帮助！我一直想写，将确认用户的成员在Active Directory组中的功能，同时它的工作原理，如果成员恰好是该组中，它，如果用户不是抛出一个异常。

Help! I've been trying to write a function that will confirm a user's membership in an Active Directory group, and while it works if the member happens to be in the group, it throws an exception if the user is not.

下面是函数：

private bool IsUserMemberOfGroup(string user, string group)
{
  using (var ctx = new PrincipalContext(ContextType.Domain))
  using (var groupPrincipal = GroupPrincipal.FindByIdentity(ctx, group))
  using (var userPrincipal = UserPrincipal.FindByIdentity(ctx, user))
  {
    if (groupPrincipal == null)
    {
      return false;
    }
    else
    {
      return userPrincipal.IsMemberOf(groupPrincipal);
    }
  }
}

这里是YSOD：

And here is the YSOD:

中的/应用程序中的服务器错误。

未知的错误（0x80005000）

说明：当前Web请求的执行过程中发生未处理的异常。请检查堆栈跟踪有关该错误的详细信息以及它起源于code。

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

异常详细信息：

System.Runtime.InteropServices.COMException：未知的错误（0x80005000）

System.Runtime.InteropServices.COMException: Unknown error (0x80005000)

源错误：

 
Line 34:         else
Line 35:         {
Line 36:           return userPrincipal.IsMemberOf(groupPrincipal);
Line 37:         }
Line 38:       }

我不知道，如果是相关的，但是当我通过功能步骤，groupPrincipal.Members.Count抛出一个异常类System.NullReferenceException，与Count.Base显示异常的消息对象未设置为对象的实例

I don't know if it's related, but when I step through the function, groupPrincipal.Members.Count throws an exception of type "System.NullReferenceException", with Count.Base shows an exception with the message "Object reference not set to instance of an object".

到底什么回事？为什么不一个名为IsMemberOf布尔刚返回false当一个人的还不是会员？

What the heck's going on? Why won't a bool named IsMemberOf just return false when someone's not a member?

谢谢

丹尼尔

推荐答案

我认为你可以简化事情有点：

I think you could simplify things a bit:

private bool IsUserMemberOfGroup(string user, string group)
{
  using (var ctx = new PrincipalContext(ContextType.Domain))
  using (var userPrincipal = UserPrincipal.FindByIdentity(ctx, user))
  {
      PrincipalSearchResult<Principal> result = userPrincipal.GetGroups();

      GroupPrincipal groupPrincipal = 
           result.Where(g => g.SamAccountName == groupName).FirstOrDefault();

      return (groupPrincipal != null);
  }
}

在 userPrincipal.GetGroups（）会给你所有组成员（包括小学组和嵌套组成员），为用户的最终名单;然后搜索该列表中你感兴趣的群组，如通过SAM帐户或其他财产。

The userPrincipal.GetGroups() will give you a definitive list of all group memberships (including primary group and nested group memberships) for that user; then search that list for the group you're interested in, e.g. by samACcountName or some other property.

如果你发现你正在寻找该组中的 PrincipalSearchResult＆LT;主＆GT; 按 GetGroups返回（） ，那么你的用户是该组的成员。

If you find the group you're looking for in the PrincipalSearchResult<Principal> returned by GetGroups(), then your user is a member of that group.

您可以保存自己至少有一个FindByIdentity这一呼吁。

You can save yourself at least one "FindByIdentity" call with this.