gpt4 book ai didi

c# - 如何确定 Windows 标识对应的是本地用户还是域用户?

转载 作者:可可西里 更新时间:2023-11-01 13:54:51 24 4
gpt4 key购买 nike

我有一个 WindowsIdentity,它对应于一个经过身份验证的用户。如何确定身份对应的是机器上的本地用户、已添加到机器的域用户还是未添加到机器的域?

假设我有 3 个用户帐户:

  • DomainUser(域用户组的成员,未添加到任何本地组)
  • LocalUser(在机器上创建的本地用户)
  • MappedDomainUser(已添加到机器上的组的域用户)

如何区分

  • 域用户和本地用户
  • 本地用户和映射域用户
  • 域用户和映射域用户

截至目前,我依赖于用户名并检查它是否以机器名开头。然后我通过检查用户所属的组(如果它是所有域用户的一部分)来进一步区分。我确定这不是最好的方式。

因为我有来自 WindowsIdentity.User 属性的用户 sid,我能以某种方式使用它吗?

最佳答案

不确定映射域管理员。我只是检查用户登录的域的本地和域管理员。不要访问“builtin\Admin”之类的字符串,它们因操作系统语言版本而异。

我喜欢使用 .net 4.5 Principals 方法。如果你可以使用 4.5,你可以做类似的事情

所以关于这个问题我怎样才能区分

  • 域用户和本地用户
  • 本地用户和映射域用户
  • 域用户和映射域用户

示例代码

using System;
using System.DirectoryServices.ActiveDirectory;
using System.Security.Principal
namespace xxxxx
{
public class UserEnvTools
{

public static bool IsDomainAdmin()
{ //returns TRUE for a machine that is on a workgroup So consider GetDomain methods based on scenario
if (WindowsIdentity.GetCurrent().User.AccountDomainSid == null)
return false;
var domainAdmins = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid,
WindowsIdentity.GetCurrent().User.AccountDomainSid);
var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent());
return prin != null && (prin.IsInRole(domainAdmins));
}
public static bool IsDomainUser()
{
//returns TRUE for a machine that is on a workgroup So consider GetDomain methods based on scenario
if (WindowsIdentity.GetCurrent().User.AccountDomainSid == null)
return false;

var domainUsers = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid,
WindowsIdentity.GetCurrent().User.AccountDomainSid);
var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent());
return prin != null && (prin.IsInRole(domainUsers));
}

public static bool IsLocalAdmin()
{
var localAdmins = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent());
return prin != null && (prin.IsInRole(localAdmins));
}
public static bool IsLocalUser()
{
var localUsers = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent());
return prin != null && (prin.IsInRole(localUsers));

}
// Current security context applies
public static Domain GetCurrentUserDomain()
{
try
{
return System.DirectoryServices.ActiveDirectory.Domain.GetCurrentDomain();
}
// It may be better not to ctach such errors?
catch (ActiveDirectoryOperationException) // no Controller/AD Forest can not be contacted
{return null;}
catch (ActiveDirectoryObjectNotFoundException) // The USers Domain is not known to the controller
{return null;}
}

public static Domain GetCurrentMachineDomain()
{
try
{
return System.DirectoryServices.ActiveDirectory.Domain.GetComputerDomain();
}
// It may be better not to ctach such errors?
catch (ActiveDirectoryOperationException) // no controller or machine is not on a domain
{ return null; }
catch (ActiveDirectoryObjectNotFoundException) // controller found, but the machine is not known
{ return null; }
}

关于c# - 如何确定 Windows 标识对应的是本地用户还是域用户?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/12160262/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com