ADHelper 活动目录用户操作类

using  System;
using  System.DirectoryServices;
namespace  SystemFrameworks.Helper
{           /// 
          ///  活动目录辅助类。封装一系列活动目录操作相关的方法。
          /// 
          public  sealed  class  ADHelper
          {
                  /// 
                  ///  域名
                  /// 
                  private  static  string  DomainName  =  "MyDomain";
                  /// 
                  ///  LDAP  地址
                  /// 
                  private  static  string  LDAPDomain  =  "DC=MyDomain,DC=local";
                  /// 
                  ///  LDAP绑定路径
                  /// 
                  private  static  string  ADPath  =  "LDAP://brooks.mydomain.local";
                  /// 
                  ///  登录帐号
                  /// 
                  private  static  string  ADUser  =  "Administrator";
                  /// 
                  ///  登录密码
                  /// 
                  private  static  string  ADPassword  =  "password";
                  /// 
                  ///  扮演类实例
                  /// 
                  private  static  IdentityImpersonation  impersonate  =  new  IdentityImpersonation(ADUser,  ADPassword,  DomainName);
 
                  /// 
                  ///  用户登录验证结果
                  /// 
                  public  enum  LoginResult
                  {
                            /// 
                            ///  正常登录
                            /// 
                            LOGIN_USER_OK  =  0,
                            /// 
                            ///  用户不存在
                            /// 
                            LOGIN_USER_DOESNT_EXIST,
                            /// 
                            ///  用户帐号被禁用
                            /// 
                            LOGIN_USER_ACCOUNT_INACTIVE,
                            /// 
                            ///  用户密码不正确
                            /// 
                            LOGIN_USER_PASSWORD_INCORRECT
                  }
 
                  /// 
                  ///  用户属性定义标志
                  /// 
                  public  enum  ADS_USER_FLAG_ENUM
                  {
                            /// 
                            ///  登录脚本标志。如果通过  ADSI  LDAP  进行读或写操作时,该标志失效。如果通过  ADSI  WINNT,该标志为只读。
                            /// 
                            ADS_UF_SCRIPT  =  0X0001,
                            /// 
                            ///  用户帐号禁用标志
                            /// 
                            ADS_UF_ACCOUNTDISABLE  =  0X0002,
                            /// 
                            ///  主文件夹标志
                            /// 
                            ADS_UF_HOMEDIR_REQUIRED  =  0X0008,
                            /// 
                            ///  过期标志
                            /// 
                            ADS_UF_LOCKOUT  =  0X0010,
                            /// 
                            ///  用户密码不是必须的
                            /// 
                            ADS_UF_PASSWD_NOTREQD  =  0X0020,
                            /// 
                            ///  密码不能更改标志
                            /// 
                            ADS_UF_PASSWD_CANT_CHANGE  =  0X0040,
                            /// 
                            ///  使用可逆的加密保存密码
                            /// 
                            ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED  =  0X0080,
                            /// 
                            ///  本地帐号标志
                            /// 
                            ADS_UF_TEMP_DUPLICATE_ACCOUNT  =  0X0100,
                            /// 
                            ///  普通用户的默认帐号类型
                            /// 
                            ADS_UF_NORMAL_ACCOUNT  =  0X0200,
                            /// 
                            ///  跨域的信任帐号标志
                            /// 
                            ADS_UF_INTERDOMAIN_TRUST_ACCOUNT  =  0X0800,
                            /// 
                            ///  工作站信任帐号标志
                            /// 
                            ADS_UF_WORKSTATION_TRUST_ACCOUNT  =  0x1000,
                            /// 
                            ///  服务器信任帐号标志
                            /// 
                            ADS_UF_SERVER_TRUST_ACCOUNT  =  0X2000,
                            /// 
                            ///  密码永不过期标志
                            /// 
                            ADS_UF_DONT_EXPIRE_PASSWD  =  0X10000,
                            /// 
                            ///  MNS  帐号标志
                            /// 
                            ADS_UF_MNS_LOGON_ACCOUNT  =  0X20000,
                            /// 
                            ///  交互式登录必须使用智能卡
                            /// 
                            ADS_UF_SMARTCARD_REQUIRED  =  0X40000,
                            /// 
                            ///  当设置该标志时,服务帐号(用户或计算机帐号)将通过  Kerberos  委托信任
                            /// 
                            ADS_UF_TRUSTED_FOR_DELEGATION  =  0X80000,
                            /// 
                            ///  当设置该标志时,即使服务帐号是通过  Kerberos  委托信任的,敏感帐号不能被委托
                            /// 
                            ADS_UF_NOT_DELEGATED  =  0X100000,
                            /// 
                            ///  此帐号需要  DES  加密类型
                            /// 
                            ADS_UF_USE_DES_KEY_ONLY  =  0X200000,
                            /// 
                            ///  不要进行  Kerberos  预身份验证
                            /// 
                            ADS_UF_DONT_REQUIRE_PREAUTH  =  0X4000000,
                            /// 
                            ///  用户密码过期标志
                            /// 
                            ADS_UF_PASSWORD_EXPIRED  =  0X800000,
                            /// 
                            ///  用户帐号可委托标志
                            /// 
                            ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION  =  0X1000000
                  }
 
