> What you can do is to set the cookie manually, e.g.
>
> if (Membership.ValidateUser(shortname, password)
>
> MembershipUser user = Membership.GetUser(shortname)
> FormsAuthentication.RedirectFromLoginPage(user.Username)
>
> or with the Login control (control is called _login):
>
> protected void _login_Authenticate(object sender, AuthenticateEventArgs e)
> {
> if (Membership.ValidateUser(_login.UserName, _login.Password)
> {
> MembershipUser user = Membership.GetUser(_login.UserName);
>
> _login.UserName = user.UserName;
> e.Authenticated = true;
> }
> }
>
>
> ---
> Dominick Baier, DevelopMentor
> http://www.leastprivilege.com
>
>> No, I am implementing my own membership provider for a fifferent
>> directory. Here again is my original questtion:
>>
>> In implementing an ASP.NET Membership Provider, we can not figure out
>> how to supply the real user name (used in access control settings,
>> etc.) when users log in using just the short name.
>>
>> "Steven Cheng[MSFT]" <stcheng@online.microsoft.com> wrote in message
>> news:yPDPR6b%23GHA.4432@TK2MSFTNGXA01.phx.gbl...
>>
>>> Thanks for your reply Stephen,
>>>
>>> So are you using the AD membership provider currently? If so, AD
>>> membership
>>> provider only allow us to authenticate user in a single format only.
>>> If
>>> you're not authenticate user through AD membership provider, are you
>>> using
>>> custom provider or a extended membership provider derived from AD
>>> memberhip
>>> provider? As you said that
>>> "Users have only one name ("John Smith/Acme") and that is the only
>>> name that is ever used in access control lists, role membership
>>> lists, etc."
>>>
>>> Then, you should always use this name as the username to validate
>>> through membership provider. In other words, you can not make the
>>> membership provider know both "John Smith/Acme" and
>>> "jsmith@acme.com", you must determine which schema to use. At least
>>> the current built-in ActiveDirectory membership provider require
>>> this.
>>>
>>> Also, as for the ACL(Access Control List) you mentioned, are they
>>> normal NTFS file ACL or AD object ACL? How will you use them in your
>>> application?
>>>
>>> If convenient, you can provide the membership & role manager specific
>>> configuration in your application's web.config so that we can get a
>>> clear view of it.
>>>
>>> Sincerely,
>>>
>>> Steven Cheng
>>>
>>> Microsoft MSDN Online Support Lead
>>>
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>
>

"Renaud Langis" <RenaudLangis@discussions.microsoft.com> wrote in message
news:E680872F-052B-4D86-BB99-0D68D52A1268@microsoft.com...
> Hello,
>
> If i understand correctly, you want to authenticate a user with either his
> userId, his name, shortname, cn....?
>
> You can search through ad using the anr property then get the user's upn.
>
> For this, you need to add some code to perform the search (something like
> the following)
>
> ValidateUser(GetUPN(<whatever>),<password>)
>
> Private Function GetUPN(ByVal userId As String) As String
> Dim de As DirectoryEntry =
> System.DirectoryServices.ActiveDirectory.Domain.GetCurrentDomain().GetDirectoryEntry()
> Dim deSearch As DirectorySearcher = New DirectorySearcher()
>
> deSearch.SearchRoot = de
> deSearch.Filter = "(&(objectClass=user)(anr=" + userId + "))"
> deSearch.SearchScope = SearchScope.Subtree
> Dim results As SearchResult = deSearch.FindOne()
> If Not (results Is Nothing) Then
> Return results(0).Properties("userPrincipalName")
> Else
> Return Nothing
> End If
> End Function
>
> You may need additional search properties.
>
> warning: the function may not work as is.
>
> HTH
>
> Renaud
>
> "Stephen Walch" wrote:
>
>> I believe that you have misunderstood my question. I am not trying to
>> add a
>> "Display Name". Users have only one name ("John Smith/Acme") and that is
>> the only name that is ever used in access control lists, role membership
>> lists, etc. and it is the only name that should be displayed.
