public static DateTime PasswordExpirationDate(UserPrincipal user)
{
DirectoryEntry entry = (DirectoryEntry)user.GetUnderlyingObject();
IADsUser native = (IADsUser)entry.NativeObject;
return(native.PasswordExpirationDate);
}
public string AuthUserByAD(string domain, string loginfullName, string loginId, string password)
{
IADsUser adUser = null;
try
{
adUser = ADHelper.AuthenticateUser(domain, loginfullName, loginId, password);
User user = new User();
user.UserId = new Guid(adUser.GUID);
user.GroupId = Guid.NewGuid();
user.UserName = adUser.FullName;
user.GroupName = string.Empty;
user.IsDownLoad = string.Empty;
// returnObj = user;
SerializeObjectFactory sof = new SerializeObjectFactory();
return(sof.SerializeToBase64(user));
}
catch (Exception ex)
{
LogWriter.WriteExceptionLog(ex);
return(string.Empty);
}
}
/// <summary>
/// sets the _currentPassword variable
/// </summary>
/// <param name="clearChars"></param>
//internal void setCurrentPassword(UnmanagedArray<char> clearChars)
//{
// _currentPassword = "";
// // build up the string from the unmanaged array
// for (int i = 0; i < clearChars.Length; i++)
// {
// _currentPassword += clearChars[i];
// }
//}
// Gael 1.1 legacy
/// <summary>
/// Sets the _newPassword variable
/// </summary>
/// <param name="clearChars"></param>
//internal void setNewPassword(UnmanagedArray<char> clearChars)
//{
// _newPassword = "";
// // build up the string from the unmanaged array
// for (int i = 0; i < clearChars.Length; i++)
// {
// _newPassword += clearChars[i];
// }
//}
// Gael - 1.1 legacy
/// <summary>
/// Does an administrative password change. The Directory
/// entry must be created with username and password of
/// a user with permission to change the password
/// </summary>
/// <param name="directoryEntry"></param>
/// <param name="gsNewPassword"></param>
internal void changePassword(DirectoryEntry directoryEntry,
GuardedString gsNewPassword)
{
// decrypt and save the new password
_newPassword = SecurityUtil.Decrypt(gsNewPassword);
// get the native com object as an IADsUser, and set the
// password
IADsUser user = (IADsUser)directoryEntry.NativeObject;
user.SetPassword(_newPassword);
}
protected bool IsValidADsObject(object ADsObject)
{
if (ADsObject is IADsUser)
{
IADsUser user = (IADsUser)ADsObject;
return(!user.AccountDisabled && !user.IsAccountLocked);
}
else
{
return(true);
}
}
/// <summary>
/// Does a user password change. Must supply the currentpassword
/// and the new password
/// </summary>
/// <param name="directoryEntry"></param>
/// <param name="gsCurrentPassword"></param>
/// <param name="gsNewPassword"></param>
internal void changePassword(DirectoryEntry directoryEntry,
GuardedString gsCurrentPassword, GuardedString gsNewPassword)
{
// decrypt and save the old nad new passwords
gsNewPassword.Access(setNewPassword);
gsCurrentPassword.Access(setCurrentPassword);
// get the native com object as an IADsUser, and change the
// password
IADsUser user = (IADsUser)directoryEntry.NativeObject;
user.ChangePassword(_currentPassword, _newPassword);
}
protected void GetUserMembership(IADsUser user, string propertyName, List <string> userGroups)
{
try
{
IADsMembers membership = user.Groups();
foreach (IADsGroup group in membership)
{
userGroups.Add(DirectoryServicesUtils.GetObjectAccountName(group, propertyName));
}
}
catch (Exception exc)
{
Log.WriteWarning("Failed to obtain user membership. Details : {0}", exc.Message);
}
}
/// <summary>
///
/// </summary>
/// <param name="domainName">quanjing.com</param>
/// <param name="userDomainName">quanjing\sunan</param>
/// <param name="password"></param>
/// <returns></returns>
public static IADsUser AuthenticateUser(string domainName, string userDomainName, string loginId, string password)
{
DirectoryEntry userEntry = null;
IADsUser objUser = null;
domainName = "DC=" + domainName.Replace(".", ",DC=");
string ldapPath = prefix + domainName;
//sAMAccountName
string userFilter = String.Format("(&(sAMAccountName={0})(objectCategory=person)(objectClass=user))", loginId);
// 找到用户的LDAP路径
DirectoryEntry RootDE = new DirectoryEntry(ldapPath, userDomainName, password, AuthenticationTypes.Secure);
string userPath = string.Empty;
using (DirectorySearcher objSearch = new DirectorySearcher(RootDE, userFilter))
{
SearchResult objRes = objSearch.FindOne();
userPath = objRes.Path;
objRes = null;
}
try
{
userEntry = new DirectoryEntry(userPath, userDomainName, password, AuthenticationTypes.Secure);
objUser = userEntry.NativeObject as IADsUser;
return(objUser);
}
catch (Exception ex)
{
Common.LogWriter.WriteExceptionLog(ex);
return(null);
}
}
public static void SearchUser(string domainName,
string OU,
string adminId,
string adminPwd,
List <string> userIdList,
List <User> resultUserList)
{
domainName = "DC=" + domainName.Replace(".", ",DC=");
OU = OU.Trim();
string ldapPath = prefix + OU + "," + domainName;
string myFilter = "(&(objectCategory=person)(objectClass=user)";
string filter = string.Empty;
filter += "(|";
foreach (string str in userIdList)
{
filter += "(sAMAccountName=" + str + ")";
}
filter += "))";
myFilter += filter;
DirectoryEntry root = new DirectoryEntry(ldapPath, adminId, adminPwd, AuthenticationTypes.Secure);
DirectorySearcher objSearcher = new DirectorySearcher(root, myFilter);
List <IADsUser> list = new List <IADsUser>(20);
using (SearchResultCollection objResCol = objSearcher.FindAll())
{
foreach (SearchResult sr in objResCol)
{
DirectoryEntry de = sr.GetDirectoryEntry();
IADsUser adUser = de.NativeObject as IADsUser;
string userId = de.Properties["sAMAccountName"].Value.ToString().ToLower();
if (!adUser.IsAccountLocked &&
!adUser.AccountDisabled &&
userIdList.IndexOf(userId) > -1)
{
User user = new User();
user.Email = adUser.EmailAddress;
user.UserLoginName = userId;
user.UserName = adUser.FullName;
user.UserId = new Guid(adUser.GUID);
try
{
if (adUser.TelephoneNumber != null)
{
user.Telphone = adUser.TelephoneNumber.ToString();
}
}
catch { }
resultUserList.Add(user);
}
}
}
}