Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > WindowsPrincipal is incorrect after AD account rename

Reply
Thread Tools

WindowsPrincipal is incorrect after AD account rename

 
 
lgalusha
Guest
Posts: n/a
 
      11-15-2006
Our environment is - we use Visual Studio 2005, Dotnet 2.0, VB to create a
web application which we run on IIS 6.

Our Web.config file has the following set:

<authentication mode="Windows" />
<identity impersonate="true"/>


We are using

MyPrincipal = New WindowsPrincipal(Current.User.Identity)

to obtain the name of the currently logged on user.

This is working until we are forced to rename a user's account in Active
Directory. For example, Mary Smith (domain\marys) gets married and becomes
Mary Jones (domain\maryj). We rename the account in Active Directory Users
and Computers and the rename appears to be fine. However from this point on
when we look at WindowsPrincipal(Current.User.Identity) it returns
domain\marys rather than her new name of domain\maryj.

What are we missing?




 
Reply With Quote
 
 
 
 
Luke Zhang [MSFT]
Guest
Posts: n/a
 
      11-16-2006
Hello,

What is the result if you check "Current.User.Identity.Name", is it
"domain\marys" or 'domain\maryj"? Will a IIS reset fix the problem? Also,
you may have the user clear her local IE cache and cookie to see if this
will help.

Sincerely,

Luke Zhang

Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.



 
Reply With Quote
 
 
 
 
lgalusha
Guest
Posts: n/a
 
      11-17-2006
I have included more of our code as I don't think I gave you enough
information in my first post. Also an IISRest and clearing the IE cache do
not resolve the problem.

First we call setUser to get the identity of the logged on user. Then we
call getUserInfo to find the AD account so that we can display information
about the user (display name, supervisor, etc.) on the screen in our web
app. When a user's name changes we get the wrong name in setUser so when we
call getUserInfo we do not get a match.

Is there a better way to do this or are we missed something when we do our
AD rename.

================================================== ===

Public Sub setUser()

Try 'to get the current user's identity

Dim s As Integer '*** Holds the position of the slash in user
Dim l As Integer '*** Holds the length of the user characters

'*** Get the user's Window's information

MyPrincipal = New WindowsPrincipal(Current.User.Identity)
myUser = MyPrincipal.Identity.Name

'*** Parse out the domain and user
s = myUser.IndexOf("\")
l = myUser.Length
If l > 0 Then
userDomain = myUser.Substring(0, s)
userName = myUser.Substring(s + 1, l - (s + 1))
End If

Catch exp As Exception

myErrMsg = "Exception: " + exp.Message

End Try 'to get the current user's identity

End Sub 'setUser

================================================== ===

Public Sub getUserInfo()

Dim x As Integer '*** Holds the position of the CN= in manager
Dim y As Integer '*** Holds the position of the , in manager
(first one)
Dim mgrsupr As String 'hold string for manager/supervisor

'*** Set the properties of the directory entry
myDEntry.Path = dePath
myDEntry.Username = deUsername
myDEntry.Password = dePassword
myDEntry.AuthenticationType = AuthenticationTypes.Secure

'*** Set the properties of the searcher
myFilter = "(&(anr=" & userName &
")(objectclass=user)(objectcategory=person))"
mySearch = New DirectorySearcher(myDEntry)
mySearch.Filter = myFilter
mySearch.SearchScope = SearchScope.Subtree

Try 'searching for the Active Directory Entry for the current
windows identity

src = mySearch.FindAll

For Each sr In src
'*** Get the search result's Active Directory Account name
'*** we have to initially check to make sure that
sAMAccountName is a valid
'*** property that was loaded

If sr.Properties.Contains("sAMAccountName") Then
If sr.Properties("sAMAccountName")(0) <> Nothing Then
myAN = CType(sr.Properties("sAMAccountName")(0),
String)
Else
myAN = "Unknown"
End If
Else
myAN = "Unknown"
myErrMsg = "Exception: Active Directory Account Not
Found"
Exit Sub
End If

