我在尋找解決我的問題的最佳解決方案,我們想要做的就是使用Active Directory作爲我們的基本登錄名,所以我們不必管理密碼等。但不是使用AD組,我們想創建自定義角色。所以我可能有一個角色將等於5個不同的AD組。通過Active Directory登錄使用自定義角色的最佳方式
我在做的是通過c#將特定組中的所有用戶轉儲到鏈接到roleid到userid表的自定義用戶表。任何人對此有任何想法?但是我也需要以某種方式管理自定義用戶表,如果有人從其中一個組中刪除,那麼他們需要鬆開訪問權限,不知道如何處理該用戶表。
目前我的方法看起來是這樣的:
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "SETON"))
{
//Gets all Users in a AD Group
using (GroupPrincipal grp = GroupPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, groupName))
{
//Mkae sure group is not null
if (grp != null)
{
foreach (Principal p in grp.GetMembers())
{
//Sets up Variables to enter into Finance User Table
string UserName = p.SamAccountName;
string DisplayName = p.Name;
string emailAddress = p.UserPrincipalName;
//Get users detials by user
using (UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, UserName))
{
if (userPrincipal != null)
{
//Test to see if user is in AD Group
bool inRole = userPrincipal.IsMemberOf(grp);
if (inRole)
{
//Test to See if UserName already exists in Finance User Table
var ds = User.GetUserList(UserName);
//If don't exist add them and to the new Role
if (ds.Tables[0].Rows.Count == 0)
{
//Add User to FinanceUSer Table
Seton.Roster.User user = new User();
user.UserName = UserName;
user.Name = DisplayName;
int id = user.Save();
//Get RoleID by RoleName with Method
var roleDS = SecurityRole.GetRoleList(roleName);
if (roleDS.Tables[0].Rows.Count > 0)
{
var roleDR = roleDS.Tables[0].Rows[0];
int roleid = Convert.ToInt32(roleDR["roleid"].ToString());
SecurityRoleUserLink.AddNewLink(roleid, id);
}
}
//if they exist just Get thier userid and add them to new Role
else
{
//Get UserID of existing FinanceUser
var userDR = ds.Tables[0].Rows[0];
int id = Convert.ToInt32(userDR["userid"].ToString());
//Get RoleID by RoleName with Method
var roleDS = SecurityRole.GetRoleList(roleName);
if (roleDS.Tables[0].Rows.Count > 0)
{
var roleDR = roleDS.Tables[0].Rows[0];
int roleid = Convert.ToInt32(roleDR["roleid"].ToString());
//Test to see if user already in this role
if(!SecurityRoleUserLink.UserInRole(id,roleid))
SecurityRoleUserLink.AddNewLink(roleid, id);