using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Configuration;
using System.DirectoryServices;
using System.Security.Principal;
using System.Runtime.InteropServices;
namespace Common
{
public class DomainManage
{
#region 定义相关参数
///
///域名
/// private static string DomainName = "UFIDA";
private static string DomainName = ConfigurationManager.AppSettings["DomainName"].ToString();
///
/// LDAP绑定路径
/// private static string ADPath = LDAP://192.168.8.199;
private static string ADPath = "LDAP://" + ConfigurationManager.AppSettings["ADPath"].ToString();
///
///登录帐号
/// private static string ADUser = "administrator";
private static string ADUser = ConfigurationManager.AppSettings["ADUser"].ToString();
///
///登录密码
///
private static string ADPassword = ConfigurationManager.AppSettings["ADPassword"].ToString();
#endregion
#region 相关方法
///
///获得DirectoryEntry对象实例,以管理员登陆AD
///
private static DirectoryEntry GetDirectoryObject()
{
DirectoryEntry entry = new DirectoryEntry(ADPath, ADUser, ADPassword, AuthenticationTypes.Secure);
return entry;
}
///
///根据用户帐号称取得用户的 对象
///用户帐号名
///如果找到该用户,则返回用户的 对象;否则返回 null
public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName)
{
DirectoryEntry de = GetDirectoryObject();
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
de = new DirectoryEntry(result.Path);
return de;
}
catch
{
return null;
}
}
///
///设置帐号密码,管理员可以通过它来修改指定帐号的密码。
///
///用户帐号
///用户新密码
public static void SetPasswordByAccount(string sAMAccountName, string newPassword)
{
DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);
// 模拟超级管理员,以达到有权限修改用户密码
IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName);
impersonate.BeginImpersonate();
de.Invoke("SetPassword", new object[] { newPassword });
impersonate.StopImpersonate();
de.Close();
}
#endregion
}
#region 用户模拟角色类。实现在程序段内进行用户角色模拟。
///
///用户模拟角色类。实现在程序段内进行用户角色模拟。
///
public class IdentityImpersonation
{
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);
// 要模拟的用户的用户名、密码、域(机器名)
private String _sImperUsername;
private String _sImperPassword;
private String _sImperDomain;
// 记录模拟上下文
private WindowsImpersonationContext _imperContext;
private IntPtr _adminToken;
private IntPtr _dupeToken;
// 是否已停止模拟 private Boolean _bClosed;
///构造函数
///所要模拟的用户的用户名
///所要模拟的用户的密码
///所要模拟的用户所在的域
public IdentityImpersonation(String impersonationUsername, String impersonationPassword, String impersonationDomain)
{
_sImperUsername = impersonationUsername;
_sImperPassword = impersonationPassword;
_sImperDomain = impersonationDomain;
_adminToken = IntPtr.Zero;
_dupeToken = IntPtr.Zero;
_bClosed = true;
}
///
///析构函数
///
~IdentityImpersonation()
{
if (!_bClosed)
{
StopImpersonate();
}
}
///
///开始身份角色模拟。
///
///
public Boolean BeginImpersonate()
{
Boolean bLogined = LogonUser(_sImperUsername, _sImperDomain, _sImperPassword, 9, 0, ref _adminToken);
if (!bLogined) { return false; }
Boolean bDuped = DuplicateToken(_adminToken, 2, ref _dupeToken);
if (!bDuped) { return false; }
WindowsIdentity fakeId = new WindowsIdentity(_dupeToken);
_imperContext = fakeId.Impersonate();
_bClosed = false;
return true;
}
///
///停止身分角色模拟。
///
public void StopImpersonate()
{
_imperContext.Undo();
CloseHandle(_dupeToken);
CloseHandle(_adminToken);
_bClosed = true;
}
}
#endregion
}