'*** First check to see if this search result is the one we
want by
'*** matching the Active Directory Account Name to the
Domain User Name
If myAN.ToLower = userName.ToLower Then

'*** Get the user's Common Name
If sr.Properties.Contains("CN") Then
If sr.Properties("CN")(0) <> Nothing Then
FullEmployeeName = CType(sr.Properties("CN")(0),
String)
Else
FullEmployeeName = "Unknown"
End If
Else
FullEmployeeName = "Unknown"
End If

'*** Get the user's Display Name
If sr.Properties.Contains("displayName") Then
If sr.Properties("DisplayName")(0) <> Nothing Then
EmployeeShortName =
CType(sr.Properties("DisplayName")(0), String)
Else
EmployeeShortName = "Unknown"
End If
Else
EmployeeShortName = "Unknown"
End If

'*** Get the user's department
If sr.Properties.Contains("department") Then
If sr.Properties("department")(0) <> Nothing Then
DepartmentName =
CType(sr.Properties("department")(0), String)
Else
DepartmentName = "Unknown"
End If
Else
DepartmentName = "Unknown"
End If

'*** Get the user's phone extension
If sr.Properties.Contains("telephoneNumber") Then
If sr.Properties("telephoneNumber")(0) <> Nothing
Then
EmployeeExtension =
CType(sr.Properties("telephoneNumber")(0), String)
Else
EmployeeExtension = "???"
End If
Else
EmployeeExtension = "???"
End If

'*** Get the users employee number
If sr.Properties.Contains("otherTelephone") Then
If sr.Properties("otherTelephone")(0) <> Nothing
Then
EmployeeIDNumber =
CType(sr.Properties("otherTelephone")(0), String)
Else
EmployeeIDNumber = "????"
End If
Else
EmployeeIDNumber = "???"
End If

'*** Get the user's internet email address
If sr.Properties.Contains("mail") Then
'If sr.Properties("mail")(0) <> Nothing Then
'If InStr(1, CType(sr.Properties("mail")(0),
String), "@", CompareMethod.Text) > 0 Then
If CType(sr.Properties("mail")(0), String) Like
"*@*" Then
EmployeeEmailAddress =
CType(sr.Properties("mail")(0), String)
Else
EmployeeEmailAddress = "Unknown"
End If
Else
EmployeeEmailAddress = "Unknown"
End If

'*** Get the user's internet email address - alternate
If sr.Properties.Contains("ipphone") Then
'If sr.Properties("ipphone")(0) <> Nothing Then
'If InStr(1, CType(sr.Properties("ipphone")(0),
String), "@", CompareMethod.Text) > 0 Then
If CType(sr.Properties("ipphone")(0), String) Like
"*@*" Then
EmployeeAlternateEmailAddress =
CType(sr.Properties("ipphone")(0), String)
Else
EmployeeAlternateEmailAddress = "Unknown"
End If
Else
EmployeeAlternateEmailAddress = "Unknown"
End If

'*** Get the user's title
If sr.Properties.Contains("title") Then
If sr.Properties("title")(0) <> Nothing Then
EmployeeTitle = CType(sr.Properties("title")(0),
String)
Else
EmployeeTitle = "Unknown"
End If
Else
EmployeeTitle = "Unknown"
End If

'*** Get the user's manager
If sr.Properties.Contains("manager") Then
If sr.Properties("manager")(0) <> Nothing Then
mgrsupr = CType(sr.Properties("manager")(0),
String)

'*** Parse out the manager/supervisor name
x = mgrsupr.IndexOf("CN=")
y = mgrsupr.IndexOf(",")
If y > 0 Then
EmployeeSupervisorManager =
mgrsupr.Substring(x + 3, y - (x + 3))
getUserInfoforMgr(EmployeeSupervisorManager)
Else
EmployeeSupervisorManager = "Unknown"
EmployeeMgrEmailAddress = "Unknown"
EmployeeMgrAlternateEmailAddress = "Unknown"
End If
Else
EmployeeSupervisorManager = "Unknown"
EmployeeMgrEmailAddress = "Unknown"
EmployeeMgrAlternateEmailAddress = "Unknown"
End If
Else
EmployeeSupervisorManager = "Unknown"
EmployeeMgrEmailAddress = "Unknown"
EmployeeMgrAlternateEmailAddress = "Unknown"
End If

