Re: Incorrect LogonUserIdentity.Name
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 9 Jul 2008 13:58:20 -0500
Note that you might consider using a more durable key into your SQL database
in the future to help avoid these types of problems. :)
The ideal thing to use for AD users is the GUID (objectGUID attribute in the
directory) since it rename safe, even across domain moves in a multi-domain
forest, is fixed size, has convenient binary and string representations and
also fits nicely into the SQL UniqueIdentifier type.
Another thing you could use is the SID. It isn't as durable and is variable
length, but it is more rename safe. It is also easier to get from the
WindowsIdentity since it is built in where as the GUID would require some
sort of a lookup.
Just an idea. It sounds like that ship may have already sailed and you
really just need to get this fixed, but this may not be the last time you
have this problem.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Scott_A" <ScottA@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A3E5F177-7C23-45C4-89AD-B4DCBFEA180D@xxxxxxxxxxxxxxxx
Thanks for the reply.
Yes I have rebooted the box and have also run that code on different boxes
that authenticate to different DC's. ("%logonserver%")
I also think there are different API's in play but which ones and where do
they get their info from?
Scott
"Joe Kaplan" wrote:
Did you try rebooting the box? Maybe something is cached somewhere in
LSA
memory? I'm uncertain why the server variables would be up to date but
this
code would be wrong, but perhaps there are different underlying API calls
that get the data from different places.
It will probably eventually fix itself either way.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Scott_A" <ScottA@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3CF30495-7054-4BDF-8216-F83B25186986@xxxxxxxxxxxxxxxx
We have an AD user account that was setup as R_Smith and then was
changed
to
JR_Smith.
One of our web applications does a database look up using the
LogonUserIdentity.Name value but this is still returning R_Smith even
though
the user logged onto his box with JR_Smith.
Also I created a page that looked at the server variables and
AUTH_USER,
LOGON_USER and REMOTE_USER all return the correct JR_Smith. This page
is
running on the same web server and in the same virtual directory as the
web
application. Why would the server variables return different values to
the
LogonUserIdentity.Name? Do they pull different attributes from AD? All
the
account settings in AD look fine.
Any ideas?
Thanks
Scott
(I have also posted this on the asp.net forums but have had no luck
yet)
.
- Follow-Ups:
- Re: Incorrect LogonUserIdentity.Name
- From: Scott_A
- Re: Incorrect LogonUserIdentity.Name
- References:
- Incorrect LogonUserIdentity.Name
- From: Scott_A
- Re: Incorrect LogonUserIdentity.Name
- From: Joe Kaplan
- Re: Incorrect LogonUserIdentity.Name
- From: Scott_A
- Incorrect LogonUserIdentity.Name
- Prev by Date: Re: Incorrect LogonUserIdentity.Name
- Next by Date: Re: Incorrect LogonUserIdentity.Name
- Previous by thread: Re: Incorrect LogonUserIdentity.Name
- Next by thread: Re: Incorrect LogonUserIdentity.Name
- Index(es):
Relevant Pages
|
