Re: how to get a LDAP user with Identity.Name?

From: Joe Kaplan \(MVP - ADSI\) (
Date: 07/03/04

Date: Fri, 2 Jul 2004 18:06:35 -0500

You would need to use System.DirectoryServices or another LDAP stack to
query AD to get the additional information. Probably the easiest way to
find the info for the user is to bind to the domain specified by the DOMAIN
part of the IIdentity.Name and do a subtree search on the
defaultNamingContext for sAMAccountName=MYLOGIN.

In the context of ASP.NET, your impersonated credentials may not be able to
delegate to AD (depends on how your accounts are configured and whether you
are authenticating with Kerberos; read up on delegation), so you may need to
supply alternative credentials in the DirectoryEntry object that you use as
your SearchRoot object.

There is more info here:;en-us;329986

There are pretty good DirectorySearcher samples in the .NET and Directory
Services reference in MSDN.


Joe K.

"Sociando" <> wrote in message
> I've a fairly simple pb:
> In an ASP.NET app, I ask for the user identity using:
> (WindowsPrincipal)(Page.User)).Identity.Name;
> I'm using Windows integrated authentication + impersonation.
> The value returned is "DOMAIN\MYLOGON"
> I'm trying to look for more info in the LDAP about this user, but I
> have some problem getting the attribute matching that string.
> For the login auth. the attribute "samaccountname" sounds perfect to
> me. For the domain, it does not sound that there is a standard way to
> get it.
> The question is: is it normal that I must decompose the
> "DOMAIN\MYLOGON" string and make the LDAP query only based on MYLOGON
> value? Or is there a way to query LDAP with the whole string ? with
> which property?
> Thanks