Exit Sub '*** Let's get out of here because we've got
our info

End If 'the Active Directory entry is the correct one

Next 'Next Active Directory entry

Catch exp As Exception

myErrMsg = "Exception:" & exp.Message
FullEmployeeName = "Not Found 3"
EmployeeShortName = "Not Found 3"
DepartmentName = "Not Found 3"
EmployeeExtension = "000"
EmployeeIDNumber = "0000"
EmployeeEmailAddress = "(E-Mail Removed)"
EmployeeAlternateEmailAddress = "(E-Mail Removed)"
EmployeeSupervisorManager = "Not Found 3"
EmployeeTitle = "Not Found 3"

End Try 'searching for the Active Directory Entry for the current
windows identity
End Sub 'getUserInfo

================================================== ===

"Luke Zhang [MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello,
>
> What is the result if you check "Current.User.Identity.Name", is it
> "domain\marys" or 'domain\maryj"? Will a IIS reset fix the problem? Also,
> you may have the user clear her local IE cache and cookie to see if this
> will help.
>
> Sincerely,
>
> Luke Zhang
>
> Microsoft Online Community Support
> ==================================================
> Get notification to my posts through email? Please refer to
> http://msdn.microsoft.com/subscripti...ult.aspx#notif
> ications.
>
> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> where an initial response from the community or a Microsoft Support
> Engineer within 1 business day is acceptable. Please note that each follow
> up response may take approximately 2 business days as the support
> professional working with you may need further investigation to reach the
> most efficient resolution. The offering is not appropriate for situations
> that require urgent, real-time or phone-based interactions or complex
> project analysis and dump analysis issues. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at
> http://msdn.microsoft.com/subscripti...t/default.aspx.
> ==================================================
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>



 
Reply With Quote
 
Joe Kaplan
Guest
Posts: n/a
 
      11-17-2006
What happens if the browser user logs out and logs back in again? Does that
fix it?

Also, if you are using .NET 2.0 instead of 1.1, there is a relatively
straightforward way you can code around this problem.

Basically, the steps would be to cast the Context.User.Identity to a
WindowsIdentity and get the user's SID. Then, once you have the SID, you
can do an LDAP query based on that instead of querying based on the
username. The SID is rename safe and only changes if the user is moved to a
different domain.

That is probably the cleanest solution to this problem.

It is also doable in .NET 1.1, but there isn't an easy way to get the user's
SID from the token without p/invoke, so it is more complex.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"lgalusha" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I have included more of our code as I don't think I gave you enough
>information in my first post. Also an IISRest and clearing the IE cache do
>not resolve the problem.
>
> First we call setUser to get the identity of the logged on user. Then we
> call getUserInfo to find the AD account so that we can display information
> about the user (display name, supervisor, etc.) on the screen in our web
> app. When a user's name changes we get the wrong name in setUser so when
> we call getUserInfo we do not get a match.
>
> Is there a better way to do this or are we missed something when we do our
> AD rename.
>
> ================================================== ===
>
> Public Sub setUser()
>
> Try 'to get the current user's identity
>
> Dim s As Integer '*** Holds the position of the slash in
> user
> Dim l As Integer '*** Holds the length of the user
> characters
>
> '*** Get the user's Window's information
>
> MyPrincipal = New WindowsPrincipal(Current.User.Identity)
> myUser = MyPrincipal.Identity.Name
>
> '*** Parse out the domain and user
> s = myUser.IndexOf("\")
> l = myUser.Length
> If l > 0 Then
> userDomain = myUser.Substring(0, s)
> userName = myUser.Substring(s + 1, l - (s + 1))
> End If
>
> Catch exp As Exception
>
> myErrMsg = "Exception: " + exp.Message
>
> End Try 'to get the current user's identity
>
> End Sub 'setUser
>
> ================================================== ===
>
> Public Sub getUserInfo()
>
> Dim x As Integer '*** Holds the position of the CN= in manager
> Dim y As Integer '*** Holds the position of the , in manager
> (first one)
> Dim mgrsupr As String 'hold string for manager/supervisor
>
> '*** Set the properties of the directory entry
> myDEntry.Path = dePath
> myDEntry.Username = deUsername
> myDEntry.Password = dePassword
> myDEntry.AuthenticationType = AuthenticationTypes.Secure
>
> '*** Set the properties of the searcher
> myFilter = "(&(anr=" & userName &
> ")(objectclass=user)(objectcategory=person))"
> mySearch = New DirectorySearcher(myDEntry)
> mySearch.Filter = myFilter
> mySearch.SearchScope = SearchScope.Subtree
>
> Try 'searching for the Active Directory Entry for the current
> windows identity
>
> src = mySearch.FindAll
>
> For Each sr In src
> '*** Get the search result's Active Directory Account name
> '*** we have to initially check to make sure that
> sAMAccountName is a valid
> '*** property that was loaded
>
> If sr.Properties.Contains("sAMAccountName") Then
> If sr.Properties("sAMAccountName")(0) <> Nothing Then
> myAN = CType(sr.Properties("sAMAccountName")(0),
> String)
> Else
> myAN = "Unknown"
> End If
> Else
> myAN = "Unknown"
> myErrMsg = "Exception: Active Directory Account Not
> Found"
> Exit Sub
> End If
>
> '*** First check to see if this search result is the one we
> want by
> '*** matching the Active Directory Account Name to the
> Domain User Name
> If myAN.ToLower = userName.ToLower Then
>
> '*** Get the user's Common Name
> If sr.Properties.Contains("CN") Then
> If sr.Properties("CN")(0) <> Nothing Then
> FullEmployeeName =
> CType(sr.Properties("CN")(0), String)
> Else
> FullEmployeeName = "Unknown"
> End If
> Else
> FullEmployeeName = "Unknown"
> End If
>
> '*** Get the user's Display Name
> If sr.Properties.Contains("displayName") Then
> If sr.Properties("DisplayName")(0) <> Nothing Then
> EmployeeShortName =
> CType(sr.Properties("DisplayName")(0), String)
> Else
> EmployeeShortName = "Unknown"
> End If
> Else
> EmployeeShortName = "Unknown"
> End If
>
> '*** Get the user's department
> If sr.Properties.Contains("department") Then
> If sr.Properties("department")(0) <> Nothing Then
> DepartmentName =
> CType(sr.Properties("department")(0), String)
> Else
> DepartmentName = "Unknown"
> End If
> Else
> DepartmentName = "Unknown"
> End If
>
> '*** Get the user's phone extension
> If sr.Properties.Contains("telephoneNumber") Then
> If sr.Properties("telephoneNumber")(0) <> Nothing
> Then
> EmployeeExtension =
> CType(sr.Properties("telephoneNumber")(0), String)
> Else
> EmployeeExtension = "???"
> End If
> Else
> EmployeeExtension = "???"
> End If
>
> '*** Get the users employee number
> If sr.Properties.Contains("otherTelephone") Then
> If sr.Properties("otherTelephone")(0) <> Nothing
