碼上快樂

相關內容    簡體    繁體

ADHelper C#域用戶操作(轉)

本文轉載自   查看原文   2014-08-13 13:20   5640    ASP.NET Technical/ CSharp Technical 
using System;
using System.Collections.Generic;
using System.DirectoryServices;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
using System.Threading.Tasks;

namespace ADS.BLL
{
    public class ADHelper
    {
        ///
        ///域名
        ///
        private static string DomainName = ActiveDirectory.GetDomainName; 
        ///
        /// LDAP 地址
        ///
        private static string LDAPDomain = "DC=" + ActiveDirectory.GetDomainName + ",DC=local";
        ///
        /// LDAP綁定路徑
        ///
        private static string ADPath = "LDAP://" + ActiveDirectory.GetDomainName;
        ///
        ///登錄帳號
        ///
        private static string ADUser = ActiveDirectory.GetUserName; //administrator
        ///
        ///登錄密碼
        ///
        private static string ADPassword = ConstantHelper.PASSWORD;
        ///
        ///扮演類實例
        ///
        private static IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName);

        ///
        ///用戶登錄驗證結果
        ///
        public enum LoginResult
        {
            ///
            ///正常登錄
            ///
            LOGIN_USER_OK = 0,
            ///
            ///用戶不存在
            ///
            LOGIN_USER_DOESNT_EXIST,
            ///
            ///用戶帳號被禁用
            ///
            LOGIN_USER_ACCOUNT_INACTIVE,
            ///
            ///用戶密碼不正確
            ///
            LOGIN_USER_PASSWORD_INCORRECT
        }

        ///
        ///用戶屬性定義標志
        ///
        public enum ADS_USER_FLAG_ENUM
        {
            ///
            ///登錄腳本標志。如果通過 ADSI LDAP 進行讀或寫操作時,該標志失效。如果通過 ADSI WINNT,該標志為只讀。
            ///
            ADS_UF_SCRIPT = 0X0001,
            ///
            ///用戶帳號禁用標志
            ///
            ADS_UF_ACCOUNTDISABLE = 0X0002,
            ///
            ///主文件夾標志
            ///
            ADS_UF_HOMEDIR_REQUIRED = 0X0008,
            ///
            ///過期標志
            ///
            ADS_UF_LOCKOUT = 0X0010,
            ///
            ///用戶密碼不是必須的
            ///
            ADS_UF_PASSWD_NOTREQD = 0X0020,
            ///
            ///密碼不能更改標志
            ///
            ADS_UF_PASSWD_CANT_CHANGE = 0X0040,
            ///
            ///使用可逆的加密保存密碼
            ///
            ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,
            ///
            ///本地帳號標志
            ///
            ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100,
            ///
            ///普通用戶的默認帳號類型
            ///
            ADS_UF_NORMAL_ACCOUNT = 0X0200,
            ///
            ///跨域的信任帳號標志
            ///
            ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800,
            ///
            ///工作站信任帳號標志
            ///
            ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x1000,
            ///
            ///服務器信任帳號標志
            ///
            ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000,
            ///
            ///密碼永不過期標志
            ///
            ADS_UF_DONT_EXPIRE_PASSWD = 0X10000,
            ///
            /// MNS 帳號標志
            ///
            ADS_UF_MNS_LOGON_ACCOUNT = 0X20000,
            ///
            ///交互式登錄必須使用智能卡
            ///
            ADS_UF_SMARTCARD_REQUIRED = 0X40000,
            ///
            ///當設置該標志時,服務帳號(用戶或計算機帳號)將通過 Kerberos 委托信任
            ///
            ADS_UF_TRUSTED_FOR_DELEGATION = 0X80000,
            ///
            ///當設置該標志時,即使服務帳號是通過 Kerberos 委托信任的,敏感帳號不能被委托
            ///
            ADS_UF_NOT_DELEGATED = 0X100000,
            ///
            ///此帳號需要 DES 加密類型
            ///
            ADS_UF_USE_DES_KEY_ONLY = 0X200000,
            ///
            ///不要進行 Kerberos 預身份驗證
            ///
            ADS_UF_DONT_REQUIRE_PREAUTH = 0X4000000,
            ///
            ///用戶密碼過期標志
            ///
            ADS_UF_PASSWORD_EXPIRED = 0X800000,
            ///
            ///用戶帳號可委托標志
            ///
            ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0X1000000
        }

