none
windows验证 IPrincipal. IsInRole(String Role) 的 role指的是什么? RRS feed

  • 问题

  • windows验证

    IPrincipal. IsInRole(String Role)的 role指的是什么?

    字面上来说应该是AD里面的角色,那么跟user,group有什么区别呢?

     

     

     AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
     IPrincipal prin = System.Threading.Thread.CurrentPrincipal;

     bool roleFlg = prin.IsInRole(@"BUILTIN\Administrators"); //true
     bool roleFlg2 = prin.IsInRole(@"DomainName\GroupName"); //false

    上面代码是判断当前用户的角色的,

    roleFlg 为true

    但roleFlg2为false

     

    2009年1月16日 1:32

答案

  • role是角色。参考System.Security.Principal.WindowsBuiltInRole
    2009年1月16日 2:55
    版主
  • 你好,所谓角色就是指管理员、Guest等等。
    具体的你可以参考下MSDN上的代码。
    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using System.Threading;
    using System.Security.Principal;

    namespace ConsoleSecurity
    {
        class Program
        {
            static void Main(string[] args)
            {

                AppDomain myDomain = Thread.GetDomain();

                myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
                WindowsPrincipal myPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal;
                Console.WriteLine("{0} belongs to: ", myPrincipal.Identity.Name.ToString());
                Array wbirFields = Enum.GetValues(typeof(WindowsBuiltInRole));
                foreach (object roleName in wbirFields)
                {
                    try
                    {
                        // Cast the role name to a RID represented by the WindowsBuildInRole value.
                        Console.WriteLine("{0}? {1}.", roleName,
                            myPrincipal.IsInRole((WindowsBuiltInRole)roleName));
                        Console.WriteLine("The RID for this role is: " + ((int)roleName).ToString());

                    }
                    catch (Exception)
                    {
                        Console.WriteLine("{0}: Could not obtain role for this RID.",
                            roleName);
                    }
                }
                // Get the role using the string value of the role.
                Console.WriteLine("{0}? {1}.", "Administrators",
                    myPrincipal.IsInRole("BUILTIN\\" + "Administrators"));
                Console.WriteLine("{0}? {1}.", "Users",
                    myPrincipal.IsInRole("BUILTIN\\" + "Users"));
                // Get the role using the WindowsBuiltInRole enumeration value.
                Console.WriteLine("{0}? {1}.", WindowsBuiltInRole.Administrator,
                   myPrincipal.IsInRole(WindowsBuiltInRole.Administrator));
                // Get the role using the WellKnownSidType.
                SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
                Console.WriteLine("WellKnownSidType BuiltinAdministratorsSid  {0}? {1}.", sid.Value, myPrincipal.IsInRole(sid));

            }
        }
    }

    2009年1月20日 3:23

全部回复

  • 自己顶一下

    bool roleFlg2 = prin.IsInRole(@"DomainName\GroupName"); 好像变true了

    昨天刚把自己加到测试的GroupName的group里,没有重新登陆domain,

    难道是这个原因?今天roleFlg2是true了

     

     

    但是

    AD里面的角色,跟user,group到底有什么区别呢?
    2009年1月16日 2:44
  • role是角色。参考System.Security.Principal.WindowsBuiltInRole
    2009年1月16日 2:55
    版主
  • 你好,所谓角色就是指管理员、Guest等等。
    具体的你可以参考下MSDN上的代码。
    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    using System.Threading;
    using System.Security.Principal;

    namespace ConsoleSecurity
    {
        class Program
        {
            static void Main(string[] args)
            {

                AppDomain myDomain = Thread.GetDomain();

                myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
                WindowsPrincipal myPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal;
                Console.WriteLine("{0} belongs to: ", myPrincipal.Identity.Name.ToString());
                Array wbirFields = Enum.GetValues(typeof(WindowsBuiltInRole));
                foreach (object roleName in wbirFields)
                {
                    try
                    {
                        // Cast the role name to a RID represented by the WindowsBuildInRole value.
                        Console.WriteLine("{0}? {1}.", roleName,
                            myPrincipal.IsInRole((WindowsBuiltInRole)roleName));
                        Console.WriteLine("The RID for this role is: " + ((int)roleName).ToString());

                    }
                    catch (Exception)
                    {
                        Console.WriteLine("{0}: Could not obtain role for this RID.",
                            roleName);
                    }
                }
                // Get the role using the string value of the role.
                Console.WriteLine("{0}? {1}.", "Administrators",
                    myPrincipal.IsInRole("BUILTIN\\" + "Administrators"));
                Console.WriteLine("{0}? {1}.", "Users",
                    myPrincipal.IsInRole("BUILTIN\\" + "Users"));
                // Get the role using the WindowsBuiltInRole enumeration value.
                Console.WriteLine("{0}? {1}.", WindowsBuiltInRole.Administrator,
                   myPrincipal.IsInRole(WindowsBuiltInRole.Administrator));
                // Get the role using the WellKnownSidType.
                SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
                Console.WriteLine("WellKnownSidType BuiltinAdministratorsSid  {0}? {1}.", sid.Value, myPrincipal.IsInRole(sid));

            }
        }
    }

    2009年1月20日 3:23