Windows Auth - Active Directory

[J. Shane Kunkle]

Hello,

I have a web application that uses windows authentication. All the users
log in using an active directory account. When an authenticated user
performs certain actions I would like to retrieve specific information from
their active directory record (email address, etc).

I can obviously get their "domain\account" from
HttpContext.Current.User.Identity.Name - but what is the easiest way to
access active directory records in this case?

I feel like there should be some easy way to access active directory
information in this situation because the user is already authenticated (a
property of the User object, etc) however I have not found anything yet.

The best examples I have found use the DirectorySearcher and DirectoryEntry
objects but this seems to be quite a bit of work and I was hoping there
would be an easier way.

What is the recommended way to access active directory information in this
situation?

Any advice or direction is greatly appreciated - Thanks in advance,

J. Shane Kunkle
[email]jkunkle@vt.edu[/email]

[Joe Kaplan \(MVP - ADSI\)]

There isn't really an easier way. You need to use the DirectorySearcher to
search for their user object using the samAccountName (which you get from
their login name, e.g. domain\samAccountName) and find the attributes you
need from the result of the search.

The filter would look like:

(sAMAccountName=xxxx)

You would need to search the root of the domain the user is in or use the
Global Catalog for the forest if all the attributes you need are in the GC.

The way I've done this kind of thing before is to write a custom HttpModule
that looks up the user's info and adds it to a custom IPrincipal object. I
use session or cache to cache the data so that you don't need to look up the
values on every request.

I hope that gives you some ideas. I'd follow up with specific questions to
microsoft.public.adsi.general

Joe K.

"J. Shane Kunkle" <shane@caudillweb.com> wrote in message
news:eOsv1mplEHA.3016@tk2msftngp13.phx.gbl...

> Hello,
>
> I have a web application that uses windows authentication. All the users
> log in using an active directory account. When an authenticated user
> performs certain actions I would like to retrieve specific information
> from
> their active directory record (email address, etc).
>
> I can obviously get their "domain\account" from
> HttpContext.Current.User.Identity.Name - but what is the easiest way to
> access active directory records in this case?
>
> I feel like there should be some easy way to access active directory
> information in this situation because the user is already authenticated (a
> property of the User object, etc) however I have not found anything yet.
>
> The best examples I have found use the DirectorySearcher and
> DirectoryEntry
> objects but this seems to be quite a bit of work and I was hoping there
> would be an easier way.
>
> What is the recommended way to access active directory information in this
> situation?
>
> Any advice or direction is greatly appreciated - Thanks in advance,
>
> J. Shane Kunkle
> [email]jkunkle@vt.edu[/email]
>
>
>
>