Re: Windows Auth - Active Directory

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 09/09/04 

Date: Thu, 9 Sep 2004 13:58:40 -0500

There isn't really an easier way. You need to use the DirectorySearcher to
search for their user object using the samAccountName (which you get from
their login name, e.g. domain\samAccountName) and find the attributes you
need from the result of the search.

The filter would look like:

(sAMAccountName=xxxx)

You would need to search the root of the domain the user is in or use the
Global Catalog for the forest if all the attributes you need are in the GC.

The way I've done this kind of thing before is to write a custom HttpModule
that looks up the user's info and adds it to a custom IPrincipal object. I
use session or cache to cache the data so that you don't need to look up the
values on every request.

I hope that gives you some ideas. I'd follow up with specific questions to
microsoft.public.adsi.general

Joe K.

"J. Shane Kunkle" <shane@caudillweb.com> wrote in message
news:eOsv1mplEHA.3016@tk2msftngp13.phx.gbl...
> Hello,
>
> I have a web application that uses windows authentication. All the users
> log in using an active directory account. When an authenticated user
> performs certain actions I would like to retrieve specific information
> from
> their active directory record (email address, etc).
>
> I can obviously get their "domain\account" from
> HttpContext.Current.User.Identity.Name - but what is the easiest way to
> access active directory records in this case?
>
> I feel like there should be some easy way to access active directory
> information in this situation because the user is already authenticated (a
> property of the User object, etc) however I have not found anything yet.
>
> The best examples I have found use the DirectorySearcher and
> DirectoryEntry
> objects but this seems to be quite a bit of work and I was hoping there
> would be an easier way.
>
> What is the recommended way to access active directory information in this
> situation?
>
> Any advice or direction is greatly appreciated - Thanks in advance,
>
> J. Shane Kunkle
> jkunkle@vt.edu
>
>
>
>

Relevant Pages

  • Re: Cant delete a corrupted user object in AD
    ... >> I have inherited a user object (user1) that is corrupted ... but forwarding his emails etc via AD ... >> 'The active Directory object could not be displayed. ...
    (microsoft.public.exchange2000.active.directory.integration)
  • Help Adding Trusted Domain user to Trusting Domain Group
    ... We gave created a web application that uses AD for authorization and ... authentication. ... familiar with Active Directory). ... Add the found user object from Domain A to the group on Domain B ...
    (microsoft.public.dotnet.general)
  • Re: User account querry
    ... every user object and their security descriptor, ... Dim strDN, objACE, blnSelf, blnEveryone ... ' Search entire Active Directory domain. ... ' Bind to user. ...
    (microsoft.public.windows.server.active_directory)
  • Re: List Domain users, group Membership & Creation Date
    ... script to run against a domain to extract the following to a text ... list the Creation date of the user object ... ' Search entire Active Directory domain. ... ' Move to the next record in the recordset. ...
    (microsoft.public.scripting.vbscript)
  • Re: user cant access mailbox
    ... went into Active Directory Users and added the Exchange ... got ldp.exe and am able to connect and log into a domain server. ... directory user object and making a new one from scratch with the same ...
    (microsoft.public.exchange.admin)