从Active Directory中获取用户信息

在用户通过AD验证后《基于Active Directory的用户验证》，下一步检索用户信息并显示。

1. 从AD中检索用户信息

/// <summary>
/// This will return a DirectoryEntry object if the user does exist
/// </summary>
/// <param name="UserName"></param>
/// <returns></returns>
public static DirectoryEntry GetUser(string UserName)
{
      //create an instance of the DirectoryEntry
      DirectoryEntry de = GetDirectoryObject();
      //create instance of the direcory searcher
      DirectorySearcher deSearch = new DirectorySearcher();
      
      deSearch.SearchRoot =de;
      //set the search filter
      deSearch.Filter = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" + UserName + "))";
      deSearch.SearchScope = SearchScope.Subtree;
    
      //find the first instance
      SearchResult results= deSearch.FindOne();
      //if found then return, otherwise return Null
      if(results !=null)
      {
            de= new DirectoryEntry(results.Path,ADUser,ADPassword,AuthenticationTypes.Secure);
            //if so then return the DirectoryEntry object
            return de;
      }
      else
      {
            return null;
      }
}

创建DirectoryEntry对象实例，注意这里的ADUser/ADPassword不是普通用户帐户，而是具有Account Operator或Administrator的权限。 ADPath可以为空，因为轻量目录访问协议 (LDAP) 提供程序依靠 Windows定位器服务来查找客户端的最佳域控制器 (DC)。但是，要利用无服务器绑定功能，客户端必须在 Active Directory 域控制器上具有帐户，而且无服务器绑定所使用的域控制器将始终位于默认域（与执行绑定的线程的当前安全上下文关联的域）中。（From MSDN）

/// <summary>
/// This is an internal method for retreiving a new directoryentry object
/// </summary>
/// <returns></returns>
private static DirectoryEntry GetDirectoryObject()
{
      DirectoryEntry oDE;
      
      oDE = new DirectoryEntry(ADPath, ADUser, ADPassword, AuthenticationTypes.Secure);
      return oDE;
}
2. 示例－简单显示AD中帐户属性及属性值
这里简单以string的形式输出:
public string GetUserInfo(string UserName)
{
      DirectoryEntry objDirEnt= ADHelper.GetUser(UserName);
      StringBuilder sbUserInfo = new StringBuilder();
      sbUserInfo.Append("Name = " +  + Environment.NewLine);
      sbUserInfo.Append("Path = " + objDirEnt.Path + Environment.NewLine + Environment.NewLine);
      sbUserInfo.Append("SchemaClassName = " + objDirEnt.SchemaClassName + Environment.NewLine);
      sbUserInfo.Append("***" + Environment.NewLine);
      sbUserInfo.Append("Properties:" + Environment.NewLine);
      foreach(String Key in objDirEnt.Properties.PropertyNames) 
      {
            sbUserInfo.AppendFormat("\t{0} = ", Key);
            sbUserInfo.Append("");
            foreach(Object objValue in objDirEnt.Properties[Key]) 
            {
                  sbUserInfo.AppendFormat("\t\t{0}" + Environment.NewLine, objValue);
           }
      }
      return sbUserInfo.ToString();
}

也可以直接访问需要的属性：

string strFirstName = =GetProperty(userSearchResult,"givenName");
/// <summary>
/// This is an override that will allow a property to be extracted directly from
/// a searchresult object
/// </summary>
/// <param name="searchResult"></param>
/// <param name="PropertyName"></param>
/// <returns></returns>
public static string GetProperty(SearchResult searchResult, string PropertyName)
{
      if(searchResult.Properties.Contains(PropertyName))
      {
            return searchResult.Properties[PropertyName][0].ToString() ;
      }
      else
      {
            return string.Empty;
      }
}

具体用户界面User Interface，请参考如下Reference 1.

References:

1. Rickie, 更新Active Directory/Exchange Address Book的小工具

2. Craig Aroa, ADHelper - An Active Directory Class, http://www.c-sharpcorner.com/Code/2002/Sept/ADClass.asp

3. Rickie, 基于Active Directory的用户验证