原文链接:http://www.cnblogs.com/jiewei915/archive/2012/10/29/2744894.html
1 using System;
2 using System.DirectoryServices;
3
4 namespace SystemFrameworks.Helper
5 {
6 ///
7 ///活动目录辅助类。封装一系列活动目录操作相关的方法。
8 ///
9 public sealed class ADHelper
10 {
11 ///
12 ///域名
13 ///
14 private static string DomainName = "MyDomain";
15 ///
16 /// LDAP 地址
17 ///
18 private static string LDAPDomain = "DC=MyDomain,DC=local";
19 ///
20 /// LDAP绑定路径
21 ///
22 private static string ADPath = "LDAP://brooks.mydomain.local";
23 ///
24 ///登录帐号
25 ///
26 private static string ADUser = "Administrator";
27 ///
28 ///登录密码
29 ///
30 private static string ADPassword = "password";
31 ///
32 ///扮演类实例
33 ///
34 private static IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName);
35
36 ///
37 ///用户登录验证结果
38 ///
39 public enum LoginResult
40 {
41 ///
42 ///正常登录
43 ///
44 LOGIN_USER_OK = 0,
45 ///
46 ///用户不存在
47 ///
48 LOGIN_USER_DOESNT_EXIST,
49 ///
50 ///用户帐号被禁用
51 ///
52 LOGIN_USER_ACCOUNT_INACTIVE,
53 ///
54 ///用户密码不正确
55 ///
56 LOGIN_USER_PASSWORD_INCORRECT
57 }
58
59 ///
60 ///用户属性定义标志
61 ///
62 public enum ADS_USER_FLAG_ENUM
63 {
64 ///
65 ///登录脚本标志。如果通过 ADSI LDAP 进行读或写操作时,该标志失效。如果通过 ADSI WINNT,该标志为只读。
66 ///
67 ADS_UF_SCRIPT = 0X0001,
68 ///
69 ///用户帐号禁用标志
70 ///
71 ADS_UF_ACCOUNTDISABLE = 0X0002,
72 ///
73 ///主文件夹标志
74 ///
75 ADS_UF_HOMEDIR_REQUIRED = 0X0008,
76 ///
77 ///过期标志
78 ///
79 ADS_UF_LOCKOUT = 0X0010,
80 ///
81 ///用户密码不是必须的
82 ///
83 ADS_UF_PASSWD_NOTREQD = 0X0020,
84 ///
85 ///密码不能更改标志
86 ///
87 ADS_UF_PASSWD_CANT_CHANGE = 0X0040,
88 ///
89 ///使用可逆的加密保存密码
90 ///
91 ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,
92 ///
93 ///本地帐号标志
94 ///
95 ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100,
96 ///
97 ///普通用户的默认帐号类型
98 ///
99 ADS_UF_NORMAL_ACCOUNT = 0X0200,
100 ///
101 ///跨域的信任帐号标志
102 ///
103 ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800,
104 ///
105 ///工作站信任帐号标志
106 ///
107 ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x1000,
108 ///
109 ///服务器信任帐号标志
110 ///
111 ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000,
112 ///
113 ///密码永不过期标志
114 ///
115 ADS_UF_DONT_EXPIRE_PASSWD = 0X10000,
116 ///
117 /// MNS 帐号标志
118 ///
119 ADS_UF_MNS_LOGON_ACCOUNT = 0X20000,
120 ///
121 ///交互式登录必须使用智能卡
122 ///
123 ADS_UF_SMARTCARD_REQUIRED = 0X40000,
124 ///
125 ///当设置该标志时,服务帐号(用户或计算机帐号)将通过 Kerberos 委托信任
126 ///
127 ADS_UF_TRUSTED_FOR_DELEGATION = 0X80000,
128 ///
129 ///当设置该标志时,即使服务帐号是通过 Kerberos 委托信任的,敏感帐号不能被委托
130 ///
131 ADS_UF_NOT_DELEGATED = 0X100000,
132 ///
133 ///此帐号需要 DES 加密类型
134 ///
135 ADS_UF_USE_DES_KEY_ONLY = 0X200000,
136 ///
137 ///不要进行 Kerberos 预身份验证
138 ///
139 ADS_UF_DONT_REQUIRE_PREAUTH = 0X4000000,
140 ///
141 ///用户密码过期标志
142 ///
143 ADS_UF_PASSWORD_EXPIRED = 0X800000,
144 ///
145 ///用户帐号可委托标志
146 ///
147 ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0X1000000
148 }
149
150 public ADHelper()
151 {
152 //
153 }
154
155 #region GetDirectoryObject
156
157 ///
158 ///获得DirectoryEntry对象实例,以管理员登陆AD
159 ///
160 ///
161 private static DirectoryEntry GetDirectoryObject()
162 {
163 DirectoryEntry entry = new DirectoryEntry(ADPath, ADUser, ADPassword, AuthenticationTypes.Secure);
164 return entry;
165 }
166
167 ///
168 ///根据指定用户名和密码获得相应DirectoryEntry实体
169 ///
170 ///
171 ///
172 ///
173 private static DirectoryEntry GetDirectoryObject(string userName, string password)
174 {
175 DirectoryEntry entry = new DirectoryEntry(ADPath, userName, password, AuthenticationTypes.None);
176 return entry;
177 }
178
179 ///
