Retrieving AD objectGuid user authentication from asp.net

Question

Retrieving AD objectGuid user authentication from asp.net

I am using Windows authentication in an ASP.NET application. I am wondering what is the best way to get a Guid object from the current user?

Regards, Egil.

+6

asp.net active-directory windows-authentication

Egil hansen Nov 24 '08 at 20:44

source share

3 answers

The proposed solutions are quite expensive. Instead of searching by domain and username, the best solution is to use the SID to search for an account:

 // using System.Security.Principal; IPrincipal userPrincipal = HttpContext.Current.User; WindowsIdentity windowsId = userPrincipal.Identity as WindowsIdentity; if (windowsId != null) { SecurityIdentifier sid = windowsId.User; using(DirectoryEntry userDe = new DirectoryEntry("LDAP://<SID=" + sid.Value + ">")) { Guid objectGuid = new Guid(userDe.NativeGuid); } }

+11

Felan Apr 7 '10 at 0:14

source share

You need to use the NativeGuid property. C # code:

 string login = HttpContext.Current.User.Identity.Name; string domain = login.Substring(0, login.IndexOf('\\')); string userName = login.Substring(login.IndexOf('\\') + 1); DirectoryEntry domainEntry = new DirectoryEntry("LDAP://" + domain); DirectorySearcher searcher = new DirectorySearcher(domainEntry); searcher.Filter = string.Format( "(&(objectCategory=person)(objectClass=user)(sAMAccountName={0}))", userName); SearchResult searchResult = searcher.FindOne(); DirectoryEntry entry = searchResult.GetDirectoryEntry(); Guid objectGuid = new Guid(entry.NativeGuid);

+2

Pavel chuchuva May 6, '09 at 5:54

source share

Philpursglove · Accepted Answer · 2008-11-25T08:47:38+0000

You can do this using the System.DirectoryServices namespace.

Dim entry As DirectoryServices.DirectoryEntry Dim mySearcher As System.DirectoryServices.DirectorySearcher Dim result As System.DirectoryServices.SearchResult Dim myEntry As DirectoryEntry Dim domainName As String Dim userId As String Dim objectGuid As Guid 'Split the username into domain and userid parts domainName = Page.User.Identity.Name.Substring(0, Page.User.Identity.Name.IndexOf("\")) userId = Page.User.Identity.Name.Substring(Page.User.Identity.Name.IndexOf("\") + 1) 'Start at the top level domain entry = New DirectoryEntry(domainName) mySearcher = New DirectorySearcher(entry) 'Build a filter for just the user mySearcher.Filter = ("(&(anr=" & userId & ")(objectClass=user))") 'Get the search result ... result = mySearcher.FindOne '... and then get the AD entry that goes with it myEntry = result.GetDirectoryEntry 'The Guid property is the objectGuid objectGuid = myEntry.Guid

There may be a better way to do this, but it works!

Retrieving AD objectGuid user authentication from asp.net

More articles: