1

我已经用 Visual Basic 构建了一个带有登录屏幕和表单的应用程序。登录屏幕通过 Active Directory 进行身份验证。用户认证后,表单加载。在表单加载时,我想检查经过身份验证的用户是否在四个特定的 Active Directory 安全组之一中。根据经过身份验证的用户所在的组将取决于启用表单上的哪些按钮。我已经获得了活动目录用户身份验证,可用于登录程序并加载表单,但用于验证用户所在组的特定代码不起作用。下面是我的表单加载代码。

Private Sub form_main_Load(sender As Object, e As EventArgs) Handles MyBase.Load

    button_main_pimam.Enabled = False
    button_main_pimpm.Enabled = False
    button_main_eim.Enabled = False
    button_main_achmanager.Enabled = False
    button_main_mobiliti.Enabled = False
    button_main_checkfree.Enabled = False
    button_main_rcm.Enabled = False
    button_main_mis.Enabled = False
    button_main_colson.Enabled = False

    If My.User.IsInRole("domain.local\Fiserv Processing - Electronic Banking") Then
        button_main_achmanager.Enabled = True
        button_main_pimam.Enabled = True
        button_main_pimpm.Enabled = True
        button_main_eim.Enabled = True
        button_main_colson.Enabled = True
        button_main_colson.Enabled = True
    ElseIf My.User.IsInRole("domain.local\Fiserv Processing - Operations") Then
        button_main_achmanager.Enabled = True
        button_main_mobiliti.Enabled = True
        button_main_checkfree.Enabled = True
        button_main_rcm.Enabled = True
        button_main_colson.Enabled = True
    ElseIf My.User.IsInRole("domain.local\Fiserv Processing - Loan Operations") Then
        button_main_pimam.Enabled = True
        button_main_pimpm.Enabled = True
        button_main_eim.Enabled = True
        button_main_achmanager.Enabled = True
        button_main_mobiliti.Enabled = True
        button_main_checkfree.Enabled = True
        button_main_rcm.Enabled = True
        button_main_mis.Enabled = True
    ElseIf My.User.IsInRole("domain.local\Fiserv Processing - MIS") Then
        button_main_pimam.Enabled = True
        button_main_pimpm.Enabled = True
        button_main_eim.Enabled = True
        button_main_achmanager.Enabled = True
        button_main_mobiliti.Enabled = True
        button_main_checkfree.Enabled = True
        button_main_rcm.Enabled = True
        button_main_mis.Enabled = True
        button_main_colson.Enabled = True
    End If
End Sub

无论经过身份验证的用户在哪个组中,所有按钮都可以使用。我究竟做错了什么?

4

1 回答 1

0

试试这个方法。在您的情况下,我会在用户进行身份验证时缓存用户所属的组数组,然后在您需要时检查您的应用程序。

   Function IsInGroup(UserName As String, groupName As String) As Boolean
      Dim vUsuario As New NTAccount(UserName)
      Dim sid As SecurityIdentifier = vUsuario.Translate(GetType(SecurityIdentifier))
      Using vRootDSE As New DirectoryEntry("LDAP://rootDSE")
         Using vSearcher As New DirectorySearcher(New DirectoryEntry("LDAP://" + CStr(vRootDSE.Properties("defaultNamingContext")(0))), "(objectSID=" & sid.ToString() & ")", New String() {"memberOf"}, SearchScope.Subtree)
            Dim src As SearchResultCollection = vSearcher.FindAll()

            Dim memberOf As ResultPropertyValueCollection = src(0).Properties("memberOf")
            For i As Integer = 0 To memberOf.Count - 1
               'Debug.Print(memberOf(i).ToString())

               ' I don't really like this approach, but it's quick to write ;)
               If memberOf(i).ToString().Contains("=" & groupName & ",") Then
                  Return True
               End If
            Next

         End Using

      End Using

      Return False
   End Function
于 2015-06-12T11:41:02.330 回答