域操做類ADHelper
可是我測試了老是彈出api
登陸失敗: 未知的用戶名或錯誤密碼。跨域
存在於588行服務器
關閉後,進入DC查看用戶已經添加可是是被禁用的~也就說啓用用戶這個方法沒有寫對?仍是咋的緣由!dom
代碼以下:ide
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.DirectoryServices;
using System.Runtime.InteropServices;
using System.Security.Principal;函數
namespace Staff_Management_system_of_CDUESTC
{
///
///活動目錄輔助類。封裝一系列活動目錄操做相關的方法。
///
public sealed class ADHelper
{
///
///域名
///
private static string DomainName = "cduestc";
///
/// LDAP 地址
///
private static string LDAPDomain = "DC=cduestc,DC=local";
///
/// LDAP綁定路徑
///
private static string ADPath = "LDAP://cduestc.local";
///
///登陸賬號
///
private static string ADUser = "Administrator";
///
///登陸密碼
///
private static string ADPassword = "123!";
///
///扮演類實例
///
private static IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName);測試
///
///用戶登陸驗證結果
///
public enum LoginResult
{
///
///正常登陸
///
LOGIN_USER_OK = 0,
///
///用戶不存在
///
LOGIN_USER_DOESNT_EXIST,
///
///用戶賬號被禁用
///
LOGIN_USER_ACCOUNT_INACTIVE,
///
///用戶密碼不正確
///
LOGIN_USER_PASSWORD_INCORRECT
}ui
///
///用戶屬性定義標誌
///
public enum ADS_USER_FLAG_ENUM
{
///
///登陸腳本標誌。若是經過 ADSI LDAP 進行讀或寫操做時,該標誌失效。若是經過 ADSI WINNT,該標誌爲只讀。
///
ADS_UF_SCRIPT = 0X0001,
///
///用戶賬號禁用標誌
///
ADS_UF_ACCOUNTDISABLE = 0X0002,
///
///主文件夾標誌
///
ADS_UF_HOMEDIR_REQUIRED = 0X0008,
///
///過時標誌
///
ADS_UF_LOCKOUT = 0X0010,
///
///用戶密碼不是必須的
///
ADS_UF_PASSWD_NOTREQD = 0X0020,
///
///密碼不能更改標誌
///
ADS_UF_PASSWD_CANT_CHANGE = 0X0040,
///
///使用可逆的加密保存密碼
///
ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,
///
///本地賬號標誌
///
ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100,
///
///普通用戶的默認賬號類型
///
ADS_UF_NORMAL_ACCOUNT = 0X0200,
///
///跨域的信任賬號標誌
///
ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800,
///
///工做站信任賬號標誌
///
ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x1000,
///
///服務器信任賬號標誌
///
ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000,
///
///密碼永不過時標誌
///
ADS_UF_DONT_EXPIRE_PASSWD = 0X10000,
///
/// MNS 賬號標誌
///
ADS_UF_MNS_LOGON_ACCOUNT = 0X20000,
///
///交互式登陸必須使用智能卡
///
ADS_UF_SMARTCARD_REQUIRED = 0X40000,
///
///當設置該標誌時,服務賬號(用戶或計算機賬號)將經過 Kerberos 委託信任
///
ADS_UF_TRUSTED_FOR_DELEGATION = 0X80000,
///
///當設置該標誌時,即便服務賬號是經過 Kerberos 委託信任的,敏感賬號不能被委託
///
ADS_UF_NOT_DELEGATED = 0X100000,
///
///此賬號須要 DES 加密類型
///
ADS_UF_USE_DES_KEY_ONLY = 0X200000,
///
///不要進行 Kerberos 預身份驗證
///
ADS_UF_DONT_REQUIRE_PREAUTH = 0X4000000,
///
///用戶密碼過時標誌
///
ADS_UF_PASSWORD_EXPIRED = 0X800000,
///
///用戶賬號可委託標誌
///
ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0X1000000
}加密
public ADHelper()
{
//
}spa
#region GetDirectoryObject
///
///得到DirectoryEntry對象實例,以管理員登錄AD
///
///
private static DirectoryEntry GetDirectoryObject()
{
DirectoryEntry entry = new DirectoryEntry(ADPath, ADUser, ADPassword, AuthenticationTypes.Secure);
return entry;
}
///
///根據指定用戶名和密碼得到相應DirectoryEntry實體
///
///
///
///
private static DirectoryEntry GetDirectoryObject(string userName, string password)
{
DirectoryEntry entry = new DirectoryEntry(ADPath, userName, password, AuthenticationTypes.None);
return entry;
}
///
/// i.e. /CN=Users,DC=creditsights, DC=cyberelves, DC=Com
///
///
///
private static DirectoryEntry GetDirectoryObject(string domainReference)
{
DirectoryEntry entry = new DirectoryEntry(ADPath + domainReference, ADUser, ADPassword, AuthenticationTypes.Secure);
return entry;
}
///
///得到以UserName,Password建立的DirectoryEntry
///
///
///
///
///
private static DirectoryEntry GetDirectoryObject(string domainReference, string userName, string password)
{
DirectoryEntry entry = new DirectoryEntry(ADPath + domainReference, userName, password, AuthenticationTypes.Secure);
