6

I am trying to make use of the active directory membership rather than SQL but there is very limited documentation available online. I have managed to connect my application to the domain controller without any problems but when you use "Context.User.Identity.Name" it comes up with DOMAIN\User. I want to basically drill down and get information such as full name, e-mail address, etc.

I just need a useful link and the searching I have done doesn't appear to have got me anywhere!

Many thanks

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Matt
  • 2,691
  • 3
  • 22
  • 36

3 Answers3

0

If you are making use of Active Directory then you are likely using Windows Authentication. If so, all you need to do is:

  1. Reference System.DirectoryServices.AccountManagement

  2. In code (perhaps a controller action or model constructor)

    // establishes your domain as the context for your user lookup var principalContext = new PrincipalContext(ContextType.Domain, "domainName");

    // gets the current user's UserPrincipal object var userPrincipal.FindByIdentity(principalContext, @User.Identity.Name)

    // example var email = userPrincipal.EmailAddress;

Note:

  • This works because Windows Authentication means User.Identity on the current HttpContext is a WindowsIdentity and thus its Name property can be used to search AD.

  • You aren't limited to looking up the current user. You can use FindByIdentity() to search any value passed, and this method exists on other principals (ex. GroupPrincipal). You can also designate you wish to search by another type such as SID instead of Name.

Enjoy!

one.beat.consumer
  • 9,414
  • 11
  • 55
  • 98
0

Have you tried with this doc?

http://msdn.microsoft.com/en-US/library/system.web.security.activedirectorymembershipprovider%28v=vs.90%29.aspx

Can help?

Roberto Conte Rosito
  • 2,080
  • 12
  • 22
0

This should give you a bit of a clue: http://msdn.microsoft.com/en-us/library/ms973834.aspx and here is a list of LDAP properties that you might want to play around with in the search result: http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.htm

Jimmy Chandra
  • 6,472
  • 4
  • 26
  • 38
  • Do I really need to create a new connection to the DC to get the information I want - I had hoped the information in the web.config file would be enough for this... Can you confirm if i need to create a new connection to the DC in order to get the information I need. – Matt Jan 12 '11 at 17:21
  • If you want to get additional properties from AD, you need to do this. This is how I did it when I was still developing intranet web apps that is authenticated vs AD. I am not sure if there is any other way. Perhaps someone else might know. – Jimmy Chandra Jan 13 '11 at 05:07
  • I have found something using the system.DirectoryServices.AccountManagement class (yay) - you have to pass a username and you can collect what ever paramiters you want: using (var user = UserPrincipal.FindByIdentity(context, "Username")) { return user.DisplayName; } - Its a little extra work, but at least it works! – Matt Jan 14 '11 at 08:48
  • Cool, I have not used that one. They must have added them since after I had to do anything w/ AD :). Thanks for sharing. – Jimmy Chandra Jan 15 '11 at 01:13