I am using windows authentication within an ASP.NET application. I am wondering how to best get the objectGuid from the currently logged in user?
我在ASP.NET应用程序中使用Windows身份验证。我想知道如何最好地从当前登录的用户获取objectGuid?
Regards, Egil.
3 个解决方案
#1
4
You can do this with the System.DirectoryServices namespace.
您可以使用System.DirectoryServices命名空间执行此操作。
Dim entry As DirectoryServices.DirectoryEntry
Dim mySearcher As System.DirectoryServices.DirectorySearcher
Dim result As System.DirectoryServices.SearchResult
Dim myEntry As DirectoryEntry
Dim domainName As String
Dim userId As String
Dim objectGuid As Guid
'Split the username into domain and userid parts
domainName = Page.User.Identity.Name.Substring(0, Page.User.Identity.Name.IndexOf("\"))
userId = Page.User.Identity.Name.Substring(Page.User.Identity.Name.IndexOf("\") + 1)
'Start at the top level domain
entry = New DirectoryEntry(domainName)
mySearcher = New DirectorySearcher(entry)
'Build a filter for just the user
mySearcher.Filter = ("(&(anr=" & userId & ")(objectClass=user))")
'Get the search result ...
result = mySearcher.FindOne
'... and then get the AD entry that goes with it
myEntry = result.GetDirectoryEntry
'The Guid property is the objectGuid
objectGuid = myEntry.Guid
There might be a better way to do this, but this works!
可能有更好的方法来做到这一点,但这是有效的!
#2
11
The suggest solutions are rather expensive. Rather than searching by domain and username, a better solution is to use the SID to lookup the account:
建议的解决方案相当昂贵。而不是按域和用户名搜索,更好的解决方案是使用SID查找帐户:
// using System.Security.Principal;
IPrincipal userPrincipal = HttpContext.Current.User;
WindowsIdentity windowsId = userPrincipal.Identity as WindowsIdentity;
if (windowsId != null)
{
SecurityIdentifier sid = windowsId.User;
using(DirectoryEntry userDe = new DirectoryEntry("LDAP://<SID=" + sid.Value + ">"))
{
Guid objectGuid = new Guid(userDe.NativeGuid);
}
}
#3
2
You need to use NativeGuid property. C# code:
您需要使用NativeGuid属性。 C#代码:
string login = HttpContext.Current.User.Identity.Name;
string domain = login.Substring(0, login.IndexOf('\\'));
string userName = login.Substring(login.IndexOf('\\') + 1);
DirectoryEntry domainEntry = new DirectoryEntry("LDAP://" + domain);
DirectorySearcher searcher = new DirectorySearcher(domainEntry);
searcher.Filter = string.Format(
"(&(objectCategory=person)(objectClass=user)(sAMAccountName={0}))",
userName);
SearchResult searchResult = searcher.FindOne();
DirectoryEntry entry = searchResult.GetDirectoryEntry();
Guid objectGuid = new Guid(entry.NativeGuid);
#1
4
You can do this with the System.DirectoryServices namespace.
您可以使用System.DirectoryServices命名空间执行此操作。
Dim entry As DirectoryServices.DirectoryEntry
Dim mySearcher As System.DirectoryServices.DirectorySearcher
Dim result As System.DirectoryServices.SearchResult
Dim myEntry As DirectoryEntry
Dim domainName As String
Dim userId As String
Dim objectGuid As Guid
'Split the username into domain and userid parts
domainName = Page.User.Identity.Name.Substring(0, Page.User.Identity.Name.IndexOf("\"))
userId = Page.User.Identity.Name.Substring(Page.User.Identity.Name.IndexOf("\") + 1)
'Start at the top level domain
entry = New DirectoryEntry(domainName)
mySearcher = New DirectorySearcher(entry)
'Build a filter for just the user
mySearcher.Filter = ("(&(anr=" & userId & ")(objectClass=user))")
'Get the search result ...
result = mySearcher.FindOne
'... and then get the AD entry that goes with it
myEntry = result.GetDirectoryEntry
'The Guid property is the objectGuid
objectGuid = myEntry.Guid
There might be a better way to do this, but this works!
可能有更好的方法来做到这一点,但这是有效的!
#2
11
The suggest solutions are rather expensive. Rather than searching by domain and username, a better solution is to use the SID to lookup the account:
建议的解决方案相当昂贵。而不是按域和用户名搜索,更好的解决方案是使用SID查找帐户:
// using System.Security.Principal;
IPrincipal userPrincipal = HttpContext.Current.User;
WindowsIdentity windowsId = userPrincipal.Identity as WindowsIdentity;
if (windowsId != null)
{
SecurityIdentifier sid = windowsId.User;
using(DirectoryEntry userDe = new DirectoryEntry("LDAP://<SID=" + sid.Value + ">"))
{
Guid objectGuid = new Guid(userDe.NativeGuid);
}
}
#3
2
You need to use NativeGuid property. C# code:
您需要使用NativeGuid属性。 C#代码:
string login = HttpContext.Current.User.Identity.Name;
string domain = login.Substring(0, login.IndexOf('\\'));
string userName = login.Substring(login.IndexOf('\\') + 1);
DirectoryEntry domainEntry = new DirectoryEntry("LDAP://" + domain);
DirectorySearcher searcher = new DirectorySearcher(domainEntry);
searcher.Filter = string.Format(
"(&(objectCategory=person)(objectClass=user)(sAMAccountName={0}))",
userName);
SearchResult searchResult = searcher.FindOne();
DirectoryEntry entry = searchResult.GetDirectoryEntry();
Guid objectGuid = new Guid(entry.NativeGuid);