        public ADHelper()
        {
           
        }

        #region GetDirectoryObject

        /// <summary>
        /// 獲得DirectoryEntry對象實例,以當前用戶登陸AD
        /// </summary>
        /// <returns></returns>
        private static DirectoryEntry GetDirectoryObject()
        {
            DirectoryEntry entry = new DirectoryEntry(ADPath, ADUser, ADPassword, AuthenticationTypes.Secure);
            return entry;
        }

        /// <summary>
        /// 根據指定用戶名和密碼獲得相應DirectoryEntry實體
        /// </summary>
        /// <param name="userName"></param>
        /// <param name="password"></param>
        /// <returns></returns>
        private static DirectoryEntry GetDirectoryObject(string userName, string password)
        {
            DirectoryEntry entry = new DirectoryEntry(ADPath, userName, password, AuthenticationTypes.None);
            return entry;
        }

        /// <summary>
        /// i.e. /CN=Users,DC=creditsights, DC=cyberelves, DC=Com
        /// </summary>
        /// <param name="domainReference"></param>
        /// <returns></returns>
        private static DirectoryEntry GetDirectoryObject(string domainReference)
        {
            DirectoryEntry entry = new DirectoryEntry(ADPath + domainReference, ADUser, ADPassword, AuthenticationTypes.Secure);
            return entry;
        }

        /// <summary>
        /// 獲得以UserName,Password創建的DirectoryEntry
        /// </summary>
        /// <param name="domainReference"></param>
        /// <param name="userName"></param>
        /// <param name="password"></param>
        /// <returns></returns>
        private static DirectoryEntry GetDirectoryObject(string domainReference, string userName, string password)
        {
            DirectoryEntry entry = new DirectoryEntry(ADPath + domainReference, userName, password, AuthenticationTypes.Secure);
            return entry;
        }

        #endregion

        #region GetDirectoryEntry


        /// <summary>
        ///根據用戶公共名稱取得用戶的對象
        ///用戶公共名稱
        ///如果找到該用戶,則返回用戶的對象;否則返回 null
        /// </summary>
        /// <param name="commonName"></param>
        /// <returns></returns>
        public static DirectoryEntry GetDirectoryEntry(string commonName)
        {
            DirectoryEntry de = GetDirectoryObject();
            DirectorySearcher deSearch = new DirectorySearcher(de);
            deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";
            deSearch.SearchScope = SearchScope.Subtree;

            try
            {
                SearchResult result = deSearch.FindOne();
                de = new DirectoryEntry(result.Path);
            }
            catch
            {
                de = null;
            }
            return de;
        }

        /// <summary>
        ///根據用戶公共名稱和密碼取得用戶的對象。
        ///用戶公共名稱
        ///用戶密碼
        ///如果找到該用戶,則返回用戶的 對象;否則返回null
        /// </summary>
        /// <param name="commonName"></param>
        /// <param name="password"></param>
        /// <returns></returns>
        public static DirectoryEntry GetDirectoryEntry(string commonName, string password)
        {
            DirectoryEntry de = GetDirectoryObject(commonName, password);
            DirectorySearcher deSearch = new DirectorySearcher(de);
            deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";
            deSearch.SearchScope = SearchScope.Subtree;

            try
            {
                SearchResult result = deSearch.FindOne();
                de = new DirectoryEntry(result.Path);
                return de;
            }
            catch
            {
                return null;
            }
        }