return entry;
}
#endregion
#region GetDirectoryEntry
///
///根據用戶公共名稱取得用戶的 對象
///
/// 用戶公共名稱
///若是找到該用戶,則返回用戶的 對象;不然返回 null
public static DirectoryEntry GetDirectoryEntry(string commonName)
{
DirectoryEntry de = GetDirectoryObject();
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
de = new DirectoryEntry(result.Path);
return de;
}
catch
{
return null;
}
}
///
///根據用戶公共名稱和密碼取得用戶的 對象。
///
///用戶公共名稱
///用戶密碼
///若是找到該用戶,則返回用戶的 對象;不然返回 null
public static DirectoryEntry GetDirectoryEntry(string commonName, string password)
{
DirectoryEntry de = GetDirectoryObject(commonName, password);
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
de = new DirectoryEntry(result.Path);
return de;
}
catch
{
return null;
}
}
///
///根據用戶賬號稱取得用戶的 對象
///
/// 用戶賬號名
///若是找到該用戶,則返回用戶的 對象;不然返回 null
public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName)
{
DirectoryEntry de = GetDirectoryObject();
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
de = new DirectoryEntry(result.Path);
return de;
}
catch
{
return null;
}
}
///
///根據用戶賬號和密碼取得用戶的 對象
///
///用戶賬號名
///用戶密碼
///若是找到該用戶,則返回用戶的 對象;不然返回 null
public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName, string password)
{
DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);
if (de != null)
{
string commonName = de.Properties["cn"][0].ToString();
if (GetDirectoryEntry(commonName, password) != null)
return GetDirectoryEntry(commonName, password);
else
return null;
}
else
{
return null;
}
}
///
///根據組名取得用戶組的 對象
///
/// 組名
///
public static DirectoryEntry GetDirectoryEntryOfGroup(string groupName)
{
DirectoryEntry de = GetDirectoryObject();
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(objectClass=group)(cn=" + groupName + "))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
de = new DirectoryEntry(result.Path);
return de;
}
catch
{
return null;
}
}
#endregion
#region GetProperty
///
///得到指定 指定屬性名對應的值
///
///
/// 屬性名稱
///屬性值
public static string GetProperty(DirectoryEntry de, string propertyName)
{
if (de.Properties.Contains(propertyName))
{
return de.Properties[propertyName][0].ToString();
}
else
{
return string.Empty;
}
}
///
///得到指定搜索結果 中指定屬性名對應的值
///
///
/// 屬性名稱
///屬性值
public static string GetProperty(SearchResult searchResult, string propertyName)
{
if (searchResult.Properties.Contains(propertyName))
{
return searchResult.Properties[propertyName][0].ToString();
}
else
{
return string.Empty;
}
}
#endregion
///
///設置指定 的屬性值
///
///
/// 屬性名稱
/// 屬性值
public static void SetProperty(DirectoryEntry de, string propertyName, string propertyValue)
{
if (propertyValue != string.Empty || propertyValue != "" || propertyValue != null)
{
if (de.Properties.Contains(propertyName))
{
de.Properties[propertyName][0] = propertyValue;
}
else
{
de.Properties[propertyName].Add(propertyValue);
}
}
}
///
///建立新的用戶
///
/// DN 位置。例如:OU=共享平臺 或 CN=Users
/// 公共名稱
/// 賬號
/// 密碼
///
public static DirectoryEntry CreateNewUser(string ldapDN, string commonName, string sAMAccountName, string password)
{
DirectoryEntry entry = GetDirectoryObject();
DirectoryEntry subEntry = entry.Children.Find(ldapDN);
DirectoryEntry deUser = subEntry.Children.Add("CN=" + commonName, "user");
deUser.Properties["sAMAccountName"].Value = sAMAccountName;
deUser.CommitChanges();
ADHelper.EnableUser(commonName);
ADHelper.SetPassword(commonName, password);
deUser.Close();
return deUser;
}
///
///建立新的用戶。默認建立在 Users 單元下。
///
/// 公共名稱
/// 賬號
/// 密碼
///
public static DirectoryEntry CreateNewUser(string commonName, string sAMAccountName, string password)
{
return CreateNewUser("CN=Users", commonName, sAMAccountName, password);
