Getting Active Directory Info when using Windows Authentication?

Question

I am using Windows authentication on my asp.net MVC 3 app. Is there any way possible to get the users information out of active directory?

I know I can user User.Name.Identity and that works for the login name. But what about getting the Users First Name, Last Name and even the Description or Office all from active directory. Is this possible through .net?

score 23 · Accepted Answer · answered Feb 10 '11 at 18:33

23

Of course!! If you're using .NET 3.5 or up, it's actually pretty easy.

Basically, use the System.DirectoryServices.AccoutManagement namespace (read all about it here: Managing Directory Security Principals in the .NET Framework 3.5).

Then: you need to "find" the user and grab it's properties - use code something like this:

// create domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find the user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "username");

if(user != null)
{
    // access the user's properties in a nice, object-oriented way
}

answered Feb 10 '11 at 18:33

marc_s

732,580
175
1,330
1,459

@twal don't forget to accept this answer if it worked for you. – Waleed Al-Balooshi Feb 10 '11 at 18:36
@marc_s what I am curious about is how I should go about storing this user information to prevent too many taps on AD. Cookie or Session[] collection? Or something else? All I want to do is save duder's display name for later without having to tap AD each time a request comes to IIS. What do you think? – one.beat.consumer Jan 24 '12 at 02:40

Kevin Kalitowski · Answer 2 · 2015-04-09T13:49:49.240

5

If your code is running under the context of the user that you need information for, it gets even lighter (i.e. Windows Authentication):

//Must reference System.DirectoryServices.AccountManagement
var user = UserPrincipal.Current;

var firstName = user.GivenName;
var lastName = user.Surname;

edited Apr 09 '15 at 13:49

answered Nov 12 '13 at 19:31

Kevin Kalitowski

6,829
4
36
52

If I wanted to use this in the MVC layout page, would this code go in the Model, View, or Controller? Sorry, I've only begun MVC a week ago and am still trying to figure it all out. – Jamie Nov 06 '18 at 18:18

score 1 · Answer 3 · answered Feb 10 '11 at 18:31

1

Sounds like you may want to use the System.DirectoryServices namespace. Here's a guide on how you can read properties of a Directory object.

answered Feb 10 '11 at 18:31

bhamby

15,112
1
45
66

score 0 · Answer 4 · answered Jul 11 '17 at 11:42

0

In my environment I had to add this to the section in Web.config:

<identity impersonate="true" />

answered Jul 11 '17 at 11:42

Pete

1,191
12
19

Getting Active Directory Info when using Windows Authentication?

4 Answers4

Linked