SQL CLR存储过程来查询Active Directory

Question

我需要获得存储在Active Directory的数据库中的用户的一些信息，我有一个简单的函数来做到这一点：

using (DirectoryEntry de = new DirectoryEntry("LDAP://ANYGIVENDOMAIN")) 
{ 
    using (DirectorySearcher adSearch = new DirectorySearcher(de)) 
    { 
     adSearch.Filter = "(sAMAccountName=jdoe)";     
     SearchResult adSearchResult = adSearch.FindOne(); 

     StringBuilder sb = new StringBuilder(); 
     sb.AppendLine(adSearchResult.Properties["displayname"][0].ToString()); 
     sb.AppendLine(adSearchResult.Properties["givenName"][0].ToString()); 
     sb.AppendLine(adSearchResult.Properties["objectSid"][0].ToString()); 
     sb.AppendLine(adSearchResult.Properties["description"][0].ToString()); 
     sb.AppendLine(adSearchResult.Properties["objectGUID"][0].ToString()); 
    } 
} 

从正在运行WinForm按我的意愿做，但在SQL Server项目类型中，我无法将名称空间System.DirectoryServices添加到引用。

任何人都知道为什么？

问候

JE

Answer 1

参见：Supported .NET Framework Libraries

Unsupported libraries can still be called from your managed stored procedures, triggers, user-defined functions, user-defined types, and user-defined aggregates. The unsupported library must first be registered in the SQL Server database, using the CREATE ASSEMBLY statement, before it can be used in your code. Any unsupported library that is registered and run on the server should be reviewed and tested for security and reliability.

For example, the System.DirectoryServices namespace is not supported. You must register the System.DirectoryServices.dll assembly with UNSAFE permissions before you can call it from your code. The UNSAFE permission is necessary because classes in the System.DirectoryServices namespace do not meet the requirements for SAFE or EXTERNAL_ACCESS. For more information, see CLR Integration Programming Model Restrictions and CLR Integration Code Access Security .