码
///
新密码
[align=left] public static void ChangeUserPassword (string commonName, string oldPassword, string newPassword)[/align]
[align=left] {[/align]
[align=left] // to-do: 需要解决密码策略问题[/align]
[align=left] DirectoryEntry oUser = GetDirectoryEntry(commonName);[/align]
[align=left] oUser.Invoke("ChangePassword", new Object[]{oldPassword, newPassword});[/align]
[align=left] oUser.Close();[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///启用指定公共名称的用户[/align]
[align=left] ///[/align]
///
用户公共名称
[align=left] public static void EnableUser(string commonName)[/align]
[align=left] {[/align]
[align=left] EnableUser(GetDirectoryEntry(commonName));[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///启用指定 的用户[/align]
[align=left] ///[/align]
///
[align=left] public static void EnableUser(DirectoryEntry de)[/align]
[align=left] {[/align]
[align=left] impersonate.BeginImpersonate();[/align]
[align=left] de.Properties["userAccountControl"][0] = ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD;[/align]
[align=left] de.CommitChanges();[/align]
[align=left] impersonate.StopImpersonate();[/align]
[align=left] de.Close();[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///禁用指定公共名称的用户[/align]
[align=left] ///[/align]
///
用户公共名称
[align=left] public static void DisableUser(string commonName)[/align]
[align=left] {[/align]
[align=left] DisableUser(GetDirectoryEntry(commonName));[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///禁用指定 的用户[/align]
[align=left] ///[/align]
///
[align=left] public static void DisableUser(DirectoryEntry de)[/align]
[align=left] {[/align]
[align=left] impersonate.BeginImpersonate();[/align]
[align=left] de.Properties["userAccountControl"][0]=ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE;[/align]
[align=left] de.CommitChanges();[/align]
[align=left] impersonate.StopImpersonate();[/align]
[align=left] de.Close();[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///将指定的用户添加到指定的组中。默认为 Users 下的组和用户。[/align]
[align=left] ///[/align]
///
用户公共名称
///
组名
[align=left] public static void AddUserToGroup(string userCommonName, string groupName)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);[/align]
[align=left] DirectoryEntry oUser = GetDirectoryEntry(userCommonName);[/align]
[align=left] [/align]
[align=left] impersonate.BeginImpersonate();[/align]
[align=left] oGroup.Properties["member"].Add(oUser.Properties["distinguishedName"].Value);[/align]
[align=left] oGroup.CommitChanges();[/align]
[align=left] impersonate.StopImpersonate();[/align]
[align=left] [/align]
[align=left] oGroup.Close();[/align]
[align=left] oUser.Close();[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///将用户从指定组中移除。默认为 Users 下的组和用户。[/align]
[align=left] ///[/align]
///
用户公共名称
///
组名
[align=left] public static void RemoveUserFromGroup(string userCommonName, string groupName)[/align]
[align=left] {[/align]
[align=left] DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);[/align]
[align=left] DirectoryEntry oUser = GetDirectoryEntry(userCommonName);[/align]
[align=left] [/align]
[align=left] impersonate.BeginImpersonate();[/align]
[align=left] oGroup.Properties["member"].Remove(oUser.Properties["distinguishedName"].Value);[/align]
[align=left] oGroup.CommitChanges();[/align]
[align=left] impersonate.StopImpersonate();[/align]
[align=left] [/align]
[align=left] oGroup.Close();[/align]
[align=left] oUser.Close();[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///用户模拟角色类。实现在程序段内进行用户角色模拟。[/align]
[align=left] ///[/align]
[align=left] public class IdentityImpersonation[/align]
[align=left] {[/align]
[align=left] [DllImport("advapi32.dll", SetLastError=true)][/align]
[align=left] public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);[/align]
[align=left] [/align]
[align=left] [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)][/align]
[align=left] public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);[/align]
[align=left] [/align]
[align=left] [DllImport("kernel32.dll", CharSet=CharSet.Auto)][/align]
[align=left] public extern static bool CloseHandle(IntPtr handle);[/align]
[align=left] [/align]
[align=left] // 要模拟的用户的用户名、密码、域(机器名)[/align]
[align=left] private String _sImperUsername;[/align]
[align=left] private String _sImperPassword;[/align]
[align=left] private String _sImperDomain;[/align]
[align=left] // 记录模拟上下文[/align]
[align=left] private WindowsImpersonationContext _imperContext;[/align]
[align=left] private IntPtr _adminToken;[/align]
[align=left] private IntPtr _dupeToken;[/align]
[align=left] // 是否已停止模拟[/align]
[align=left] private Boolean _bClosed;[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///构造函数[/align]
[align=left] ///[/align]
///
所要模拟的用户的用户名
///
所要模拟的用户的密码
///
所要模拟的用户所在的域
[align=left] public IdentityImpersonation(String impersonationUsername, String impersonationPassword, String impersonationDomain) [/align]
[align=left] {[/align]
[align=left] _sImperUsername = impersonationUsername;[/align]
[align=left] _sImperPassword = impersonationPassword;[/align]
[align=left] _sImperDomain = impersonationDomain;[/align]
[align=left] [/align]
[align=left] _adminToken = IntPtr.Zero;[/align]
[align=left] _dupeToken = IntPtr.Zero;[/align]
[align=left] _bClosed = true;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///析构函数[/align]
[align=left] ///[/align]
[align=left] ~IdentityImpersonation() [/align]
[align=left] {[/align]
[align=left] if(!_bClosed) [/align]
[align=left] {[/align]
[align=left] StopImpersonate();[/align]
[align=left] }[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///开始身份角色模拟。[/align]
[align=left] ///[/align]
[align=left] ///[/align]
[align=left] public Boolean BeginImpersonate() [/align]
[align=left] {[/align]
[align=left] Boolean bLogined = LogonUser(_sImperUsername, _sImperDomain, _sImperPassword, 2, 0, ref _adminToken);[/align]
[align=left] [/align]
[align=left] if(!bLogined) [/align]
[align=left] {[/align]
[align=left] return false;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] Boolean bDuped = DuplicateToken(_adminToken, 2, ref _dupeToken);[/align]
[align=left] [/align]
[align=left] if(!bDuped) [/align]
[align=left] {[/align]
[align=left] return false;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] WindowsIdentity fakeId = new WindowsIdentity(_dupeToken);[/align]
[align=left] _imperContext = fakeId.Impersonate();[/align]
[align=left] [/align]
[align=left] _bClosed = false;[/align]
[align=left] [/align]
[align=left] return true;[/align]
[align=left] }[/align]
[align=left] [/align]
[align=left] ///[/align]
[align=left] ///停止身分角色模拟。[/align]
[align=left] ///[/align]
[align=left] public void StopImpersonate() [/align]
[align=left] {[/align]
[align=left] _imperContext.Undo();[/align]
[align=left] CloseHandle(_dupeToken);[/align]
[align=left] CloseHandle(_adminToken);[/align]
[align=left] _bClosed = true;[/align]
[align=left] }[/align]
}
[align=left][/align]
[align=left]}[/align]
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- ADHelper 活动目录用户操作类
- ADHelper 活动目录用户操作类
- [收集]ADHelper 活动目录用户操作类
- ADHelper 活动目录用户操作类
- ADHelper 活动目录用户操作类
- ADHelper 活动目录用户操作类
- ADHelper 活动目录用户操作类 (c#)
- ADHelper 活动目录用户操作类
- ADHelper 活动目录用户操作类
- ADHelper 活动目录用户操作类
- ADHelper 活动目录用户操作类[转载]
- 域用户无法安装驱动|活动目录域AD组策略无法应用
- 活动目录之组策略管理用户
- SharePoint 2010中重置windows 活动目录(AD)域用户密码的WebPart(免费下载)
- W2K用户管理--活动目录实例
- 在活动目录上使用csvde导入csv文件批量创建域用户
- Windows Server 2012活动目录基础配置与应用(新手教程)之4---域用户的基本管理
- win 2003活动目录之用户账户
- SuSE sftp 限制用户活动目录
- 一个简单的操作活动目录的类(ADHelper)