Getting authenticate AD users objectGuid from asp.net

Question

I am using windows authentication within an ASP.NET application. I am wondering how to best get the objectGuid from the currently logged in user?

Regards, Egil.

score 12 · Answer 1 · answered Apr 07 '10 at 00:14

12

The suggest solutions are rather expensive. Rather than searching by domain and username, a better solution is to use the SID to lookup the account:

// using System.Security.Principal;
IPrincipal userPrincipal = HttpContext.Current.User;
WindowsIdentity windowsId = userPrincipal.Identity as WindowsIdentity;
if (windowsId != null)
{
    SecurityIdentifier sid = windowsId.User;

    using(DirectoryEntry userDe = new DirectoryEntry("LDAP://<SID=" + sid.Value + ">"))
    {
        Guid objectGuid = new Guid(userDe.NativeGuid);
    }
}

answered Apr 07 '10 at 00:14

Felan

1,273
10
17

What if windowsId is null? – kazinix Dec 10 '13 at 02:51
Then likely you are dealing with an anonymous user or someone who doesn't trust the web site to allow Kerberos authentication. You could work with the admins in your company to push out a group policy to trust the *internal* site. Or you could provide an https login form or some other authentication method. – Felan Dec 10 '13 at 20:45

score 4 · Accepted Answer · answered Nov 25 '08 at 08:47

You can do this with the System.DirectoryServices namespace.

Dim entry As DirectoryServices.DirectoryEntry
Dim mySearcher As System.DirectoryServices.DirectorySearcher
Dim result As System.DirectoryServices.SearchResult
Dim myEntry As DirectoryEntry
Dim domainName As String
Dim userId As String
Dim objectGuid As Guid

'Split the username into domain and userid parts
domainName = Page.User.Identity.Name.Substring(0, Page.User.Identity.Name.IndexOf("\"))
userId = Page.User.Identity.Name.Substring(Page.User.Identity.Name.IndexOf("\") + 1)

'Start at the top level domain
entry = New DirectoryEntry(domainName)

mySearcher = New DirectorySearcher(entry)

'Build a filter for just the user
mySearcher.Filter = ("(&(anr=" & userId & ")(objectClass=user))")

'Get the search result ...
result = mySearcher.FindOne

'... and then get the AD entry that goes with it
myEntry = result.GetDirectoryEntry

'The Guid property is the objectGuid
objectGuid = myEntry.Guid

There might be a better way to do this, but this works!

Thank you. In order to get the correct objectGuid, I used this code instead: objectGuid = System.Guid.Parse(myEntry.NativeGuid) — geekinit, Aug 06 '12 at 13:45

score 2 · Answer 3 · answered May 06 '09 at 05:54

You need to use NativeGuid property. C# code:

string login = HttpContext.Current.User.Identity.Name;
string domain = login.Substring(0, login.IndexOf('\\'));
string userName = login.Substring(login.IndexOf('\\') + 1);
DirectoryEntry domainEntry = new DirectoryEntry("LDAP://" + domain);
DirectorySearcher searcher = new DirectorySearcher(domainEntry);
searcher.Filter = string.Format(
   "(&(objectCategory=person)(objectClass=user)(sAMAccountName={0}))",
   userName);
SearchResult searchResult = searcher.FindOne();
DirectoryEntry entry = searchResult.GetDirectoryEntry();
Guid objectGuid = new Guid(entry.NativeGuid);

Getting authenticate AD users objectGuid from asp.net

3 Answers3

Linked