        /// <summary>
        ///根據用戶帳號稱取得用戶的對象
        ///用戶帳號名
        ///如果找到該用戶,則返回用戶的對象;否則返回null
        /// </summary>
        /// <param name="sAMAccountName"></param>
        /// <returns></returns>
        public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName)
        {
            DirectoryEntry de = GetDirectoryObject();
            DirectorySearcher deSearch = new DirectorySearcher(de);
            deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
            deSearch.SearchScope = SearchScope.Subtree;

            try
            {
                SearchResult result = deSearch.FindOne();
                de = new DirectoryEntry(result.Path);
            
            }
            catch
            {
                de = null;
            }
            return de;
        }

        /// <summary>
        ///根據用戶帳號和密碼取得用戶的對象
        ///用戶帳號名
        ///用戶密碼
        ///如果找到該用戶,則返回用戶的 對象;否則返回null
        /// </summary>
        /// <param name="sAMAccountName"></param>
        /// <param name="password"></param>
        /// <returns></returns>
        public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName, string password)
        {
            DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);
            if (de != null)
            {
                string commonName = de.Properties["cn"][0].ToString();

                if (GetDirectoryEntry(commonName, password) != null)
                    return GetDirectoryEntry(commonName, password);
                else
                    return null;
            }
            else
            {
                return null;
            }
        }

        /// <summary>
        ///根據組名取得用戶組的對象
        ///組名
        /// </summary>
        /// <param name="groupName"></param>
        /// <returns></returns>
        public static DirectoryEntry GetDirectoryEntryOfGroup(string groupName)
        {
            DirectoryEntry de = GetDirectoryObject();
            DirectorySearcher deSearch = new DirectorySearcher(de);
            deSearch.Filter = "(&(objectClass=group)(cn=" + groupName + "))";
            deSearch.SearchScope = SearchScope.Subtree;

            try
            {
                SearchResult result = deSearch.FindOne();
                de = new DirectoryEntry(result.Path);
                return de;
            }
            catch
            {
                return null;
            }
        }

        #endregion

        #region GetProperty

        /// <summary>
        ///獲得指定屬性名對應的值
        ///屬性名稱
        ///屬性值
        /// </summary>
        /// <param name="de"></param>
        /// <param name="propertyName"></param>
        /// <returns></returns>
        public static string GetProperty(DirectoryEntry de, string propertyName)
        {
            if (de.Properties.Contains(propertyName))
            {
                return de.Properties[propertyName][0].ToString();
            }
            else
            {
                return string.Empty;
            }
        }

        /// <summary>
        ///獲得指定搜索結果中指定屬性名對應的值
        ///屬性名稱
        ///屬性值
        /// </summary>
        /// <param name="searchResult"></param>
        /// <param name="propertyName"></param>
        /// <returns></returns>
        public static string GetProperty(SearchResult searchResult, string propertyName)
        {
            if (searchResult.Properties.Contains(propertyName))
            {
                return searchResult.Properties[propertyName][0].ToString();
            }
            else
            {
                return string.Empty;
            }
        }

        #endregion

        /// <summary>
        ///設置指定的屬性值
        ///屬性名稱
        ///屬性值
        /// </summary>
        /// <param name="de"></param>
        /// <param name="propertyName"></param>
        /// <param name="propertyValue"></param>
        public static void SetProperty(DirectoryEntry de, string propertyName, string propertyValue)
        {
            if (propertyValue != string.Empty || propertyValue != "" || propertyValue != null)
            {
                if (de.Properties.Contains(propertyName))
                {
                    de.Properties[propertyName][0] = propertyValue;
                }
                else
                {
                    de.Properties[propertyName].Add(propertyValue);
                }
            }
        }