                  public  ADHelper()
                  {
                            //
                  }
 
                  #region  GetDirectoryObject
 
                  /// 
                  ///  获得DirectoryEntry对象实例,以管理员登陆AD
                  /// 
                  /// 
                  private  static  DirectoryEntry  GetDirectoryObject()
                  {
                            DirectoryEntry  entry  =  new  DirectoryEntry(ADPath,  ADUser,  ADPassword,  AuthenticationTypes.Secure);
                            return  entry;
                  }
 
                  /// 
                  ///  根据指定用户名和密码获得相应DirectoryEntry实体
                  /// 
                  /// 
                  /// 
                  /// 
                  private  static  DirectoryEntry  GetDirectoryObject(string  userName,  string  password)
                  {
                            DirectoryEntry  entry  =  new  DirectoryEntry(ADPath,  userName,  password,  AuthenticationTypes.None);
                            return  entry;
                  }
 
                  /// 
                  ///  i.e.  /CN=Users,DC=creditsights,  DC=cyberelves,  DC=Com
                  /// 
                  /// 
                  /// 
                  private  static  DirectoryEntry  GetDirectoryObject(string  domainReference)
                  {
                            DirectoryEntry  entry  =  new  DirectoryEntry(ADPath  +  domainReference,  ADUser,  ADPassword,  AuthenticationTypes.Secure);
                            return  entry;
                  }
 
                  /// 
                  ///  获得以UserName,Password创建的DirectoryEntry
                  /// 
                  /// 
                  /// 
                  /// 
                  /// 
                  private  static  DirectoryEntry  GetDirectoryObject(string  domainReference,  string  userName,  string  password)
                  {
                            DirectoryEntry  entry  =  new  DirectoryEntry(ADPath  +  domainReference,  userName,  password,  AuthenticationTypes.Secure);
                            return  entry;
                  }
 
                  #endregion
 
                  #region  GetDirectoryEntry
 
                  /// 
                  ///  根据用户公共名称取得用户的  对象
                  /// 
                  ///  用户公共名称
                  ///  如果找到该用户,则返回用户的  对象;否则返回  null
                  public  static  DirectoryEntry  GetDirectoryEntry(string  commonName)
                  {
                            DirectoryEntry  de  =  GetDirectoryObject();
                            DirectorySearcher  deSearch  =  new  DirectorySearcher(de);
                            deSearch.Filter  =  "(&(&(objectCategory=person)(objectClass=user))(cn="  +  commonName  +  "))";
                            deSearch.SearchScope  =  SearchScope.Subtree;
 
                            try
                            {
                                      SearchResult  result  =  deSearch.FindOne();
                                      de  =  new  DirectoryEntry(result.Path);
                                      return  de;
                            }
                            catch
                            {
                                      return  null;
                            }
                  }
 
                  /// 
                  ///  根据用户公共名称和密码取得用户的  对象。
                  /// 
                  ///  用户公共名称
                  ///  用户密码
                  ///  如果找到该用户,则返回用户的  对象;否则返回  null
                  public  static  DirectoryEntry  GetDirectoryEntry(string  commonName,  string  password)
                  {
                            DirectoryEntry  de  =  GetDirectoryObject(commonName,  password);
                            DirectorySearcher  deSearch  =  new  DirectorySearcher(de);
                            deSearch.Filter  =  "(&(&(objectCategory=person)(objectClass=user))(cn="  +  commonName  +  "))";
                            deSearch.SearchScope  =  SearchScope.Subtree;
 
                            try
                            {
                                      SearchResult  result  =  deSearch.FindOne();
                                      de  =  new  DirectoryEntry(result.Path);
                                      return  de;
                            }
                            catch
                            {
                                      return  null;
                            }
                  }
 
                  /// 
                  ///  根据用户帐号称取得用户的  对象
                  /// 
                  ///  用户帐号名
                  ///  如果找到该用户,则返回用户的  对象;否则返回  null
                  public  static  DirectoryEntry  GetDirectoryEntryByAccount(string  sAMAccountName)
                  {
                            DirectoryEntry  de  =  GetDirectoryObject();
                            DirectorySearcher  deSearch  =  new  DirectorySearcher(de);
                            deSearch.Filter  =  "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName="  +  sAMAccountName  +  "))";
                            deSearch.SearchScope  =  SearchScope.Subtree;
 
                            try
                            {
                                      SearchResult  result  =  deSearch.FindOne();
                                      de  =  new  DirectoryEntry(result.Path);
                                      return  de;
                            }
                            catch
                            {
                                      return  null;
                            }
                  }
 
                  /// 
                  ///  根据用户帐号和密码取得用户的  对象
                  /// 
                  ///  用户帐号名
                  ///  用户密码
                  ///  如果找到该用户,则返回用户的  对象;否则返回  null
                  public  static  DirectoryEntry  GetDirectoryEntryByAccount(string  sAMAccountName,  string  password)
                  {
                            DirectoryEntry  de  =  GetDirectoryEntryByAccount(sAMAccountName);
                            if  (de  !=  null)
                            {
                                      string  commonName  =  de.Properties["cn"][0].ToString();
 
                                      if  (GetDirectoryEntry(commonName,  password)  !=  null)
                                              return  GetDirectoryEntry(commonName,  password);
                                      else
                                              return  null;
                            }
                            else
                            {
                                      return  null;
                            }
                  }
 
                  /// 
                  ///  根据组名取得用户组的  对象
                  /// 
                  ///  组名
                  /// 
                  public  static  DirectoryEntry  GetDirectoryEntryOfGroup(string  groupName)
                  {
                            DirectoryEntry  de  =  GetDirectoryObject();
                            DirectorySearcher  deSearch  =  new  DirectorySearcher(de);
                            deSearch.Filter  =  "(&(objectClass=group)(cn="  +  groupName  +  "))";
                            deSearch.SearchScope  =  SearchScope.Subtree;
 
                            try
                            {
                                      SearchResult  result  =  deSearch.FindOne();
                                      de  =  new  DirectoryEntry(result.Path);
                                      return  de;
                            }
                            catch
                            {
                                      return  null;
                            }
                  }
 
                  #endregion
 
                  #region  GetProperty
 
                  /// 
                  ///  获得指定  指定属性名对应的值
                  /// 
                  /// 
                  ///  属性名称
                  ///  属性值
                  public  static  string  GetProperty(DirectoryEntry  de,  string  propertyName)
                  {
                            if(de.Properties.Contains(propertyName))
                            {
                                      return  de.Properties[propertyName][0].ToString()  ;
                            }
                            else
                            {
                                      return  string.Empty;
                            }
                  }
 
                  /// 
                  ///  获得指定搜索结果  中指定属性名对应的值
                  /// 
                  /// 
                  ///  属性名称
                  ///  属性值
                  public  static  string  GetProperty(SearchResult  searchResult,  string  propertyName)
                  {
                            if(searchResult.Properties.Contains(propertyName))
                            {
                                      return  searchResult.Properties[propertyName][0].ToString()  ;
                            }
                            else
                            {
                                      return  string.Empty;
                            }
                  }
 
                  #endregion
 
                  /// 
                  ///  设置指定  的属性值
                  /// 
                  /// 
                  ///  属性名称
                  ///  属性值
                  public  static  void  SetProperty(DirectoryEntry  de,  string  propertyName,  string  propertyvalue)
                  {
                            if(propertyvalue  !=  string.Empty  ||  propertyvalue  !=  ""  ||  propertyvalue  !=  null)
                            {
                                      if(de.Properties.Contains(propertyName))
                                      {
                                              de.Properties[propertyName][0]  =  propertyvalue; 
                                      }
                                      else
                                      {
                                              de.Properties[propertyName].Add(propertyvalue);
                                      }
                            }
                  }
 
                  /// 
                  ///  创建新的用户
                  /// 
                  ///  DN  位置。例如:OU=共享平台  或  CN=Users
                  ///  公共名称
                  ///  帐号
                  ///  密码
                  /// 
                  public  static  DirectoryEntry  CreateNewUser(string  ldapDN,  string  commonName,  string  sAMAccountName,  string  password)
                  {
                            DirectoryEntry  entry  =  GetDirectoryObject();
                            DirectoryEntry  subEntry  =  entry.Children.Find(ldapDN);
                            DirectoryEntry  deUser  =  subEntry.Children.Add("CN="  +  commonName,  "user");
                            deUser.Properties["sAMAccountName"].value  =  sAMAccountName;
                            deUser.CommitChanges();
                            ADHelper.EnableUser(commonName);
                            ADHelper.SetPassword(commonName,  password);
                            deUser.Close();
                            return  deUser;
                  }
 
                  /// 
                  ///  创建新的用户。默认创建在  Users  单元下。
                  /// 
                  ///  公共名称
                  ///  帐号
                  ///  密码
                  /// 
                  public  static  DirectoryEntry  CreateNewUser(string  commonName,  string  sAMAccountName,  string  password)
                  {
                            return  CreateNewUser("CN=Users",  commonName,  sAMAccountName,  password);
                  }
 
                  /// 
                  ///  判断指定公共名称的用户是否存在
                  /// 
                  ///  用户公共名称
                  ///  如果存在,返回  true;否则返回  false
                  public  static  bool  IsUserExists(string  commonName)
                  {
                            DirectoryEntry  de  =  GetDirectoryObject();
                            DirectorySearcher  deSearch  =  new  DirectorySearcher(de);
                            deSearch.Filter  =  "(&(&(objectCategory=person)(objectClass=user))(cn="  +  commonName  +  "))";              //  LDAP  查询串
                            SearchResultCollection  results  =  deSearch.FindAll();
 
                            if  (results.Count  ==  0)
                                      return  false;
                            else
                                      return  true;
                  }
 
                  /// 
                  ///  判断用户帐号是否激活
                  /// 
                  ///  用户帐号属性控制器
                  ///  如果用户帐号已经激活,返回  true;否则返回  false
                  public  static  bool  IsAccountActive(int  userAccountControl)
                  {
                            int  userAccountControl_Disabled  =  Convert.ToInt32(ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE);
                            int  flagExists  =  userAccountControl  &  userAccountControl_Disabled;
 
                            if  (flagExists  >  0)
                                      return  false;
                            else
                                      return  true;
                  }
 
                  /// 
                  ///  判断用户与密码是否足够以满足身份验证进而登录
                  /// 
                  ///  用户公共名称
                  ///  密码
                  ///  如能可正常登录,则返回  true;否则返回  false
                  public  static  LoginResult  Login(string  commonName,  string  password)
                  {
                            DirectoryEntry  de  =  GetDirectoryEntry(commonName);
 
                            if  (de  !=  null)
                            {
                                      //  必须在判断用户密码正确前,对帐号激活属性进行判断;否则将出现异常。
                                      int  userAccountControl  =  Convert.ToInt32(de.Properties["userAccountControl"][0]);
                                      de.Close();
 
                                      if  (!IsAccountActive(userAccountControl))
                                              return  LoginResult.LOGIN_USER_ACCOUNT_INACTIVE;
 
                                      if  (GetDirectoryEntry(commonName,  password)  !=  null)
                                              return  LoginResult.LOGIN_USER_OK;
                                      else
                                              return  LoginResult.LOGIN_USER_PASSWORD_INCORRECT;
                            }
                            else
                            {
                                      return  LoginResult.LOGIN_USER_DOESNT_EXIST; 
                            }
                  }
 
                  /// 
                  ///  判断用户帐号与密码是否足够以满足身份验证进而登录
                  /// 
                  ///  用户帐号
                  ///  密码
                  ///  如能可正常登录,则返回  true;否则返回  false
                  public  static  LoginResult  LoginByAccount(string  sAMAccountName,  string  password)
                  {
                            DirectoryEntry  de  =  GetDirectoryEntryByAccount(sAMAccountName);
                                     
                            if  (de  !=  null)
                            {
                                      //  必须在判断用户密码正确前,对帐号激活属性进行判断;否则将出现异常。
                                      int  userAccountControl  =  Convert.ToInt32(de.Properties["userAccountControl"][0]);
                                      de.Close();
 
                                      if  (!IsAccountActive(userAccountControl))
                                              return  LoginResult.LOGIN_USER_ACCOUNT_INACTIVE;
 
                                      if  (GetDirectoryEntryByAccount(sAMAccountName,  password)  !=  null)
                                              return  LoginResult.LOGIN_USER_OK;
                                      else
                                              return  LoginResult.LOGIN_USER_PASSWORD_INCORRECT;
                            }
                            else
                            {
                                      return  LoginResult.LOGIN_USER_DOESNT_EXIST; 
                            }
                  }
 
                  /// 
                  ///  设置用户密码,管理员可以通过它来修改指定用户的密码。
                  /// 
                  ///  用户公共名称
                  ///  用户新密码
                  public  static  void  SetPassword(string  commonName,  string  newPassword)
                  {
                            DirectoryEntry  de  =  GetDirectoryEntry(commonName);
                           
                            //  模拟超级管理员,以达到有权限修改用户密码
                            impersonate.BeginImpersonate();
                            de.Invoke("SetPassword",  new  object[]{newPassword});
                            impersonate.StopImpersonate();
 
                            de.Close();
                  }
 
                  /// 
                  ///  设置帐号密码,管理员可以通过它来修改指定帐号的密码。
                  /// 
                  ///  用户帐号
                  ///  用户新密码
                  public  static  void  SetPasswordByAccount(string  sAMAccountName,  string  newPassword)
                  {
                            DirectoryEntry  de  =  GetDirectoryEntryByAccount(sAMAccountName);
 
                            //  模拟超级管理员,以达到有权限修改用户密码
                            IdentityImpersonation  impersonate  =  new  IdentityImpersonation(ADUser,  ADPassword,  DomainName);
                            impersonate.BeginImpersonate();
                            de.Invoke("SetPassword",  new  object[]{newPassword});
                            impersonate.StopImpersonate();
 
                            de.Close();
                  }
 
                  /// 
                  ///  修改用户密码
                  /// 
                  ///  用户公共名称
                  ///  旧密码
                  ///  新密码
                  public  static  void  ChangeUserPassword  (string  commonName,  string  oldPassword,  string  newPassword)
                  {
                            //  to-do:  需要解决密码策略问题
                            DirectoryEntry  oUser  =  GetDirectoryEntry(commonName);
                            oUser.Invoke("ChangePassword",  new  Object[]{oldPassword,  newPassword});
                            oUser.Close();
                  }
 
                  /// 
                  ///  启用指定公共名称的用户
                  /// 
                  ///  用户公共名称
                  public  static  void  EnableUser(string  commonName)
                  {
                            EnableUser(GetDirectoryEntry(commonName));
                  }
 
                  /// 
                  ///  启用指定  的用户
                  /// 
                  /// 
                  public  static  void  EnableUser(DirectoryEntry  de)
                  {
                            impersonate.BeginImpersonate();
                            de.Properties["userAccountControl"][0]  =  ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT  |  ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD;
                            de.CommitChanges();
                            impersonate.StopImpersonate();
                            de.Close();
                  }
 
                  /// 
                  ///  禁用指定公共名称的用户
                  /// 
                  ///  用户公共名称
                  public  static  void  DisableUser(string  commonName)
                  {
                            DisableUser(GetDirectoryEntry(commonName));
                  }
 
                  /// 
                  ///  禁用指定  的用户
                  /// 
                  /// 
                  public  static  void  DisableUser(DirectoryEntry  de)
                  {
                            impersonate.BeginImpersonate();
                            de.Properties["userAccountControl"][0]=ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT  |  ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD  |  ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE;
                            de.CommitChanges();
                            impersonate.StopImpersonate();
                            de.Close();
                  }
 
                  /// 
                  ///  将指定的用户添加到指定的组中。默认为  Users  下的组和用户。
                  /// 
                  ///  用户公共名称
                  ///  组名
                  public  static  void  AddUserToGroup(string  userCommonName,  string  groupName)
                    {
                            DirectoryEntry  oGroup  =  GetDirectoryEntryOfGroup(groupName);
                            DirectoryEntry  oUser  =  GetDirectoryEntry(userCommonName);
                           
                            impersonate.BeginImpersonate();
                            oGroup.Properties["member"].Add(oUser.Properties["distinguishedName"].value);
                            oGroup.CommitChanges();
                            impersonate.StopImpersonate();
 
                            oGroup.Close();
                            oUser.Close();
                  }
 
                  /// 
                  ///  将用户从指定组中移除。默认为  Users  下的组和用户。
                  /// 
                  ///  用户公共名称
                  ///  组名
                  public  static  void  RemoveUserFromGroup(string  userCommonName,  string  groupName)
                  {
                            DirectoryEntry  oGroup  =  GetDirectoryEntryOfGroup(groupName);
                            DirectoryEntry  oUser  =  GetDirectoryEntry(userCommonName);
                           
                            impersonate.BeginImpersonate();
                            oGroup.Properties["member"].Remove(oUser.Properties["distinguishedName"].value);
                            oGroup.CommitChanges();
                            impersonate.StopImpersonate();
 
                            oGroup.Close();
                            oUser.Close();
                  }
 
          }
 
          /// 
          ///  用户模拟角色类。实现在程序段内进行用户角色模拟。
          /// 
          public  class  IdentityImpersonation
          {
                  [DllImport("advapi32.dll",  SetLastError=true)]
                  public  static  extern  bool  LogonUser(String  lpszUsername,  String  lpszDomain,  String  lpszPassword,  int  dwLogonType,  int  dwLogonProvider,  ref  IntPtr  phToken);
 
                  [DllImport("advapi32.dll",  CharSet=CharSet.Auto,  SetLastError=true)]
                  public  extern  static  bool  DuplicateToken(IntPtr  ExistingTokenHandle,  int  SECURITY_IMPERSONATION_LEVEL,  ref  IntPtr  DuplicateTokenHandle);
 
                  [DllImport("kernel32.dll",  CharSet=CharSet.Auto)]
                  public  extern  static  bool  CloseHandle(IntPtr  handle);
 
                  //  要模拟的用户的用户名、密码、域(机器名)
                  private  String  _sImperUsername;
                  private  String  _sImperPassword;
                  private  String  _sImperDomain;
                  //  记录模拟上下文
                  private  WindowsImpersonationContext  _imperContext;
                  private  IntPtr  _adminToken;
                  private  IntPtr  _dupeToken;
                  //  是否已停止模拟
                  private  Boolean  _bClosed;
 
                  /// 
                  ///  构造函数
                  /// 
                  ///  所要模拟的用户的用户名
                  ///  所要模拟的用户的密码
                  ///  所要模拟的用户所在的域
                  public  IdentityImpersonation(String  impersonationUsername,  String  impersonationPassword,  String  impersonationDomain) 
                  {
                            _sImperUsername  =  impersonationUsername;
                            _sImperPassword  =  impersonationPassword;
                            _sImperDomain  =  impersonationDomain;
 
                            _adminToken  =  IntPtr.Zero;
                            _dupeToken  =  IntPtr.Zero;
                            _bClosed  =  true;
                  }
 
                  /// 
                  ///  析构函数
                  /// 
                  ~IdentityImpersonation() 
                  {
                            if(!_bClosed) 
                            {
                                      StopImpersonate();
                            }
                  }
 
                  /// 
                  ///  开始身份角色模拟。
                  /// 
                  /// 
                  public  Boolean  BeginImpersonate() 
                  {
                            Boolean  bLogined  =  LogonUser(_sImperUsername,  _sImperDomain,  _sImperPassword,  2,  0,  ref  _adminToken);
                                               
                            if(!bLogined) 
                            {
                                      return  false;
                            }
 
                            Boolean  bDuped  =  DuplicateToken(_adminToken,  2,  ref  _dupeToken);
 
                            if(!bDuped) 
                            {
                                      return  false;
                            }
 
                            WindowsIdentity  fakeId  =  new  WindowsIdentity(_dupeToken);
                            _imperContext  =  fakeId.Impersonate();
 
                            _bClosed  =  false;
 
                            return  true;
                  }
 
                  /// 
                  ///  停止身分角色模拟。
                  /// 
                  public  void  StopImpersonate() 
                  {
                            _imperContext.Undo();
                            CloseHandle(_dupeToken);
                            CloseHandle(_adminToken);
                            _bClosed  =  true;
                  }
          }
 
}
posted @ 2006-04-12 15:20  OOP  阅读(1152)  评论(0编辑  收藏  举报