WindowsPrincipal.IsInRole() 未返回预期结果
这是我当前的代码:
List<string> rowGroups = GetFileGroups((int)row.Cells["document_security_type"].Value);
bool found = false;
System.Security.Principal.WindowsPrincipal p = new System.Security.Principal.WindowsPrincipal(System.Security.Principal.WindowsIdentity.GetCurrent());
foreach (string group in rowGroups)
{
if (p.IsInRole(group))
{
found = true;
break;
}
}
这是几个月前由某人完成的,我很难理解为什么它不起作用。 该公司最近刚刚从一个域名转移到另一个域名。 所以我很好奇 p.IsInRole("String") 函数将使用哪个域控制器。 我假设无论计算机使用什么,它都会使用默认的 DC。
奇怪的是,运行该程序的办公室中的计算机可能位于 2 个不同的域中。 在 List 对象中,我有两个可能的域。 因此它可以包含诸如“domainA\groupA”、“domainA\userB”、domainB\groupC”和/或“domainB\userD”之类的项目。
所以我的主要问题是 IsInRole 函数永远不会返回 true。我知道这一点应该,我什至用domainA\Domain 用户测试了它,但仍然得到错误返回。
有什么想法可以更改代码,但我不是 100% 我什至可以编译它......
So here's my current code:
List<string> rowGroups = GetFileGroups((int)row.Cells["document_security_type"].Value);
bool found = false;
System.Security.Principal.WindowsPrincipal p = new System.Security.Principal.WindowsPrincipal(System.Security.Principal.WindowsIdentity.GetCurrent());
foreach (string group in rowGroups)
{
if (p.IsInRole(group))
{
found = true;
break;
}
}
This was done a couple of months ago by someone and I'm having difficulty grasping why its not working. The company has recently just moved from one domain name to another. So I was curious to what domain controller the p.IsInRole("String") function will use. I'm assuming its going to use the default DC by whatever the computer is using.
The odd item is that the computers in the office where this is running could be on 2 seperate domains. In the List<string> object, i've got both domains possible. so it could contain items such as "domainA\groupA", "domainA\userB", domainB\groupC", and/or "domainB\userD".
So my major problem is that the IsInRole function is never returning true. i know it should, i even tested it with domainA\Domain users and still get a false returned.
Any ideas? changing the code is possible, but not wanted. i'm not 100% i can even compile it...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我必须指出,您实际上是否在字符串中正确转义了 '\' 字符? 就像“domainA\\groupA”一样?
I have to point out, are you actually escaping your '\' character correctly inside your strings? As in "domainA\\groupA"?
当人们尝试使用 Active Directory 中的 Outlook 电子邮件列表来实现基于角色的安全性时,我发现了一些问题。 这些显示在 Active Directory 中,很难与实际的安全组(您可以在 ACL 等中引用的安全组)区分开来。 让您的管理员验证您使用的任何组都是安全组。
I've seen problems when people try to use Outlook e-mail lists in Active Directory for role based security. These show up in Active Directory and are hard to tell apart from actual security groups (ones you can reference in ACLs, etc). Have your administrator verify whatever groups you are using are security groups.
好吧,为了解决这个问题,我只需要专门添加该组的每个用户而不是组名称。
Well, to fix the problem I just had to specifically add each user of the group instead of the group name.