問題描述

我們剛剛為用戶提供了一個新的用戶創建應用程序.然而，這些用戶需要能夠通過應用程序創建用戶，即使他們自己沒有創建用戶的權限.

There is a new user creation application that we have just provided our users. However these users need the ability to creation users through the application even though they themselves do not have permission to create users.

在 C# 中，您如何模擬其他用戶以獲得此功能.此應用程序主要使用 System.DirectoryServices.

In C# how do you impersonate another user in order to have this functionality. This application primary using System.DirectoryServices.

代碼片段:

DirectoryEntry dEntry = new DirectoryEntry("LDAP://OU=");
DirectorySearcher dSearcher = new DirectorySearcher(dEntry);
//filter just user objects
dSearcher.SearchScope = SearchScope.Subtree;
dSearcher.Filter = "(&(objectClass=user)(mail=" + excel_Holding_Table.Rows[i]["EmailAddress"].ToString() + "))";
dSearcher.PageSize = 1000;
sResults = dSearcher.FindAll();

推薦答案

您可以使用 DirectoryEntry 類直接指定用戶名和密碼:

You can use the DirectoryEntry class directly and specify the username and password:

DirectoryEntry de = new DirectoryEntry(path);

de.Username = "username";
de.Password = "password";

并從 de 對象訪問 Active Directory.或者您可以使用 WindowsIdentity 類并模擬用戶:

And access Active Directory from the de object. Or you can use the WindowsIdentity class and and impersonate a User:

WindowsIdentity newId = new WindowsIdentity(safeTokenHandle.DangerousGetHandle());
WindowsImpersonationContext impersonatedUser = newId.Impersonate();

完整代碼示例位于:

模擬和目錄條目

這篇關于C# 使用不同的用戶憑據訪問活動目錄的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！