180 /// i.e. /CN=Users,DC=creditsights, DC=cyberelves, DC=Com
181 ///
182 ///
183 ///
184 private static DirectoryEntry GetDirectoryObject(string domainReference)
185 {
186 DirectoryEntry entry = new DirectoryEntry(ADPath + domainReference, ADUser, ADPassword, AuthenticationTypes.Secure);
187 return entry;
188 }
189
190 ///
191 ///获得以UserName,Password创建的DirectoryEntry
192 ///
193 ///
194 ///
195 ///
196 ///
197 private static DirectoryEntry GetDirectoryObject(string domainReference, string userName, string password)
198 {
199 DirectoryEntry entry = new DirectoryEntry(ADPath + domainReference, userName, password, AuthenticationTypes.Secure);
200 return entry;
201 }
202
203 #endregion
204
205 #region GetDirectoryEntry
206
207 ///
208 ///根据用户公共名称取得用户的 对象
209 ///
210 ///
211 用户公共名称
212 ///如果找到该用户,则返回用户的 对象;否则返回 null
213 public static DirectoryEntry GetDirectoryEntry(string commonName)
214 {
215 DirectoryEntry de = GetDirectoryObject();
216 DirectorySearcher deSearch = new DirectorySearcher(de);
217 deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";
218 deSearch.SearchScope = SearchScope.Subtree;
219
220 try
221 {
222 SearchResult result = deSearch.FindOne();
223 de = new DirectoryEntry(result.Path);
224 return de;
225 }
226 catch
227 {
228 return null;
229 }
230 }
231
232 ///
233 ///根据用户公共名称和密码取得用户的 对象。
234 ///
235 ///
236 用户公共名称
237 ///
238 用户密码
239 ///如果找到该用户,则返回用户的 对象;否则返回 null
240 public static DirectoryEntry GetDirectoryEntry(string commonName, string password)
241 {
242 DirectoryEntry de = GetDirectoryObject(commonName, password);
243 DirectorySearcher deSearch = new DirectorySearcher(de);
244 deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";
245 deSearch.SearchScope = SearchScope.Subtree;
246
247 try
248 {
249 SearchResult result = deSearch.FindOne();
250 de = new DirectoryEntry(result.Path);
251 return de;
252 }
253 catch
254 {
255 return null;
256 }
257 }
258
259 ///
260 ///根据用户帐号称取得用户的 对象
261 ///
262 ///
263 用户帐号名
264 ///如果找到该用户,则返回用户的 对象;否则返回 null
265 public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName)
266 {
267 DirectoryEntry de = GetDirectoryObject();
268 DirectorySearcher deSearch = new DirectorySearcher(de);
269 deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
270 deSearch.SearchScope = SearchScope.Subtree;
271
272 try
273 {
274 SearchResult result = deSearch.FindOne();
275 de = new DirectoryEntry(result.Path);
276 return de;
277 }
278 catch
279 {
280 return null;
281 }
282 }
283
284 ///
285 ///根据用户帐号和密码取得用户的 对象
286 ///
287 ///
288 用户帐号名
289 ///
290 用户密码
291 ///如果找到该用户,则返回用户的 对象;否则返回 null
292 public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName, string password)
293 {
294 DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);
295 if (de != null)
296 {
297 string commonName = de.Properties["cn"][0].ToString();
298
299 if (GetDirectoryEntry(commonName, password) != null)
300 return GetDirectoryEntry(commonName, password);
301 else
302 return null;
303 }
304 else
305 {
306 return null;
307 }
308 }
309
310 ///
311 ///根据组名取得用户组的 对象
312 ///
313 ///
314 组名
315 ///
316 public static DirectoryEntry GetDirectoryEntryOfGroup(string groupName)
317 {
318 DirectoryEntry de = GetDirectoryObject();
319 DirectorySearcher deSearch = new DirectorySearcher(de);
320 deSearch.Filter = "(&(objectClass=group)(cn=" + groupName + "))";
321 deSearch.SearchScope = SearchScope.Subtree;
322
323 try
324 {
325 SearchResult result = deSearch.FindOne();
326 de = new DirectoryEntry(result.Path);
327 return de;
328 }
329 catch
330 {
331 return null;
