我在寻找解决我的问题的最佳解决方案,我们想要做的就是使用Active Directory作为我们的基本登录名,所以我们不必管理密码等。但不是使用AD组,我们想创建自定义角色。所以我可能有一个角色将等于5个不同的AD组。通过Active Directory登录使用自定义角色的最佳方式
我在做的是通过c#将特定组中的所有用户转储到链接到roleid到userid表的自定义用户表。任何人对此有任何想法?但是我也需要以某种方式管理自定义用户表,如果有人从其中一个组中删除,那么他们需要松开访问权限,不知道如何处理该用户表。
目前我的方法看起来是这样的:
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "SETON"))
{
//Gets all Users in a AD Group
using (GroupPrincipal grp = GroupPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, groupName))
{
//Mkae sure group is not null
if (grp != null)
{
foreach (Principal p in grp.GetMembers())
{
//Sets up Variables to enter into Finance User Table
string UserName = p.SamAccountName;
string DisplayName = p.Name;
string emailAddress = p.UserPrincipalName;
//Get users detials by user
using (UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, UserName))
{
if (userPrincipal != null)
{
//Test to see if user is in AD Group
bool inRole = userPrincipal.IsMemberOf(grp);
if (inRole)
{
//Test to See if UserName already exists in Finance User Table
var ds = User.GetUserList(UserName);
//If don't exist add them and to the new Role
if (ds.Tables[0].Rows.Count == 0)
{
//Add User to FinanceUSer Table
Seton.Roster.User user = new User();
user.UserName = UserName;
user.Name = DisplayName;
int id = user.Save();
//Get RoleID by RoleName with Method
var roleDS = SecurityRole.GetRoleList(roleName);
if (roleDS.Tables[0].Rows.Count > 0)
{
var roleDR = roleDS.Tables[0].Rows[0];
int roleid = Convert.ToInt32(roleDR["roleid"].ToString());
SecurityRoleUserLink.AddNewLink(roleid, id);
}
}
//if they exist just Get thier userid and add them to new Role
else
{
//Get UserID of existing FinanceUser
var userDR = ds.Tables[0].Rows[0];
int id = Convert.ToInt32(userDR["userid"].ToString());
//Get RoleID by RoleName with Method
var roleDS = SecurityRole.GetRoleList(roleName);
if (roleDS.Tables[0].Rows.Count > 0)
{
var roleDR = roleDS.Tables[0].Rows[0];
int roleid = Convert.ToInt32(roleDR["roleid"].ToString());
//Test to see if user already in this role
if(!SecurityRoleUserLink.UserInRole(id,roleid))
SecurityRoleUserLink.AddNewLink(roleid, id);