> Then
> EmployeeIDNumber =
> CType(sr.Properties("otherTelephone")(0), String)
> Else
> EmployeeIDNumber = "????"
> End If
> Else
> EmployeeIDNumber = "???"
> End If
>
> '*** Get the user's internet email address
> If sr.Properties.Contains("mail") Then
> 'If sr.Properties("mail")(0) <> Nothing Then
> 'If InStr(1, CType(sr.Properties("mail")(0),
> String), "@", CompareMethod.Text) > 0 Then
> If CType(sr.Properties("mail")(0), String) Like
> "*@*" Then
> EmployeeEmailAddress =
> CType(sr.Properties("mail")(0), String)
> Else
> EmployeeEmailAddress = "Unknown"
> End If
> Else
> EmployeeEmailAddress = "Unknown"
> End If
>
> '*** Get the user's internet email address - alternate
> If sr.Properties.Contains("ipphone") Then
> 'If sr.Properties("ipphone")(0) <> Nothing Then
> 'If InStr(1, CType(sr.Properties("ipphone")(0),
> String), "@", CompareMethod.Text) > 0 Then
> If CType(sr.Properties("ipphone")(0), String) Like
> "*@*" Then
> EmployeeAlternateEmailAddress =
> CType(sr.Properties("ipphone")(0), String)
> Else
> EmployeeAlternateEmailAddress = "Unknown"
> End If
> Else
> EmployeeAlternateEmailAddress = "Unknown"
> End If
>
> '*** Get the user's title
> If sr.Properties.Contains("title") Then
> If sr.Properties("title")(0) <> Nothing Then
> EmployeeTitle =
> CType(sr.Properties("title")(0), String)
> Else
> EmployeeTitle = "Unknown"
> End If
> Else
> EmployeeTitle = "Unknown"
> End If
>
> '*** Get the user's manager
> If sr.Properties.Contains("manager") Then
> If sr.Properties("manager")(0) <> Nothing Then
> mgrsupr = CType(sr.Properties("manager")(0),
> String)
>
> '*** Parse out the manager/supervisor name
> x = mgrsupr.IndexOf("CN=")
> y = mgrsupr.IndexOf(",")
> If y > 0 Then
> EmployeeSupervisorManager =
> mgrsupr.Substring(x + 3, y - (x + 3))
>
> getUserInfoforMgr(EmployeeSupervisorManager)
> Else
> EmployeeSupervisorManager = "Unknown"
> EmployeeMgrEmailAddress = "Unknown"
> EmployeeMgrAlternateEmailAddress =
> "Unknown"
> End If
> Else
> EmployeeSupervisorManager = "Unknown"
> EmployeeMgrEmailAddress = "Unknown"
> EmployeeMgrAlternateEmailAddress = "Unknown"
> End If
> Else
> EmployeeSupervisorManager = "Unknown"
> EmployeeMgrEmailAddress = "Unknown"
> EmployeeMgrAlternateEmailAddress = "Unknown"
> End If
>
> Exit Sub '*** Let's get out of here because we've
> got our info
>
> End If 'the Active Directory entry is the correct one
>
> Next 'Next Active Directory entry
>
> Catch exp As Exception
>
> myErrMsg = "Exception:" & exp.Message
> FullEmployeeName = "Not Found 3"
> EmployeeShortName = "Not Found 3"
> DepartmentName = "Not Found 3"
> EmployeeExtension = "000"
> EmployeeIDNumber = "0000"
> EmployeeEmailAddress = "(E-Mail Removed)"
> EmployeeAlternateEmailAddress = "(E-Mail Removed)"
> EmployeeSupervisorManager = "Not Found 3"
> EmployeeTitle = "Not Found 3"
>
> End Try 'searching for the Active Directory Entry for the current
> windows identity
> End Sub 'getUserInfo
>
> ================================================== ===
>
> "Luke Zhang [MSFT]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hello,
>>
>> What is the result if you check "Current.User.Identity.Name", is it
>> "domain\marys" or 'domain\maryj"? Will a IIS reset fix the problem? Also,
>> you may have the user clear her local IE cache and cookie to see if this
>> will help.
>>
>> Sincerely,
>>
>> Luke Zhang
>>
>> Microsoft Online Community Support
>> ==================================================
>> Get notification to my posts through email? Please refer to
>> http://msdn.microsoft.com/subscripti...ult.aspx#notif
>> ications.
>>
>> Note: The MSDN Managed Newsgroup support offering is for non-urgent
>> issues
>> where an initial response from the community or a Microsoft Support
>> Engineer within 1 business day is acceptable. Please note that each
>> follow
>> up response may take approximately 2 business days as the support
>> professional working with you may need further investigation to reach the
>> most efficient resolution. The offering is not appropriate for situations
>> that require urgent, real-time or phone-based interactions or complex
>> project analysis and dump analysis issues. Issues of this nature are best
>> handled working with a dedicated Microsoft Support Engineer by contacting
>> Microsoft Customer Support Services (CSS) at
>> http://msdn.microsoft.com/subscripti...t/default.aspx.
>> ==================================================
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>>

