Get UPN or email for logged in user in a .NET web application

Question

I'm not a .NET developer, and I have a feeling this would be trivial for someone who is:

I have a C# web application that makes user of the user credentials of the logged in user. Currently it uses the SID which comes from

System.Security.Principal.WindowsIdentity.GetCurrent().User.Value

I need to get either the users UPN login or email address (as defined in active directory) instead of the SID. GetCurrent() returns an object of type WindowsIdentity; looking in the details for WindowsIdentity Members:

MSDN: WindowsIdentity Members

I can't see anything that looks like it would give me either the UPN or email in there. How can I pull up that information to use, either by feeding the SID into some other function or calling something different in the first place.

score 46 · Accepted Answer · edited Sep 23 '15 at 17:03

46

Meanwhile (.NET 3.5) this is a one-liner:

System.DirectoryServices.AccountManagement.UserPrincipal.Current.EmailAddress

for the email, or

System.DirectoryServices.AccountManagement.UserPrincipal.Current.UserPrincipalName

for the UPN.

edited Sep 23 '15 at 17:03

Simon Giles

776
9
10

answered Dec 21 '10 at 07:19

Kiki

476
5
3

This is awesome! I didn't know about the AccountManagement namespace - exactly what I was looking for. – davekaro Mar 11 '11 at 16:37
Will usually be null. – djunod Oct 01 '16 at 16:35

score 2 · Answer 2 · answered Jul 10 '09 at 22:04

To query active directory using a directory searcher you need to do something like this (totally untested code):

    string userName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
    string ldapPath = "LDAP://domain.company.com";

    public string GetEmail(string userName, string ldapPath)
    {
        using (DirectoryEntry root = new DirectoryEntry(ldapPath))
        {
            DirectorySearcher searcher = new DirectorySearcher(root);
            searcher.Filter = string.Format(@"(&(sAMAccountName={0}))", userName);
            searcher.PropertiesToLoad = "mail";

            SearchResult result = searcher.FindOne();

            if (result != null)
            {
                PropertyValueCollection property = result.Properties["mail"];
                return (string)property.Value;
            }
            else
            { 
                // something bad happened
            }
        }
    }

score 1 · Answer 3 · answered Jul 09 '09 at 05:37

1

Try:

System.Security.Principal.WindowsIdentity.GetCurrent().Name

answered Jul 09 '09 at 05:37

Jimmy Chandra

6,472
4
26
38

1

The documentation says "Gets the user's Windows logon name." - will this return the NT-style name or the UPN style name? I know Microsoft said many years ago that UPN woudl be the new way to identify users, but in my experience almost everything works off NT Style credentials - and users can login to this site with either UPN or NT Style logoins so I can't rely on it using the same form the user did. – DrStalker Jul 09 '09 at 05:41
Just did a quick test and System.Security.Principal.WindowsIdentity.GetCurrent().Name is returning DOMAIN\username – DrStalker Jul 09 '09 at 06:22
from that, you can feed it into DirectorySearcher object to get more details on that particular user. For DirectorySearcher, see http://www.dotnetactivedirectory.com/Understanding_LDAP_Active_Directory_User_Object_Properties.html, http://blog.lozanotek.com/articles/149.aspx and http://codebetter.com/blogs/peter.van.ooijen/archive/2006/12/12/Getting-information-out-of-active-directory_3A00_-DirectorySearcher_2C00_-Properties-and-DirectoryEntry.aspx. – Jimmy Chandra Jul 09 '09 at 07:33

Get UPN or email for logged in user in a .NET web application

3 Answers3

Linked