        /// <summary>
        ///創建新的用戶
        ///DN 位置。例如:OU=共享平台 或 CN=Users
        ///公共名稱
        ///帳號
        ///密碼
        /// </summary>
        /// <param name="ldapDN"></param>
        /// <param name="commonName"></param>
        /// <param name="sAMAccountName"></param>
        /// <param name="password"></param>
        /// <returns></returns>
        public static DirectoryEntry CreateNewUser(string ldapDN, string commonName, string sAMAccountName, string password)
        {
            DirectoryEntry entry = GetDirectoryObject();
            DirectoryEntry subEntry = entry.Children.Find(ldapDN);
            DirectoryEntry deUser = subEntry.Children.Add("CN=" + commonName, "user");
            deUser.Properties["sAMAccountName"].Value = sAMAccountName;
            deUser.CommitChanges();
            ADHelper.EnableUser(commonName);
            ADHelper.SetPassword(commonName, password);
            deUser.Close();
            return deUser;
        }

        /// <summary>
        ///創建新的用戶。默認創建在Users單元下。
        ///公共名稱
        ///帳號
        ///密碼
        /// </summary>
        /// <param name="commonName"></param>
        /// <param name="sAMAccountName"></param>
        /// <param name="password"></param>
        /// <returns></returns>
        public static DirectoryEntry CreateNewUser(string commonName, string sAMAccountName, string password)
        {
            return CreateNewUser("CN=Users", commonName, sAMAccountName, password);
        }

        /// <summary>
        ///判斷指定公共名稱的用戶是否存在
        ///用戶公共名稱
        ///如果存在,返回true;否則返回false
        /// </summary>
        /// <param name="commonName"></param>
        /// <returns></returns>
        public static bool IsUserExists(string commonName)
        {
            DirectoryEntry de = GetDirectoryObject();
            DirectorySearcher deSearch = new DirectorySearcher(de);
            deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";       // LDAP 查詢串
            SearchResultCollection results = deSearch.FindAll();

            if (results.Count == 0)
                return false;
            else
                return true;
        }

        /// <summary>
        ///判斷用戶帳號是否激活
        ///用戶帳號屬性控制器
        ///如果用戶帳號已經激活,返回true;否則返回false
        /// </summary>
        /// <param name="userAccountControl"></param>
        /// <returns></returns>
        public static bool IsAccountActive(int userAccountControl)
        {
            int userAccountControl_Disabled = Convert.ToInt32(ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE);
            int flagExists = userAccountControl & userAccountControl_Disabled;

            if (flagExists > 0)
                return false;
            else
                return true;
        }

        /// <summary>
        ///判斷用戶與密碼是否足夠以滿足身份驗證進而登錄
        ///用戶公共名稱
        ///密碼
        ///如能可正常登錄,則返回 true;否則返回 false
        /// </summary>
        /// <param name="commonName"></param>
        /// <param name="password"></param>
        /// <returns></returns>
        public static LoginResult Login(string commonName, string password)
        {
            DirectoryEntry de = GetDirectoryEntry(commonName);

            if (de != null)
            {
                // 必須在判斷用戶密碼正確前,對帳號激活屬性進行判斷;否則將出現異常。
                int userAccountControl = Convert.ToInt32(de.Properties["userAccountControl"][0]);
                de.Close();

                if (!IsAccountActive(userAccountControl))
                    return LoginResult.LOGIN_USER_ACCOUNT_INACTIVE;

                if (GetDirectoryEntry(commonName, password) != null)
                    return LoginResult.LOGIN_USER_OK;
                else
                    return LoginResult.LOGIN_USER_PASSWORD_INCORRECT;
            }
            else
            {
                return LoginResult.LOGIN_USER_DOESNT_EXIST;
            }
        }