}
///
///判斷指定公共名稱的用戶是否存在
///
/// 用戶公共名稱
///若是存在,返回 true;不然返回 false
public static bool IsUserExists(string commonName)
{
DirectoryEntry de = GetDirectoryObject();
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))"; // LDAP 查詢串
SearchResultCollection results = deSearch.FindAll();
if (results.Count == 0)
return false;
else
return true;
}
///
///判斷用戶賬號是否激活
///
/// 用戶賬號屬性控制器
///若是用戶賬號已經激活,返回 true;不然返回 false
public static bool IsAccountActive(int userAccountControl)
{
int userAccountControl_Disabled = Convert.ToInt32(ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE);
int flagExists = userAccountControl & userAccountControl_Disabled;
if (flagExists > 0)
return false;
else
return true;
}
///
///判斷用戶與密碼是否足夠以知足身份驗證進而登陸
///
/// 用戶公共名稱
/// 密碼
///如能可正常登陸,則返回 true;不然返回 false
public static LoginResult Login(string commonName, string password)
{
DirectoryEntry de = GetDirectoryEntry(commonName);
if (de != null)
{
// 必須在判斷用戶密碼正確前,對賬號激活屬性進行判斷;不然將出現異常。
int userAccountControl = Convert.ToInt32(de.Properties["userAccountControl"][0]);
de.Close();
if (!IsAccountActive(userAccountControl))
return LoginResult.LOGIN_USER_ACCOUNT_INACTIVE;
if (GetDirectoryEntry(commonName, password) != null)
return LoginResult.LOGIN_USER_OK;
else
return LoginResult.LOGIN_USER_PASSWORD_INCORRECT;
}
else
{
return LoginResult.LOGIN_USER_DOESNT_EXIST;
}
}
///
///判斷用戶賬號與密碼是否足夠以知足身份驗證進而登陸
///
/// 用戶賬號
/// 密碼
///如能可正常登陸,則返回 true;不然返回 false
public static LoginResult LoginByAccount(string sAMAccountName, string password)
{
DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);
if (de != null)
{
// 必須在判斷用戶密碼正確前,對賬號激活屬性進行判斷;不然將出現異常。
int userAccountControl = Convert.ToInt32(de.Properties["userAccountControl"][0]);
de.Close();
if (!IsAccountActive(userAccountControl))
return LoginResult.LOGIN_USER_ACCOUNT_INACTIVE;
if (GetDirectoryEntryByAccount(sAMAccountName, password) != null)
return LoginResult.LOGIN_USER_OK;
else
return LoginResult.LOGIN_USER_PASSWORD_INCORRECT;
}
else
{
return LoginResult.LOGIN_USER_DOESNT_EXIST;
}
}
///
///設置用戶密碼,管理員能夠經過它來修改指定用戶的密碼。
///
/// 用戶公共名稱
/// 用戶新密碼
public static void SetPassword(string commonName, string newPassword)
{
DirectoryEntry de = GetDirectoryEntry(commonName);
// 模擬超級管理員,以達到有權限修改用戶密碼
impersonate.BeginImpersonate();
de.Invoke("SetPassword", new object[] { newPassword });
impersonate.StopImpersonate();
de.Close();
}
///
///設置賬號密碼,管理員能夠經過它來修改指定賬號的密碼。
///
/// 用戶賬號
/// 用戶新密碼
public static void SetPasswordByAccount(string sAMAccountName, string newPassword)
{
DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);
// 模擬超級管理員,以達到有權限修改用戶密碼
IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName);
impersonate.BeginImpersonate();
de.Invoke("SetPassword", new object[] { newPassword });
impersonate.StopImpersonate();
de.Close();
}
///
///修改用戶密碼
///
/// 用戶公共名稱
/// 舊密碼
/// 新密碼
public static void ChangeUserPassword(string commonName, string oldPassword, string newPassword)
{
// to-do: 須要解決密碼策略問題
DirectoryEntry oUser = GetDirectoryEntry(commonName);
oUser.Invoke("ChangePassword", new Object[] { oldPassword, newPassword });
oUser.Close();
}
///
///啓用指定公共名稱的用戶
///
/// 用戶公共名稱
public static void EnableUser(string commonName)
{
EnableUser(GetDirectoryEntry(commonName));
}
///
///啓用指定 的用戶
///
///
public static void EnableUser(DirectoryEntry de)
{
impersonate.BeginImpersonate();
de.Properties["userAccountControl"][0] = ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD;
de.CommitChanges();
impersonate.StopImpersonate();
de.Close();
}
///
///禁用指定公共名稱的用戶
///
/// 用戶公共名稱
public static void DisableUser(string commonName)