>
>



 
Reply With Quote
 
lgalusha
Guest
Posts: n/a
 
      11-27-2006
Thanks Joe, this is working for us.


"Joe Kaplan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> What happens if the browser user logs out and logs back in again? Does
> that fix it?
>
> Also, if you are using .NET 2.0 instead of 1.1, there is a relatively
> straightforward way you can code around this problem.
>
> Basically, the steps would be to cast the Context.User.Identity to a
> WindowsIdentity and get the user's SID. Then, once you have the SID, you
> can do an LDAP query based on that instead of querying based on the
> username. The SID is rename safe and only changes if the user is moved to
> a different domain.
>
> That is probably the cleanest solution to this problem.
>
> It is also doable in .NET 1.1, but there isn't an easy way to get the
> user's SID from the token without p/invoke, so it is more complex.
>
> Joe K.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services
> Programming"
> http://www.directoryprogramming.net
> --
> "lgalusha" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I have included more of our code as I don't think I gave you enough
>>information in my first post. Also an IISRest and clearing the IE cache
>>do not resolve the problem.
>>
>> First we call setUser to get the identity of the logged on user. Then we
>> call getUserInfo to find the AD account so that we can display
>> information about the user (display name, supervisor, etc.) on the screen
>> in our web app. When a user's name changes we get the wrong name in
>> setUser so when we call getUserInfo we do not get a match.
>>
>> Is there a better way to do this or are we missed something when we do
>> our AD rename.
>>
>> ================================================== ===
>>
>> Public Sub setUser()
>>
>> Try 'to get the current user's identity
>>
>> Dim s As Integer '*** Holds the position of the slash in
>> user
>> Dim l As Integer '*** Holds the length of the user
>> characters
>>
>> '*** Get the user's Window's information
>>
>> MyPrincipal = New WindowsPrincipal(Current.User.Identity)
>> myUser = MyPrincipal.Identity.Name
>>
>> '*** Parse out the domain and user
>> s = myUser.IndexOf("\")
>> l = myUser.Length
>> If l > 0 Then
>> userDomain = myUser.Substring(0, s)
>> userName = myUser.Substring(s + 1, l - (s + 1))
>> End If
>>
>> Catch exp As Exception
>>
>> myErrMsg = "Exception: " + exp.Message
>>
>> End Try 'to get the current user's identity
>>
>> End Sub 'setUser
>>
>> ================================================== ===
>>
>> Public Sub getUserInfo()
>>
>> Dim x As Integer '*** Holds the position of the CN= in manager
>> Dim y As Integer '*** Holds the position of the , in manager
>> (first one)
>> Dim mgrsupr As String 'hold string for manager/supervisor
>>
>> '*** Set the properties of the directory entry
>> myDEntry.Path = dePath
>> myDEntry.Username = deUsername
>> myDEntry.Password = dePassword
>> myDEntry.AuthenticationType = AuthenticationTypes.Secure
>>
>> '*** Set the properties of the searcher
>> myFilter = "(&(anr=" & userName &
>> ")(objectclass=user)(objectcategory=person))"
>> mySearch = New DirectorySearcher(myDEntry)
>> mySearch.Filter = myFilter
>> mySearch.SearchScope = SearchScope.Subtree
>>
>> Try 'searching for the Active Directory Entry for the current
>> windows identity
>>
>> src = mySearch.FindAll
>>
>> For Each sr In src
>> '*** Get the search result's Active Directory Account name
>> '*** we have to initially check to make sure that
>> sAMAccountName is a valid