        /// <summary>
        ///判斷用戶帳號與密碼是否足夠以滿足身份驗證進而登錄
        ///用戶帳號
        ///密碼
        ///如能可正常登錄,則返回true;否則返回false
        /// </summary>
        /// <param name="sAMAccountName"></param>
        /// <param name="password"></param>
        /// <returns></returns>
        public static LoginResult LoginByAccount(string sAMAccountName, string password)
        {
            DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);

            if (de != null)
            {
                // 必須在判斷用戶密碼正確前,對帳號激活屬性進行判斷;否則將出現異常。
                int userAccountControl = Convert.ToInt32(de.Properties["userAccountControl"][0]);
                de.Close();

                if (!IsAccountActive(userAccountControl))
                    return LoginResult.LOGIN_USER_ACCOUNT_INACTIVE;

                if (GetDirectoryEntryByAccount(sAMAccountName, password) != null)
                    return LoginResult.LOGIN_USER_OK;
                else
                    return LoginResult.LOGIN_USER_PASSWORD_INCORRECT;
            }
            else
            {
                return LoginResult.LOGIN_USER_DOESNT_EXIST;
            }
        }


        /// <summary>
        ///設置用戶密碼,管理員可以通過它來修改指定用戶的密碼。
        ///用戶公共名稱
        ///用戶新密碼
        /// </summary>
        /// <param name="commonName"></param>
        /// <param name="newPassword"></param>
        public static void SetPassword(string commonName, string newPassword)
        {
            DirectoryEntry de = GetDirectoryEntry(commonName);

            // 模擬超級管理員,以達到有權限修改用戶密碼
            impersonate.BeginImpersonate();
            de.Invoke("SetPassword", new object[] { newPassword });
            impersonate.StopImpersonate();

            de.Close();
        }


        /// <summary>
        ///設置帳號密碼,管理員可以通過它來修改指定帳號的密碼。
        ///用戶帳號
        ///用戶新密碼
        /// </summary>
        /// <param name="sAMAccountName"></param>
        /// <param name="newPassword"></param>
        public static void SetPasswordByAccount(string sAMAccountName, string newPassword)
        {
            DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);

            // 模擬超級管理員,以達到有權限修改用戶密碼
            IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName);
            impersonate.BeginImpersonate();
            de.Invoke("SetPassword", new object[] { newPassword });
            impersonate.StopImpersonate();

            de.Close();
        }

       /// <summary>
       ///修改用戶密碼
       ///用戶公共名稱
       ///舊密碼
       ///新密碼
       /// </summary>
       /// <param name="commonName"></param>
       /// <param name="oldPassword"></param>
       /// <param name="newPassword"></param>
        public static void ChangeUserPassword(string commonName, string oldPassword, string newPassword)
        {
            // to-do: 需要解決密碼策略問題
            DirectoryEntry oUser = GetDirectoryEntry(commonName);
            oUser.Invoke("ChangePassword", new Object[] { oldPassword, newPassword });
            oUser.Close();
        }

        /// <summary>
        ///啟用指定公共名稱的用戶        
        /// </summary>
        /// <param name="commonName"></param>
        public static void EnableUser(string commonName)
        {
            EnableUser(GetDirectoryEntry(commonName));
        }

        /// <summary>
        /// 啟用指定的用戶
        /// </summary>
        /// <param name="de"></param>
        public static void EnableUser(DirectoryEntry de)
        {
            impersonate.BeginImpersonate();
            de.Properties["userAccountControl"][0] = ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD;
            de.CommitChanges();
            impersonate.StopImpersonate();
            de.Close();
        }

        /// <summary>
        /// 禁用指定公共名稱的用戶
        /// </summary>
        /// <param name="commonName"></param>
        public static void DisableUser(string commonName)
        {
            DisableUser(GetDirectoryEntry(commonName));
        }

        /// <summary>
        /// 禁用指定的用戶
        /// </summary>
        /// <param name="de"></param>
        public static void DisableUser(DirectoryEntry de)
        {
            impersonate.BeginImpersonate();
            de.Properties["userAccountControl"][0] = ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE;
            de.CommitChanges();
            impersonate.StopImpersonate();
            de.Close();
        }