>>
>> The problem is that my directory allows users to authenticate with
>> multiple
>> versions of their name ("John Smith", "jsmith" jsmith@acme.com" or even
>> "John" or "Smith" if those happen to be unique in the organization).
>> Regardless of how they authenticate, I always want to return the real
>> name
>> "John Smith/Acme" to ASP.NET.
>>
>>
>> "Steven Cheng[MSFT]" <stcheng@online.microsoft.com> wrote in message
>> news:$ArmYfZ%23GHA.3912@TK2MSFTNGXA01.phx.gbl...
>> > Hello Stephen,
>> >
>> > I think Dominick's suggestion is reasonable. From the requirement you
>> > mentioned, you want to also provide an additional display name when the
>> > user login through their logid. I think the Display name is an
>> > additional
>> > field to the built-in membership provider, the built-in membership
>> > provider
>> > exposs username, password, email, question, answer.... properties.
>> >
>> > Therefore, if you want to attache such additional properties, you may
>> > consider extending the default membership provider or use other storage
>> > (such as the Profile properties Dominick mentioned). Would you also
>> > tell
>> > us
>> > how you will use the display name in your application's code (some
>> > pseudo
>> > code will be helpful). We can consider whch approach is better
>> > according
>> > to
>> > your concrete scenario.
>> >
>> > Here are some articles about the ASP.NET profile service and memberhip
>> > provider
>> >
>> > #ASP.NET Profile Properties
>> > http://msdn2.microsoft.com/en-us/library/at64shx3.aspx
>> >
>> > #Defining ASP.NET Profile Properties
>> > http://msdn2.microsoft.com/en-us/library/d8b58y5d.aspx
>> >
>> >
>> > #ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security
>> > Resources
>> > http://weblogs.asp.net/scottgu/archive/2006/02/24/438953.aspx
>> >
>> > Please feel free to let me know if you have any further questions or
>> > ideas.
>> >
>> > Sincerely,
>> >
>> > Steven Cheng
>> >
>> > Microsoft MSDN Online Support Lead
>> >
>> >
>> >
>> > ==================================================
>> >
>> > Get notification to my posts through email? Please refer to
>> > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
>> > ications.
>> >
>> >
>> >
>> > Note: The MSDN Managed Newsgroup support offering is for non-urgent
>> > issues
>> > where an initial response from the community or a Microsoft Support
>> > Engineer within 1 business day is acceptable. Please note that each
>> > follow
>> > up response may take approximately 2 business days as the support
>> > professional working with you may need further investigation to reach
>> > the
>> > most efficient resolution. The offering is not appropriate for
>> > situations
>> > that require urgent, real-time or phone-based interactions or complex
>> > project analysis and dump analysis issues. Issues of this nature are
>> > best
>> > handled working with a dedicated Microsoft Support Engineer by
>> > contacting
>> > Microsoft Customer Support Services (CSS) at
>> > http://msdn.microsoft.com/subscriptions/support/default.aspx.
>> >
>> > ==================================================
>> >
>> >
>> >
>> > This posting is provided "AS IS" with no warranties, and confers no
>> > rights.
>> >
>> >
>> >
>> >
>> >
>> >
>>
>>
>>

> No, I am implementing my own membership provider for a fifferent
> directory. Here again is my original questtion:
>
> In implementing an ASP.NET Membership Provider, we can not figure out
> how to supply the real user name (used in access control settings,
> etc.) when users log in using just the short name.
>
> "Steven Cheng[MSFT]" <stcheng@online.microsoft.com> wrote in message
> news:yPDPR6b%23GHA.4432@TK2MSFTNGXA01.phx.gbl...
>
>> Thanks for your reply Stephen,
>>
>> So are you using the AD membership provider currently? If so, AD
>> membership
>> provider only allow us to authenticate user in a single format only.