>> '*** property that was loaded
>>
>> If sr.Properties.Contains("sAMAccountName") Then
>> If sr.Properties("sAMAccountName")(0) <> Nothing Then
>> myAN = CType(sr.Properties("sAMAccountName")(0),
>> String)
>> Else
>> myAN = "Unknown"
>> End If
>> Else
>> myAN = "Unknown"
>> myErrMsg = "Exception: Active Directory Account Not
>> Found"
>> Exit Sub
>> End If
>>
>> '*** First check to see if this search result is the one
>> we want by
>> '*** matching the Active Directory Account Name to the
>> Domain User Name
>> If myAN.ToLower = userName.ToLower Then
>>
>> '*** Get the user's Common Name
>> If sr.Properties.Contains("CN") Then
>> If sr.Properties("CN")(0) <> Nothing Then
>> FullEmployeeName =
>> CType(sr.Properties("CN")(0), String)
>> Else
>> FullEmployeeName = "Unknown"
>> End If
>> Else
>> FullEmployeeName = "Unknown"
>> End If
>>
>> '*** Get the user's Display Name
>> If sr.Properties.Contains("displayName") Then
>> If sr.Properties("DisplayName")(0) <> Nothing Then
>> EmployeeShortName =
>> CType(sr.Properties("DisplayName")(0), String)
>> Else
>> EmployeeShortName = "Unknown"
>> End If
>> Else
>> EmployeeShortName = "Unknown"
>> End If
>>
>> '*** Get the user's department
>> If sr.Properties.Contains("department") Then
>> If sr.Properties("department")(0) <> Nothing Then
>> DepartmentName =
>> CType(sr.Properties("department")(0), String)
>> Else
>> DepartmentName = "Unknown"
>> End If
>> Else
>> DepartmentName = "Unknown"
>> End If
>>
>> '*** Get the user's phone extension
>> If sr.Properties.Contains("telephoneNumber") Then
>> If sr.Properties("telephoneNumber")(0) <> Nothing
>> Then
>> EmployeeExtension =
>> CType(sr.Properties("telephoneNumber")(0), String)
>> Else
>> EmployeeExtension = "???"
>> End If
>> Else
>> EmployeeExtension = "???"
>> End If
>>
>> '*** Get the users employee number
>> If sr.Properties.Contains("otherTelephone") Then
>> If sr.Properties("otherTelephone")(0) <> Nothing
>> Then
>> EmployeeIDNumber =
>> CType(sr.Properties("otherTelephone")(0), String)
>> Else
>> EmployeeIDNumber = "????"
>> End If
>> Else
>> EmployeeIDNumber = "???"
>> End If
>>
>> '*** Get the user's internet email address
>> If sr.Properties.Contains("mail") Then
>> 'If sr.Properties("mail")(0) <> Nothing Then
>> 'If InStr(1, CType(sr.Properties("mail")(0),
>> String), "@", CompareMethod.Text) > 0 Then
>> If CType(sr.Properties("mail")(0), String) Like
>> "*@*" Then
>> EmployeeEmailAddress =
>> CType(sr.Properties("mail")(0), String)
>> Else
>> EmployeeEmailAddress = "Unknown"
>> End If
>> Else
>> EmployeeEmailAddress = "Unknown"
>> End If
>>
>> '*** Get the user's internet email address - alternate
>> If sr.Properties.Contains("ipphone") Then
>> 'If sr.Properties("ipphone")(0) <> Nothing Then
>> 'If InStr(1, CType(sr.Properties("ipphone")(0),
>> String), "@", CompareMethod.Text) > 0 Then
>> If CType(sr.Properties("ipphone")(0), String) Like
>> "*@*" Then
>> EmployeeAlternateEmailAddress =
>> CType(sr.Properties("ipphone")(0), String)
>> Else
>> EmployeeAlternateEmailAddress = "Unknown"
>> End If
>> Else
>> EmployeeAlternateEmailAddress = "Unknown"
>> End If
>>
>> '*** Get the user's title
>> If sr.Properties.Contains("title") Then
>> If sr.Properties("title")(0) <> Nothing Then
>> EmployeeTitle =
>> CType(sr.Properties("title")(0), String)
>> Else
>> EmployeeTitle = "Unknown"
>> End If
>> Else
>> EmployeeTitle = "Unknown"
>> End If
>>
>> '*** Get the user's manager
>> If sr.Properties.Contains("manager") Then
>> If sr.Properties("manager")(0) <> Nothing Then