        /// <summary>
        ///將指定的用戶添加到指定的組中。默認為Users下的組和用戶。
        ///用戶公共名稱
        ///組名
        /// </summary>
        /// <param name="userCommonName"></param>
        /// <param name="groupName"></param>
        public static void AddUserToGroup(string userCommonName, string groupName)
        {
            DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);
            DirectoryEntry oUser = GetDirectoryEntry(userCommonName);

            impersonate.BeginImpersonate();
            oGroup.Properties["member"].Add(oUser.Properties["distinguishedName"].Value);
            oGroup.CommitChanges();
            impersonate.StopImpersonate();

            oGroup.Close();
            oUser.Close();
        }

        /// <summary>
        ///將用戶從指定組中移除。默認為Users下的組和用戶。
        ///用戶公共名稱
        /// </summary>
        /// <param name="userCommonName"></param>
        /// <param name="groupName"></param>
        public static void RemoveUserFromGroup(string userCommonName, string groupName)
        {
            DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);
            DirectoryEntry oUser = GetDirectoryEntry(userCommonName);

            impersonate.BeginImpersonate();
            oGroup.Properties["member"].Remove(oUser.Properties["distinguishedName"].Value);
            oGroup.CommitChanges();
            impersonate.StopImpersonate();

            oGroup.Close();
            oUser.Close();
        }
    }

    /// <summary>
    /// 用戶模擬角色類。實現在程序段內進行用戶角色模擬。
    /// </summary>
    public class IdentityImpersonation
    {
        [DllImport("advapi32.dll", SetLastError = true)]
        public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);

        [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
        public extern static bool CloseHandle(IntPtr handle);

        // 要模擬的用戶的用戶名、密碼、域(機器名)
        private String _sImperUsername;
        private String _sImperPassword;
        private String _sImperDomain;
        // 記錄模擬上下文
        private WindowsImpersonationContext _imperContext;
        private IntPtr _adminToken;
        private IntPtr _dupeToken;
        // 是否已停止模擬
        private Boolean _bClosed;


       /// <summary>
       ///構造函數
       ///所要模擬的用戶的用戶名
       ///所要模擬的用戶的密碼
       ///所要模擬的用戶所在的域
       /// </summary>
       /// <param name="impersonationUsername"></param>
       /// <param name="impersonationPassword"></param>
       /// <param name="impersonationDomain"></param>
        public IdentityImpersonation(String impersonationUsername, String impersonationPassword, String impersonationDomain)
        {
            _sImperUsername = impersonationUsername;
            _sImperPassword = impersonationPassword;
            _sImperDomain = impersonationDomain;

            _adminToken = IntPtr.Zero;
            _dupeToken = IntPtr.Zero;
            _bClosed = true;
        }

        /// <summary>
        /// 析構函數
        /// </summary>
        ~IdentityImpersonation()
        {
            if (!_bClosed)
            {
                StopImpersonate();
            }
        }

        /// <summary>
        /// 開始身份角色模擬。
        /// </summary>
        /// <returns></returns>
        public Boolean BeginImpersonate()
        {
            Boolean bLogined = LogonUser(_sImperUsername, _sImperDomain, _sImperPassword, 2, 0, ref _adminToken);

            if (!bLogined)
            {
                return false;
            }

            Boolean bDuped = DuplicateToken(_adminToken, 2, ref _dupeToken);

            if (!bDuped)
            {
                return false;
            }

            WindowsIdentity fakeId = new WindowsIdentity(_dupeToken);
            _imperContext = fakeId.Impersonate();

            _bClosed = false;

            return true;
        }

        /// <summary>
        /// 停止身分角色模擬。
        /// </summary>
        public void StopImpersonate()
        {
            _imperContext.Undo();
            CloseHandle(_dupeToken);
            CloseHandle(_adminToken);
            _bClosed = true;
        }
    }
}

  


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 C#操作域用戶 C#讀取AD域用戶信息 C# 關於AD域的操作 (首博) [轉]C#操作Outlook 【轉】C#操作xml C#操作Json(轉) C#操作JSON [轉] C#位操作(轉) AD域相關的屬性和C#操作AD域 C# 調用LDAP接口獲取域用戶信息
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM