我有一个 WindowsIdentity,它对应于一个经过身份验证的用户。如何确定身份对应的是机器上的本地用户、已添加到机器的域用户还是未添加到机器的域?
假设我有 3 个用户帐户:
- DomainUser(域用户组的成员,未添加到任何本地组)
- LocalUser(在机器上创建的本地用户)
- MappedDomainUser(已添加到机器上的组的域用户)
如何区分
- 域用户和本地用户
- 本地用户和映射域用户
- 域用户和映射域用户
截至目前,我依赖于用户名并检查它是否以机器名开头。然后我通过检查用户所属的组(如果它是所有域用户的一部分)来进一步区分。我确定这不是最好的方式。
因为我有来自 WindowsIdentity.User 属性的用户 sid,我能以某种方式使用它吗?
最佳答案
不确定映射域管理员。 我只是检查用户登录的域的本地和域管理员。 不要访问“builtin\Admin”之类的字符串,它们因操作系统语言版本而异。
我喜欢使用 .net 4.5 Principals 方法。 如果你可以使用 4.5,你可以做类似的事情
所以关于这个问题 我怎样才能区分
- 域用户和本地用户
- 本地用户和映射域用户
- 域用户和映射域用户
示例代码
using System;
using System.DirectoryServices.ActiveDirectory;
using System.Security.Principal
namespace xxxxx
{
public class UserEnvTools
{
public static bool IsDomainAdmin()
{ //returns TRUE for a machine that is on a workgroup So consider GetDomain methods based on scenario
if (WindowsIdentity.GetCurrent().User.AccountDomainSid == null)
return false;
var domainAdmins = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid,
WindowsIdentity.GetCurrent().User.AccountDomainSid);
var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent());
return prin != null && (prin.IsInRole(domainAdmins));
}
public static bool IsDomainUser()
{
//returns TRUE for a machine that is on a workgroup So consider GetDomain methods based on scenario
if (WindowsIdentity.GetCurrent().User.AccountDomainSid == null)
return false;
var domainUsers = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid,
WindowsIdentity.GetCurrent().User.AccountDomainSid);
var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent());
return prin != null && (prin.IsInRole(domainUsers));
}
public static bool IsLocalAdmin()
{
var localAdmins = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent());
return prin != null && (prin.IsInRole(localAdmins));
}
public static bool IsLocalUser()
{
var localUsers = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent());
return prin != null && (prin.IsInRole(localUsers));
}
// Current security context applies
public static Domain GetCurrentUserDomain()
{
try
{
return System.DirectoryServices.ActiveDirectory.Domain.GetCurrentDomain();
}
// It may be better not to ctach such errors?
catch (ActiveDirectoryOperationException) // no Controller/AD Forest can not be contacted
{return null;}
catch (ActiveDirectoryObjectNotFoundException) // The USers Domain is not known to the controller
{return null;}
}
public static Domain GetCurrentMachineDomain()
{
try
{
return System.DirectoryServices.ActiveDirectory.Domain.GetComputerDomain();
}
// It may be better not to ctach such errors?
catch (ActiveDirectoryOperationException) // no controller or machine is not on a domain
{ return null; }
catch (ActiveDirectoryObjectNotFoundException) // controller found, but the machine is not known
{ return null; }
}
关于c# - 如何确定 Windows 标识对应的是本地用户还是域用户?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/12160262/