Re: Extract SID from IWA response

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 02/18/05 

Date: Thu, 17 Feb 2005 17:48:48 -0600

The way to do this in .NET 1.1 would be to do a p/invoke on the
GetTokenInformation API using the Token property of the WindowsIdentity
class as the main input. You don't need to do a DS call to get the SID when
you have the token.

There are some nice wrapper classes out there that support this such as the
one on GotDotNet Win32 Security Library or DataMarvel.

Joe K.

"Kevin Dorle" <Kevin Dorle@discussions.microsoft.com> wrote in message
news:33A76FA6-6405-4909-8F77-24BB55417A0B@microsoft.com...
> It appears in .NET 2.0 there is a property of the
> System.Security.Principal.WindowsIdentity class called User that returns a
> string representation of a user's SID after they have authenticated using
> IWA. My question, is a similar property in .NET 1.1 from another class
> that
> will return the same information? I know there are several properties
> that
> return a domain/username string but to get the SID requires an DS lookup
> function which is performed across the wire. The application we are
> developing resides on a web server in a domain that has several dozen
> trust
> relationships to "account" domains across WAN links with varying speeds.
> To
> maximize performance, the user property appears to work without going over
> the wire. I am assuming it is getting this from the Kerberos
> authenticator
> that is passed during the IWA handshake.
>
> Thanks,
> Kevin