Active Directory 和 PrincipalPermission

Active Directory and PrincipalPermission(Active Directory 和 PrincipalPermission)
本文介绍了Active Directory 和 PrincipalPermission的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

这更像是一种好奇而不是寻求帮助,但我注意到当使用 PrincipalPermission 并验证用户是 Active Directory 中特定组的一部分时,它不会使用真正的组名,而是根据预Windows 2000 组名.通常这不会有什么不同 - 除非有人碰巧使这些值不同.

This is more of a curiosity than a request for help, but I noticed that when using PrincipalPermission and verifying a user is part of a specific group in Active Directory it will not use the true group name but instead validates against the pre-Windows 2000 group name instead. Ordinarily this wouldn't make a difference - unless someone happens to make these values different.

谁能想到为什么 .Net API 会使用该组名而不是真实"名称?这让我经历了数小时的悲痛和一些盲目的运气,最终弄明白了这一切.

Can anyone think of why the .Net API would use that group name instead of the "true" name? This caused me hours of grief and a bit of blind luck to finally figure it all out.

推荐答案

我会假设(没有自己测试和尝试过)PrincipalPermission 属性将使用 Active Directory 中的sAMAccountName"作为用户名和组名(例如用户"或JohnDoe")而不是您可能期望的专有名称"(DN)(CN=Users"、CN=John Doe").

I would assume (without having tested and tried this myself) that the PrincipalPermission attribute will use the "sAMAccountName" in Active Directory for user and group names (e.g. "Users" or "JohnDoe") instead of the "distinguished name" (DN) you might expect ("CN=Users", "CN=John Doe").

这背后的原因很可能是您正在处理的场景,例如独立服务器或 NT4 域.在这些情况下,您根本没有任何基于 AD 的专有名称 - 但您有 SAM 帐户名称.

The reasoning behind this will most likely be the scenario where you're working on e.g. a stand-alone server, or a NT4 domain. In those cases, you simply don't have any AD-based distinguished names - but you do have the SAM account names.

所以从某种意义上说,这乍一看似乎有点令人惊讶 - 但在我看来使用那些 SAM 帐户名称(前 AD 名称)确实有意义 - 你不同意吗?

So in a sense this might seems a bit surprising at first - but it does make sense in my opinion to use those SAM account names (pre-AD names) - don't you agree?

马克

这篇关于Active Directory 和 PrincipalPermission的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

本站部分内容来源互联网,如果有图片或者内容侵犯您的权益请联系我们删除!

相关文档推荐

What#39;s the difference between retrieving WindowsPrincipal from WindowsIdentity and Thread.CurrentPrincipal?(从 WindowsIdentity 和 Thread.CurrentPrincipal 检索 WindowsPrincipal 之间有什么区别?)
How do I find a user#39;s Active Directory display name in a C# web application?(如何在 C# Web 应用程序中查找用户的 Active Directory 显示名称?)
How can I authenticate against Active Directory in Nancy?(如何在 Nancy 中对 Active Directory 进行身份验证?)
How to get a username in Active Directory from a display name in C#?(如何从 C# 中的显示名称获取 Active Directory 中的用户名?)
Working with DirectoryServices in ASP.NET Core(在 ASP.NET Core 中使用 DirectoryServices)
Create Active Directory user in .NET (C#)(在 .NET (C#) 中创建 Active Directory 用户)