我有一个 Web 应用程序,它使用我们的 Active Directory 针对 Windows 身份验证运行.我有一个新要求,从 Active Directory 条目中提取一些个人信息.获取这些信息的最简单方法是什么?
I've got a web application that is running against Windows Authentication using our Active Directory. I've got a new requirement to pull some personal information through from the Active Directory entry. What would be the easiest way to get access to this information?
通过 DirectoryEntry 直接访问用户似乎是最直接的方法.以下是我从我的第一个 AD 相关项目中学到的一些 AD 相关花絮:
Accessing the user directly through a DirectoryEntry seems like the most straightforward approach. Here are some AD-related tidbits I learned from my first AD-related project:
如果您不知道用户的目录条目,则可能需要使用 DirectorySearcher 来获取用户的目录条目(您不会,只要让他登录即可).使用它相当容易,但要注意 LDAP 语法中的怪癖;即,必须对非 ASCII(和其他?)字符进行编码.您使用的搜索字符串可能类似于:(&(sAMAccountName=whatever)(class=user)).这在我的脑海里,可能有点不正确.
You'll probably need to use DirectorySearcher to get your user's directory entry if you don't know its path (which you wouldn't, just by having him logged in). Using it was fairly easy but beware of the quirks in LDAP syntax; namely, having to encode non-ASCII (and other?) characters. The search string you'd use would probably be something like: (&(sAMAccountName=whatever)(class=user)). This is off the top of my head and may be slightly incorrect.
Active Directory 架构参考有用.请了解架构可以修改和扩展(例如,安装 Exchange 会向用户添加邮箱信息).
The Active Directory schema reference will be useful. Do understand that the schema can be modified and extended (e.g. installing Exchange will add mailbox information to users).
AD Explorer 是一个有用的工具,可用于调试和低级 AD 数据管理.当我知道要设置哪个属性但在 AD 管理工具中找不到正确的对话框时,我发现它很有用.
AD Explorer is a useful tool which you can use for debugging and low-level AD data management. I've found it useful when I know which property I want to set but cannot find the right dialog box in the AD management tool.
这篇关于Active Directory:检索用户信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!