332 }
333 }
334
335 #endregion
336
337 #region GetProperty
338
339 ///
340 ///获得指定 指定属性名对应的值
341 ///
342 ///
343 ///
344 属性名称
345 ///属性值
346 public static string GetProperty(DirectoryEntry de, string propertyName)
347 {
348 if(de.Properties.Contains(propertyName))
349 {
350 return de.Properties[propertyName][0].ToString() ;
351 }
352 else
353 {
354 return string.Empty;
355 }
356 }
357
358 ///
359 ///获得指定搜索结果 中指定属性名对应的值
360 ///
361 ///
362 ///
363 属性名称
364 ///属性值
365 public static string GetProperty(SearchResult searchResult, string propertyName)
366 {
367 if(searchResult.Properties.Contains(propertyName))
368 {
369 return searchResult.Properties[propertyName][0].ToString() ;
370 }
371 else
372 {
373 return string.Empty;
374 }
375 }
376
377 #endregion
378
379 ///
380 ///设置指定 的属性值
381 ///
382 ///
383 ///
384 属性名称
385 ///
386 属性值
387 public static void SetProperty(DirectoryEntry de, string propertyName, string propertyValue)
388 {
389 if(propertyValue != string.Empty || propertyValue != "" || propertyValue != null)
390 {
391 if(de.Properties.Contains(propertyName))
392 {
393 de.Properties[propertyName][0] = propertyValue;
394 }
395 else
396 {
397 de.Properties[propertyName].Add(propertyValue);
398 }
399 }
400 }
401
402 ///
403 ///创建新的用户
404 ///
405 ///
406 DN 位置。例如:OU=共享平台 或 CN=Users
407 ///
408 公共名称
409 ///
410 帐号
411 ///
412 密码
413 ///
414 public static DirectoryEntry CreateNewUser(string ldapDN, string commonName, string sAMAccountName, string password)
415 {
416 DirectoryEntry entry = GetDirectoryObject();
417 DirectoryEntry subEntry = entry.Children.Find(ldapDN);
418 DirectoryEntry deUser = subEntry.Children.Add("CN=" + commonName, "user");
419 deUser.Properties["sAMAccountName"].Value = sAMAccountName;
420 deUser.CommitChanges();
421 ADHelper.EnableUser(commonName);
422 ADHelper.SetPassword(commonName, password);
423 deUser.Close();
424 return deUser;
425 }
426
427 ///
428 ///创建新的用户。默认创建在 Users 单元下。
429 ///
430 ///
431 公共名称
432 ///
433 帐号
434 ///
435 密码
436 ///
437 public static DirectoryEntry CreateNewUser(string commonName, string sAMAccountName, string password)
438 {
439 return CreateNewUser("CN=Users", commonName, sAMAccountName, password);
440 }
441
442 ///
443 ///判断指定公共名称的用户是否存在
444 ///
445 ///
446 用户公共名称
447 ///如果存在,返回 true;否则返回 false
448 public static bool IsUserExists(string commonName)
449 {
450 DirectoryEntry de = GetDirectoryObject();
451 DirectorySearcher deSearch = new DirectorySearcher(de);
452 deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))"; // LDAP 查询串
453 SearchResultCollection results = deSearch.FindAll();
454
455 if (results.Count == 0)
456 return false;
457 else
458 return true;
459 }
460
461 ///
462 ///判断用户帐号是否激活
463 ///
464 ///
465 用户帐号属性控制器
466 ///如果用户帐号已经激活,返回 true;否则返回 false
467 public static bool IsAccountActive(int userAccountControl)
468 {
469 int userAccountControl_Disabled = Convert.ToInt32(ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE);
470 int flagExists = userAccountControl & userAccountControl_Disabled;
471
472 if (flagExists > 0)
473 return false;
474 else
475 return true;
476 }
477
478 ///
479 ///判断用户与密码是否足够以满足身份验证进而登录
480 ///
481 ///
482 用户公共名称
483 ///
484 密码
485 ///如能可正常登录,则返回 true;否则返回 false
486 public static LoginResult Login(string commonName, string password)
487 {
488 DirectoryEntry de = GetDirectoryEntry(commonName);
489
490 if (de != null)
491 {
492 // 必须在判断用户密码正确前,对帐号激活属性进行判断;否则将出现异常。
493 int userAccountControl = Convert.ToInt32(de.Properties["userAccountControl"][0]);
494 de.Close();
