Determine whether user is authenticated against a Domain / AD -- dotnet security

dotnet security : Determine whether user is authenticated against a Domain / AD

Joubert Nel
7/5/2005 12:34:24 PM

Hi all,

What is the recommended way to determine whether the user is authenticated
against a Domain or AD?

Simply checking WindowsIdentity.IsAuthenticated and
WindowsIdentity.AuthenticationType does not distinguish between a user that
is logged into a domain account and a user that is logged into a local
account.

Regards
Joubert

Dominick Baier [DevelopMentor]
7/5/2005 2:23:52 PM

Hello Joubert,

the username has the following format AUTHORITY\USERNAME

authority would be in the case of local accounts the local machine name (compare
to the machinename environment variable) - otherwise the authority is the
domain.

maybe that helps

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

[quoted text, click to view]

Joubert Nel
7/6/2005 10:32:30 AM

Hello Dominick,

Thanks for the input - this is the route I'm taking (doing the comparison) -
I was wondering whether there is perhaps a property in the framework that
indicates this. Thanks for the confirmation.

Regards
Joubert

"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
[quoted text, click to view]

Joe Kaplan (MVP - ADSI)
7/6/2005 11:12:03 AM

Not really, no. It is probably safer to compare the SID prefix of the user
with the SID prefix of the machine instead of comparing the friendly names,
but that is a lot more work as it requires p/invoke to get the SIDs and
such.

ASP.NET will produce the correct friendly name for you, so the risk is
rather low.

Joe K.

[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about dotnet security

home · blog · groups

Questions? Comments? Contact the dn