>> mgrsupr = CType(sr.Properties("manager")(0),
>> String)
>>
>> '*** Parse out the manager/supervisor name
>> x = mgrsupr.IndexOf("CN=")
>> y = mgrsupr.IndexOf(",")
>> If y > 0 Then
>> EmployeeSupervisorManager =
>> mgrsupr.Substring(x + 3, y - (x + 3))
>>
>> getUserInfoforMgr(EmployeeSupervisorManager)
>> Else
>> EmployeeSupervisorManager = "Unknown"
>> EmployeeMgrEmailAddress = "Unknown"
>> EmployeeMgrAlternateEmailAddress =
>> "Unknown"
>> End If
>> Else
>> EmployeeSupervisorManager = "Unknown"
>> EmployeeMgrEmailAddress = "Unknown"
>> EmployeeMgrAlternateEmailAddress = "Unknown"
>> End If
>> Else
>> EmployeeSupervisorManager = "Unknown"
>> EmployeeMgrEmailAddress = "Unknown"
>> EmployeeMgrAlternateEmailAddress = "Unknown"
>> End If
>>
>> Exit Sub '*** Let's get out of here because we've
>> got our info
>>
>> End If 'the Active Directory entry is the correct one
>>
>> Next 'Next Active Directory entry
>>
>> Catch exp As Exception
>>
>> myErrMsg = "Exception:" & exp.Message
>> FullEmployeeName = "Not Found 3"
>> EmployeeShortName = "Not Found 3"
>> DepartmentName = "Not Found 3"
>> EmployeeExtension = "000"
>> EmployeeIDNumber = "0000"
>> EmployeeEmailAddress = "(E-Mail Removed)"
>> EmployeeAlternateEmailAddress = "(E-Mail Removed)"
>> EmployeeSupervisorManager = "Not Found 3"
>> EmployeeTitle = "Not Found 3"
>>
>> End Try 'searching for the Active Directory Entry for the current
>> windows identity
>> End Sub 'getUserInfo
>>
>> ================================================== ===
>>
>> "Luke Zhang [MSFT]" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Hello,
>>>
>>> What is the result if you check "Current.User.Identity.Name", is it
>>> "domain\marys" or 'domain\maryj"? Will a IIS reset fix the problem?
>>> Also,
>>> you may have the user clear her local IE cache and cookie to see if this
>>> will help.
>>>
>>> Sincerely,
>>>
>>> Luke Zhang
>>>
>>> Microsoft Online Community Support
>>> ==================================================
>>> Get notification to my posts through email? Please refer to
>>> http://msdn.microsoft.com/subscripti...ult.aspx#notif
>>> ications.
>>>
>>> Note: The MSDN Managed Newsgroup support offering is for non-urgent
>>> issues
>>> where an initial response from the community or a Microsoft Support
>>> Engineer within 1 business day is acceptable. Please note that each
>>> follow
>>> up response may take approximately 2 business days as the support
>>> professional working with you may need further investigation to reach
>>> the
>>> most efficient resolution. The offering is not appropriate for
>>> situations
>>> that require urgent, real-time or phone-based interactions or complex
>>> project analysis and dump analysis issues. Issues of this nature are
>>> best
>>> handled working with a dedicated Microsoft Support Engineer by
>>> contacting
>>> Microsoft Customer Support Services (CSS) at
>>> http://msdn.microsoft.com/subscripti...t/default.aspx.
>>> ==================================================
>>>
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>>
>>>

>>
>>

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
CurrentPrincipal, WindowsPrincipal Mark ASP .Net 1 02-23-2010 06:09 AM
WindowsPrincipal.IsInRole() problem with non-builtin roles naijacoder naijacoder ASP .Net Security 4 09-02-2004 01:56 AM
CurrentPrincipal, WindowsPrincipal Mark ASP .Net Security 1 01-12-2004 01:35 PM
WindowsPrincipal and WindowsIdentity. Kevin Burton ASP .Net 1 01-08-2004 01:20 AM
Role empty in WindowsPrincipal Peter Moberg ASP .Net Security 0 07-25-2003 05:00 AM



Advertisments