495
496 if (!IsAccountActive(userAccountControl))
497 return LoginResult.LOGIN_USER_ACCOUNT_INACTIVE;
498
499 if (GetDirectoryEntry(commonName, password) != null)
500 return LoginResult.LOGIN_USER_OK;
501 else
502 return LoginResult.LOGIN_USER_PASSWORD_INCORRECT;
503 }
504 else
505 {
506 return LoginResult.LOGIN_USER_DOESNT_EXIST;
507 }
508 }
509
510 ///
511 ///判断用户帐号与密码是否足够以满足身份验证进而登录
512 ///
513 ///
514 用户帐号
515 ///
516 密码
517 ///如能可正常登录,则返回 true;否则返回 false
518 public static LoginResult LoginByAccount(string sAMAccountName, string password)
519 {
520 DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);
521
522 if (de != null)
523 {
524 // 必须在判断用户密码正确前,对帐号激活属性进行判断;否则将出现异常。
525 int userAccountControl = Convert.ToInt32(de.Properties["userAccountControl"][0]);
526 de.Close();
527
528 if (!IsAccountActive(userAccountControl))
529 return LoginResult.LOGIN_USER_ACCOUNT_INACTIVE;
530
531 if (GetDirectoryEntryByAccount(sAMAccountName, password) != null)
532 return LoginResult.LOGIN_USER_OK;
533 else
534 return LoginResult.LOGIN_USER_PASSWORD_INCORRECT;
535 }
536 else
537 {
538 return LoginResult.LOGIN_USER_DOESNT_EXIST;
539 }
540 }
541
542 ///
543 ///设置用户密码,管理员可以通过它来修改指定用户的密码。
544 ///
545 ///
546 用户公共名称
547 ///
548 用户新密码
549 public static void SetPassword(string commonName, string newPassword)
550 {
551 DirectoryEntry de = GetDirectoryEntry(commonName);
552
553 // 模拟超级管理员,以达到有权限修改用户密码
554 impersonate.BeginImpersonate();
555 de.Invoke("SetPassword", new object[]{newPassword});
556 impersonate.StopImpersonate();
557
558 de.Close();
559 }
560
561 ///
562 ///设置帐号密码,管理员可以通过它来修改指定帐号的密码。
563 ///
564 ///
565 用户帐号
566 ///
567 用户新密码
568 public static void SetPasswordByAccount(string sAMAccountName, string newPassword)
569 {
570 DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);
571
572 // 模拟超级管理员,以达到有权限修改用户密码
573 IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName);
574 impersonate.BeginImpersonate();
575 de.Invoke("SetPassword", new object[]{newPassword});
576 impersonate.StopImpersonate();
577
578 de.Close();
579 }
580
581 ///
582 ///修改用户密码
583 ///
584 ///
585 用户公共名称
586 ///
587 旧密码
588 ///
589 新密码
590 public static void ChangeUserPassword (string commonName, string oldPassword, string newPassword)
591 {
592 // to-do: 需要解决密码策略问题
593 DirectoryEntry oUser = GetDirectoryEntry(commonName);
594 oUser.Invoke("ChangePassword", new Object[]{oldPassword, newPassword});
595 oUser.Close();
596 }
597
598 ///
599 ///启用指定公共名称的用户
600 ///
601 ///
602 用户公共名称
603 public static void EnableUser(string commonName)
604 {
605 EnableUser(GetDirectoryEntry(commonName));
606 }
607
608 ///
609 ///启用指定 的用户
610 ///
611 ///
612 public static void EnableUser(DirectoryEntry de)
613 {
614 impersonate.BeginImpersonate();
615 de.Properties["userAccountControl"][0] = ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD;
616 de.CommitChanges();
617 impersonate.StopImpersonate();
618 de.Close();
619 }
620
621 ///
622 ///禁用指定公共名称的用户
623 ///
624 ///
625 用户公共名称
626 public static void DisableUser(string commonName)
627 {
628 DisableUser(GetDirectoryEntry(commonName));
629 }
630
631 ///
632 ///禁用指定 的用户
633 ///
634 ///
635 public static void DisableUser(DirectoryEntry de)
636 {
637 impersonate.BeginImpersonate();
638 de.Properties["userAccountControl"][0]=ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE;
639 de.CommitChanges();
640 impersonate.StopImpersonate();
641 de.Close();
642 }
643
644 ///
645 ///将指定的用户添加到指定的组中。默认为 Users 下的组和用户。
646 ///
647 ///
648 用户公共名称
649 ///
650 组名