{
DisableUser(GetDirectoryEntry(commonName));
}
///
///禁用指定 的用戶
///
///
public static void DisableUser(DirectoryEntry de)
{
impersonate.BeginImpersonate();
de.Properties["userAccountControl"][0] = ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE;
de.CommitChanges();
impersonate.StopImpersonate();
de.Close();
}
///
///將指定的用戶添加到指定的組中。默認爲 Users 下的組和用戶。
///
/// 用戶公共名稱
/// 組名
public static void AddUserToGroup(string userCommonName, string groupName)
{
DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);
DirectoryEntry oUser = GetDirectoryEntry(userCommonName);
impersonate.BeginImpersonate();
oGroup.Properties["member"].Add(oUser.Properties["distinguishedName"].Value);
oGroup.CommitChanges();
impersonate.StopImpersonate();
oGroup.Close();
oUser.Close();
}
///
///將用戶從指定組中移除。默認爲 Users 下的組和用戶。
///
/// 用戶公共名稱
/// 組名
public static void RemoveUserFromGroup(string userCommonName, string groupName)
{
DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);
DirectoryEntry oUser = GetDirectoryEntry(userCommonName);
impersonate.BeginImpersonate();
oGroup.Properties["member"].Remove(oUser.Properties["distinguishedName"].Value);
oGroup.CommitChanges();
impersonate.StopImpersonate();
oGroup.Close();
oUser.Close();
}
}
///
///用戶模擬角色類。實如今程序段內進行用戶角色模擬。
///
public class IdentityImpersonation
{
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);
// 要模擬的用戶的用戶名、密碼、域(機器名)
private String _sImperUsername;
private String _sImperPassword;
private String _sImperDomain;
// 記錄模擬上下文
private WindowsImpersonationContext _imperContext;
private IntPtr _adminToken;
private IntPtr _dupeToken;
// 是否已中止模擬
private Boolean _bClosed;
///
///構造函數
///
/// 所要模擬的用戶的用戶名
/// 所要模擬的用戶的密碼
/// 所要模擬的用戶所在的域
public IdentityImpersonation(String impersonationUsername, String impersonationPassword, String impersonationDomain)
{
_sImperUsername = impersonationUsername;
_sImperPassword = impersonationPassword;
_sImperDomain = impersonationDomain;
_adminToken = IntPtr.Zero;
_dupeToken = IntPtr.Zero;
_bClosed = true;
}
///
///析構函數
///
~IdentityImpersonation()
{
if (!_bClosed)
{
StopImpersonate();
}
}
///
///開始身份角色模擬。
///
///
public Boolean BeginImpersonate()
{
Boolean bLogined = LogonUser(_sImperUsername, _sImperDomain, _sImperPassword, 2, 0, ref _adminToken);
if (!bLogined)
{
return false;
}
Boolean bDuped = DuplicateToken(_adminToken, 2, ref _dupeToken);
if (!bDuped)
{
return false;
}
WindowsIdentity fakeId = new WindowsIdentity(_dupeToken);
_imperContext = fakeId.Impersonate();
_bClosed = false;
return true;
}
/// ///中止身分角色模擬。 /// public void StopImpersonate() { _imperContext.Undo(); CloseHandle(_dupeToken); CloseHandle(_adminToken); _bClosed = true; } } }
- 1. C#操做域用戶ADHelper
- 2. 位域操做
- 3. Cookie跨域操做
- 4. C++ 類做用域
- 5. 類的做用域
- 6. redis操做類
- 7. MySQL操做類
- 8. File類操做
- 9. jquery類操做
- 10. UUID操做類
- 更多相關文章...
- • CIDR(無類域間路由)是什麼? - TCP/IP教程
- • 網站 域名 - 網站主機教程
- • Kotlin學習(二)基本類型
- • PHP Ajax 跨域問題最佳解決方案
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 升級Gradle後報錯Gradle‘s dependency cache may be corrupt (this sometimes occurs
- 2. Smarter, Not Harder
- 3. mac-2019-react-native 本地環境搭建(xcode-11.1和android studio3.5.2中Genymotion2.12.1 和VirtualBox-5.2.34 )
- 4. 查看文件中關鍵字前後幾行的內容
- 5. XXE萌新進階全攻略
- 6. Installation failed due to: ‘Connection refused: connect‘安卓studio端口占用
- 7. zabbix5.0通過agent監控winserve12
- 8. IT行業UI前景、潛力如何?
- 9. Mac Swig 3.0.12 安裝
- 10. Windows上FreeRDP-WebConnect是一個開源HTML5代理,它提供對使用RDP的任何Windows服務器和工作站的Web訪問
- 1. C#操做域用戶ADHelper
- 2. 位域操做
- 3. Cookie跨域操做
- 4. C++ 類做用域
- 5. 類的做用域
- 6. redis操做類
- 7. MySQL操做類
- 8. File類操做
- 9. jquery類操做
- 10. UUID操做類