Hi,
I am looking to find a way to get currently logged in user's object GUID
without querying ActiveDirectory. For example, when i log in to my
laptop from home, I'm not on the office network so i can't reach AD but
I'm sure i still can get my AD's objectGUID, as the profile is cached
locally.
Any ideas?
Thank you,
Andrey
6  5611 
Hi Andrey,
I think you may try the ADSI WinNT Provider, it can query the local user: http://msdn2.microsoft.com/en-us/library/aa746543.aspx
Sincerely,
Luke Zhang
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
"MuZZy" <tn*@newsgroups.nospamwrote in message
news:O2**************@TK2MSFTNGP05.phx.gbl...
Hi,
I am looking to find a way to get currently logged in user's object GUID without querying
ActiveDirectory. For example, when i log in to my laptop from home, I'm not on the office
network so i can't reach AD but I'm sure i still can get my AD's objectGUID, as the
profile is cached locally.
Any ideas?
Thank you,
Andrey
No, the objectGUID is not part of the profile, so, not cached locally, don't know why you
need this objectGUID anyway.
Willy.
Willy Denoyette [MVP] wrote:
"MuZZy" <tn*@newsgroups.nospamwrote in message
news:O2**************@TK2MSFTNGP05.phx.gbl...
>Hi,
I am looking to find a way to get currently logged in user's object
GUID without querying ActiveDirectory. For example, when i log in to
my laptop from home, I'm not on the office network so i can't reach AD
but I'm sure i still can get my AD's objectGUID, as the profile is
cached locally.
Any ideas?
Thank you,
Andrey
No, the objectGUID is not part of the profile, so, not cached locally,
don't know why you need this objectGUID anyway.
Willy.
I can explain why do i need it - maybe you can give me a better advice.
Our application currently supports its own set of application
users/logins, but it becomes a problem for our bigger clients who want
all of their software to be "One click login" so that once you are
logged in to Windows, you have access to all apps without need to login
again using those apps' logins. Like in SQL server you can login using
sql account or using windows authentication.
So i want to add mapping of existing application accounts to Active
Directory users, for that i need some user's ID which is reliable and
which doesn't change if user is say renamed (that's why i can't use
principal name for that). SO my idea was to use either GUID or SID, but
as i understand SID can change, but GUID will never change.
In case if the user is currently not on the network i still need to be
able to authenticate him that's why i need something i can query
locally, without access to AD.
I guess, i will go with SID then...
Thank you,
ANdrey
"MuZZy" <tn*@newsgroups.nospamwrote in message
news:%2****************@TK2MSFTNGP05.phx.gbl...
Willy Denoyette [MVP] wrote:
>"MuZZy" <tn*@newsgroups.nospamwrote in message
news:O2**************@TK2MSFTNGP05.phx.gbl...
>>Hi,
I am looking to find a way to get currently logged in user's object GUID without
querying ActiveDirectory. For example, when i log in to my laptop from home, I'm not on
the office network so i can't reach AD but I'm sure i still can get my AD's objectGUID,
as the profile is cached locally.
Any ideas?
Thank you,
Andrey
No, the objectGUID is not part of the profile, so, not cached locally, don't know why
you need this objectGUID anyway.
Willy.
I can explain why do i need it - maybe you can give me a better advice.
Our application currently supports its own set of application users/logins, but it becomes
a problem for our bigger clients who want all of their software to be "One click login" so
that once you are logged in to Windows, you have access to all apps without need to login
again using those apps' logins. Like in SQL server you can login using sql account or
using windows authentication.
Not sure what do you mean by this? SQL server and Windows authentication are different
beasts!
So i want to add mapping of existing application accounts to Active Directory users, for
that i need some user's ID which is reliable and which doesn't change if user is say
renamed (that's why i can't use principal name for that). SO my idea was to use either
GUID or SID, but as i understand SID can change, but GUID will never change.
GUID, and objectSID's don't change by renaming an object, anyway,authentication (in an AD
realm) doesn't use objectGUID's or GUID's or SID, authentication uses kerberos tickets
obtained by a login (specifying login credentials). A kerberos ticket is cached localy and
is valid for a configurable period only, after which it can't be used any longer.
In case if the user is currently not on the network i still need to be able to
authenticate him that's why i need something i can query locally, without access to AD.
I guess, i will go with SID then...
I'm not quite clear on what you mean in your last paragraph, if the user is not on the
network, how do you access network resources? or what do you need to authenticate the user
for?
Willy.
Willy Denoyette [MVP] wrote:
"MuZZy" <tn*@newsgroups.nospamwrote in message
news:%2****************@TK2MSFTNGP05.phx.gbl...
>Willy Denoyette [MVP] wrote:
>>"MuZZy" <tn*@newsgroups.nospamwrote in message
news:O2**************@TK2MSFTNGP05.phx.gbl...
Hi,
I am looking to find a way to get currently logged in user's object
GUID without querying ActiveDirectory. For example, when i log in to
my laptop from home, I'm not on the office network so i can't reach
AD but I'm sure i still can get my AD's objectGUID, as the profile
is cached locally.
Any ideas?
Thank you,
Andrey
No, the objectGUID is not part of the profile, so, not cached
locally, don't know why you need this objectGUID anyway.
Willy.
I can explain why do i need it - maybe you can give me a better advice.
Our application currently supports its own set of application
users/logins, but it becomes a problem for our bigger clients who want
all of their software to be "One click login" so that once you are
logged in to Windows, you have access to all apps without need to
login again using those apps' logins. Like in SQL server you can login
using sql account or using windows authentication.
Not sure what do you mean by this? SQL server and Windows authentication
are different beasts!
>So i want to add mapping of existing application accounts to Active
Directory users, for that i need some user's ID which is reliable and
which doesn't change if user is say renamed (that's why i can't use
principal name for that). SO my idea was to use either GUID or SID,
but as i understand SID can change, but GUID will never change.
GUID, and objectSID's don't change by renaming an object,
anyway,authentication (in an AD realm) doesn't use objectGUID's or
GUID's or SID, authentication uses kerberos tickets obtained by a login
(specifying login credentials). A kerberos ticket is cached localy and
is valid for a configurable period only, after which it can't be used
any longer.
>In case if the user is currently not on the network i still need to be
able to authenticate him that's why i need something i can query
locally, without access to AD.
I guess, i will go with SID then...
I'm not quite clear on what you mean in your last paragraph, if the user
is not on the network, how do you access network resources? or what do
you need to authenticate the user for?
Willy.
Ok, based on your comments i realized i should be more clear. Give you
an example: say, i have a user in my app:
login: "andrey_app"
password: "password"
Also, that user's windows principal username is: "andrey@domain".
I somehow map andrey@domain to andrey_app (store the mapping in the
database).
Currently, when a user logs in to the application, he provides
andrey_app/password as his credentials and i authenticate him for the
application. What i want to do is to avoid the need for the user to type
in those username/password. If a user choses "Windows Authentication"
i'll take his windows username:
WindowsIdentity user = WindowsIdentity.GetCurrent();
by that name i will get his application username andrey_app and will log
this user in as andrey_app.
And that's what i meant about SQL server and Windows authentication -
when you connect to sql database you can either provide your sql server
login/password or use trusted connection, where sql server will
authenticate you by your windows username.
Now, some clients are using the app remotely with the copy of the
database and later they synch their local db with the main one, so they
might need to be authenticated when outside the network.
You may still consider UserName as mapping index, instead of ojectGUID.
Chaning user account is rare, and you can also add a function to your
system, to support change windows user account mapping.
Sincerely,
Luke Zhang
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Marcin Zmyslowski |
last post by:
Hello all!
I want to create a page in ASP language which gives me information about
currently logged users. I thought to do it by this way: when somebody
will log in to page, there will be a...
|
by: anonymous |
last post by:
Hi all,
I've been searching the way to achieve the following task.
But no luck so far.
I have a web site(main site), which requires authentication. This
authentication is set at Windows...
|
by: sushi |
last post by:
Hello,
I am running a ASP.Net application. It runs by defaul in the context
of ASPNET user. I want to dynamically impersonate it so as to run in the
context of currently logged in user. I know it...
|
by: SStory |
last post by:
I have a service which has no U/I, that I use to ensure a certain tray
application is running.
I would like for the service which runs under "Local System", to create the
process as a normal app...
|
by: eswanson |
last post by:
How do you get the currently logged in user from a regular c sharp class?
I have a common utility class in which I have some static functions that
called from multiple places. In one of the...
|
by: John |
last post by:
Hi
We can get the current logged in user's name but is it also possible to get
the default email form outlook of the currently logged-in user as well? The
reason for this is that I need to email...
|
by: simonlpwaters |
last post by:
I need to obtain the username of the currently logged in user on a
machine. However, the program that needs to do this will be running
under different credentials to the logged in user, so using...
|
by: gihope |
last post by:
Hi, can anyone advise me how I can access the UserName of a currently logged in user without using the LoginName control.
For instance I want to search tables I have created in my database that I...
|
by: Tapiwa |
last post by:
Hello,
I am currently maintaing an old ASP 2.0 application and would like to know
the command to retain the currently logged on user (i.e. WINDOWS login). The
equivalent command in ASP.NET would...
|
by: lllomh |
last post by:
Define the method first
this.state = {
buttonBackgroundColor: 'green',
isBlinking: false, // A new status is added to identify whether the button is blinking or not
}
autoStart=()=>{
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 4 Oct 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM)
The start time is equivalent to 19:00 (7PM) in Central...
|
by: tracyyun |
last post by:
Hello everyone,
I have a question and would like some advice on network connectivity. I have one computer connected to my router via WiFi, but I have two other computers that I want to be able to...
|
by: NeoPa |
last post by:
Introduction
For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
|
by: Teri B |
last post by:
Hi, I have created a sub-form Roles. In my course form the user selects the roles assigned to the course.
0ne-to-many. One course many roles.
Then I created a report based on the Course form and...
|
by: nia12 |
last post by:
Hi there,
I am very new to Access so apologies if any of this is obvious/not clear.
I am creating a data collection tool for health care employees to complete. It consists of a number of...
|
by: NeoPa |
last post by:
Introduction
For this article I'll be focusing on the Report (clsReport) class. This simply handles making the calling Form invisible until all of the Reports opened by it have been closed, when it...
|
by: isladogs |
last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, Mike...
|
by: SueHopson |
last post by:
Hi All,
I'm trying to create a single code (run off a button that calls the Private Sub) for our parts list report that will allow the user to filter by either/both PartVendor and PartType. On...
| |