651 public static void AddUserToGroup(string userCommonName, string groupName)
652 {
653 DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);
654 DirectoryEntry oUser = GetDirectoryEntry(userCommonName);
655
656 impersonate.BeginImpersonate();
657 oGroup.Properties["member"].Add(oUser.Properties["distinguishedName"].Value);
658 oGroup.CommitChanges();
659 impersonate.StopImpersonate();
660
661 oGroup.Close();
662 oUser.Close();
663 }
664
665 ///
666 ///将用户从指定组中移除。默认为 Users 下的组和用户。
667 ///
668 ///
669 用户公共名称
670 ///
671 组名
672 public static void RemoveUserFromGroup(string userCommonName, string groupName)
673 {
674 DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);
675 DirectoryEntry oUser = GetDirectoryEntry(userCommonName);
676
677 impersonate.BeginImpersonate();
678 oGroup.Properties["member"].Remove(oUser.Properties["distinguishedName"].Value);
679 oGroup.CommitChanges();
680 impersonate.StopImpersonate();
681
682 oGroup.Close();
683 oUser.Close();
684 }
685
686 }
687
688 ///
689 ///用户模拟角色类。实现在程序段内进行用户角色模拟。
690 ///
691 public class IdentityImpersonation
692 {
693 [DllImport("advapi32.dll", SetLastError=true)]
694 public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
695
696 [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
697 public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);
698
699 [DllImport("kernel32.dll", CharSet=CharSet.Auto)]
700 public extern static bool CloseHandle(IntPtr handle);
701
702 // 要模拟的用户的用户名、密码、域(机器名)
703 private String _sImperUsername;
704 private String _sImperPassword;
705 private String _sImperDomain;
706 // 记录模拟上下文
707 private WindowsImpersonationContext _imperContext;
708 private IntPtr _adminToken;
709 private IntPtr _dupeToken;
710 // 是否已停止模拟
711 private Boolean _bClosed;
712
713 ///
714 ///构造函数
715 ///
716 ///
717 所要模拟的用户的用户名
718 ///
719 所要模拟的用户的密码
720 ///
721 所要模拟的用户所在的域
722 public IdentityImpersonation(String impersonationUsername, String impersonationPassword, String impersonationDomain)
723 {
724 _sImperUsername = impersonationUsername;
725 _sImperPassword = impersonationPassword;
726 _sImperDomain = impersonationDomain;
727
728 _adminToken = IntPtr.Zero;
729 _dupeToken = IntPtr.Zero;
730 _bClosed = true;
731 }
732
733 ///
734 ///析构函数
735 ///
736 ~IdentityImpersonation()
737 {
738 if(!_bClosed)
739 {
740 StopImpersonate();
741 }
742 }
743
744 ///
745 ///开始身份角色模拟。
746 ///
747 ///
748 public Boolean BeginImpersonate()
749 {
750 Boolean bLogined = LogonUser(_sImperUsername, _sImperDomain, _sImperPassword, 2, 0, ref _adminToken);
751
752 if(!bLogined)
753 {
754 return false;
755 }
756
757 Boolean bDuped = DuplicateToken(_adminToken, 2, ref _dupeToken);
758
759 if(!bDuped)
760 {
761 return false;
762 }
763
764 WindowsIdentity fakeId = new WindowsIdentity(_dupeToken);
765 _imperContext = fakeId.Impersonate();
766
767 _bClosed = false;
768
769 return true;
770 }
771
772 ///
773 ///停止身分角色模拟。
774 ///
775 public void StopImpersonate()
776 {
777 _imperContext.Undo();
778 CloseHandle(_dupeToken);
779 CloseHandle(_adminToken);
780 _bClosed = true;
781 }
782 }
783 }
784 =====================================================
785
786 简单的应用
787
788 [WebMethod]
789 public string IsAuthenticated(string UserID,string Password)
790 {
791 string _path = "LDAP://" + adm + "/DC=lamda,DC=com,DC=cn";//"LDAP://172.75.200.1/DC=名字,DC=com,DC=cn";
792 string _filterAttribute=null;
793
794 DirectoryEntry entry = new DirectoryEntry(_path,UserID,Password);
795
796 try
797 {
798 //Bind to the native AdsObject to force authentication.
799 DirectorySearcher search = new DirectorySearcher(entry);
800 search.Filter = "(SAMAccountName=" + UserID + ")";
801 SearchResult result = search.FindOne();
802
803 if(null == result)
804 {
805 _filterAttribute="登录失败: 未知的用户名或错误密码.";
806 }
807 else
808 {
809 _filterAttribute="true";
810 }
811
812 }
813 catch (Exception ex)
814 {
815 // if(ex.Message.StartsWith("该服务器不可操作"))
816 // {
817 // string mail = ADO.GetConnString("mail");
818 // entry.Path = "LDAP://"+mail+"/OU=名字,DC=it2004,DC=gree,DC=com,DC=cn";
819 // try
820 // {
821 // DirectorySearcher search = new DirectorySearcher(entry);
822 // search.Filter = "(SAMAccountName=" + UserID + ")";
823 // SearchResult result = search.FindOne();
824 //
825 // if(null == result)
826 // {
827 // _filterAttribute="登录失败: 未知的用户名或错误密码.";
828 // }
829 // else
830 // {
831 // _filterAttribute="true";
832 // }
833 // return _filterAttribute;
834 //
835 // }
836 // catch (Exception ex1)
837 // {
838 // return ex1.Message;
839 // }
840 //
841 // }
842 // else
843 return ex.Message;
844 }
845 return _filterAttribute;
846 }
847 [WebMethod]
848 public string[] LDAPMessage(string UserID)
849 {
850 string _path = "LDAP://"+adm+"/DC=it2004,DC=名字,DC=com,DC=cn";
851 string[] _filterAttribute=new string[5];
852 string[] msg = {"samaccountname","displayname","department","company"};
853
854 DirectoryEntry entry = new DirectoryEntry(_path,"180037","790813");
855
856
857 try
858 {
859
860
861 Object obj = entry.NativeObject;
862
863 DirectorySearcher search = new DirectorySearcher(entry);
864 search.Filter = "(SAMAccountName=" + UserID + ")";
865 SearchResult result = search.FindOne();
866
867
868 if(null == result)
869 {
870 _filterAttribute[0]="登录失败: 未知的用户名或错误密码.";
871 }
872 else
873 {
874 _filterAttribute[0]="true";
875 for(int propertyCounter = 1; propertyCounter < 5; propertyCounter++)
876 {
877
878 if(propertyCounter==4 && result.Properties[msg[propertyCounter-1]][0]==null)
879 break;
880 _filterAttribute[propertyCounter]=result.Properties[msg[propertyCounter-1]][0].ToString();
881
882 }
883 }
884
885 }
886 catch (Exception ex)
887 {
888 //_filterAttribute[0]=ex.Message;
889 }
890 return _filterAttribute;
891 }
892 [WebMethod]
893 public string[] AllMembers()
894 {
895
896 string[] msg;
897 string _path = "LDAP://名字";
898
899 DirectoryEntry entry = new DirectoryEntry(_path,"180037","790813");
900
901
902 //Bind to the native AdsObject to force authentication.
903 Object obj = entry.NativeObject;
904
905 System.DirectoryServices.DirectorySearcher mySearcher = new System.DirectoryServices.DirectorySearcher(entry);
906 mySearcher.Filter = "(SAMAccountName=180037)";
907 msg=new string[mySearcher.FindAll().Count];
908 int i=0;
909 foreach(System.DirectoryServices.SearchResult result in mySearcher.FindAll())
910 {
911 msg[i++]=result.Path;
912 }
913 return msg;
914 }
915
916 }