>> If
>> you're not authenticate user through AD membership provider, are you
>> using
>> custom provider or a extended membership provider derived from AD
>> memberhip
>> provider? As you said that
>> "Users have only one name ("John Smith/Acme") and that is the only
>> name that is ever used in access control lists, role membership
>> lists, etc."
>>
>> Then, you should always use this name as the username to validate
>> through membership provider. In other words, you can not make the
>> membership provider know both "John Smith/Acme" and
>> "jsmith@acme.com", you must determine which schema to use. At least
>> the current built-in ActiveDirectory membership provider require
>> this.
>>
>> Also, as for the ACL(Access Control List) you mentioned, are they
>> normal NTFS file ACL or AD object ACL? How will you use them in your
>> application?
>>
>> If convenient, you can provide the membership & role manager specific
>> configuration in your application's web.config so that we can get a
>> clear view of it.
>>
>> Sincerely,
>>
>> Steven Cheng
>>
>> Microsoft MSDN Online Support Lead
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>

> This is a great idea and seems like it would work if I were writing
> the ASP.NET app, but I am just writing the provider. Can I reasonably
> expect other apps to do this? In particular, will SharePoint 2007
> apply this logic?
>
> "Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote
> in message news:4580be63199eb8c8c813b4c2f93f@news.microsoft.com...
>
>> What you can do is to set the cookie manually, e.g.
>>
>> if (Membership.ValidateUser(shortname, password)
>>
>> MembershipUser user = Membership.GetUser(shortname)
>> FormsAuthentication.RedirectFromLoginPage(user.Username)
>>
>> or with the Login control (control is called _login):
>>
>> protected void _login_Authenticate(object sender,
>> AuthenticateEventArgs e)
>> {
>> if (Membership.ValidateUser(_login.UserName, _login.Password)
>> {
>> MembershipUser user = Membership.GetUser(_login.UserName);
>> _login.UserName = user.UserName;
>> e.Authenticated = true;
>> }
>> }
>> ---
>> Dominick Baier, DevelopMentor
>> http://www.leastprivilege.com
>>> No, I am implementing my own membership provider for a fifferent
>>> directory. Here again is my original questtion:
>>>
>>> In implementing an ASP.NET Membership Provider, we can not figure
>>> out how to supply the real user name (used in access control
>>> settings, etc.) when users log in using just the short name.
>>>
>>> "Steven Cheng[MSFT]" <stcheng@online.microsoft.com> wrote in message
>>> news:yPDPR6b%23GHA.4432@TK2MSFTNGXA01.phx.gbl...
>>>
>>>> Thanks for your reply Stephen,
>>>>
>>>> So are you using the AD membership provider currently? If so, AD
>>>> membership
>>>> provider only allow us to authenticate user in a single format
>>>> only.
>>>> If
>>>> you're not authenticate user through AD membership provider, are
>>>> you
>>>> using
>>>> custom provider or a extended membership provider derived from AD
>>>> memberhip
>>>> provider? As you said that
>>>> "Users have only one name ("John Smith/Acme") and that is the only
>>>> name that is ever used in access control lists, role membership
>>>> lists, etc."
>>>> Then, you should always use this name as the username to validate
>>>> through membership provider. In other words, you can not make the
>>>> membership provider know both "John Smith/Acme" and
>>>> "jsmith@acme.com", you must determine which schema to use. At least
>>>> the current built-in ActiveDirectory membership provider require
>>>> this.
>>>>
>>>> Also, as for the ACL(Access Control List) you mentioned, are they
>>>> normal NTFS file ACL or AD object ACL? How will you use them in
>>>> your application?
>>>>
>>>> If convenient, you can provide the membership & role manager
>>>> specific configuration in your application's web.config so that we
>>>> can get a clear view of it.
>>>>
>>>> Sincerely,
>>>>
>>>> Steven Cheng
>>>>
>>>> Microsoft MSDN Online Support Lead
>>>>
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>