| Groups | Blog | Home |
dotnet security : How to get user id guid
I am developing a SSO web part between a SharePoint site and my web application. I would like to accomplish this by passing the guid of the currently logged on user to the target web site. It seems the only way to get this id is by performing an AD lookup for the current logged in user. Is that correct or am I missing something? Because of the difficulty in setting up DirectoryServices access from an SPS web part, I would like to discover an easier way of doing this. Any help is greatly appreciated.
You might consider p/invoking the TranslateName API or something like that.
Agreed that if you want to use the authenticated user's credentials to access AD via LDAP, you will need Kerberos delegation and that can be a little painful at times. It is definitely possible though. Joe K. [quoted text, click to view] "Keith Harris" <KeithHarris@discussions.microsoft.com> wrote in message news:9BA9064F-1EA0-45CB-878F-A5B57F2A492B@microsoft.com... > Hi > > I am developing a SSO web part between a SharePoint site and my web > application. I would like to accomplish this by passing the guid of the > currently logged on user to the target web site. > > It seems the only way to get this id is by performing an AD lookup for the > current logged in user. Is that correct or am I missing something? > > Because of the difficulty in setting up DirectoryServices access from an > SPS > web part, I would like to discover an easier way of doing this. > > Any help is greatly appreciated. > Thanks.
Thanks for your reply Joe.
I'm having some trouble figuring out the methods of the secur32 dll. Do you know of any resources that could help figure out how I can get the guid for the current logged on user? Thank You. [quoted text, click to view] "Joe Kaplan (MVP - ADSI)" wrote:
> You might consider p/invoking the TranslateName API or something like that. > > Agreed that if you want to use the authenticated user's credentials to > access AD via LDAP, you will need Kerberos delegation and that can be a > little painful at times. It is definitely possible though. > > Joe K. > > "Keith Harris" <KeithHarris@discussions.microsoft.com> wrote in message > news:9BA9064F-1EA0-45CB-878F-A5B57F2A492B@microsoft.com... > > Hi > > > > I am developing a SSO web part between a SharePoint site and my web > > application. I would like to accomplish this by passing the guid of the > > currently logged on user to the target web site. > > > > It seems the only way to get this id is by performing an AD lookup for the > > current logged in user. Is that correct or am I missing something? > > > > Because of the difficulty in setting up DirectoryServices access from an > > SPS > > web part, I would like to discover an easier way of doing this. > > > > Any help is greatly appreciated. > > Thanks. > >
Hi Joe,
I found the information I needed to use the secur32 dll but when I try to convert the username to a unique id, it's always blank. Here's the code I use: /////////////////////////////////////////////////////////////////////////////// #region setup call to dll [Flags] public enum EXTENDED_NAME_FORMAT { NameUnknown = 0, NameFullyQualifiedDN = 1, NameSamCompatible = 2, NameDisplay = 3, NameUniqueId = 6, NameCanonical = 7, NameUserPrincipal = 8, NameCanonicalEx = 9, NameServicePrincipal = 10, NameDnsDomain = 12 } /////////////////////////////////////////////////////////////////////////////// [DllImport("secur32", CharSet=CharSet.Auto, SetLastError=true)] static extern bool TranslateName(string lpAccountName, EXTENDED_NAME_FORMAT AccountNameFormat, EXTENDED_NAME_FORMAT DesiredNameFormat, System.Text.StringBuilder lpTranslatedName, ref int nSize); #endregion /////////////////////////////////////////////////////////////////////////////// string PrintName(string userName, EXTENDED_NAME_FORMAT fromFmt) { StringBuilder translatedName = new StringBuilder(256); int nSize = translatedName.Capacity; if (!TranslateName(userName, fromFmt, EXTENDED_NAME_FORMAT.NameUniqueId, translatedName, ref nSize)) return Marshal.GetLastWin32Error().ToString(); else return translatedName.ToString(); } /////////////////////////////////////////////////////////////////////////////// protected void Page_Load(object sender, EventArgs e) { string username = HttpContext.Current.User.Identity.Name; Response.Write(PrintName(username, EXTENDED_NAME_FORMAT.NameDnsDomain)); } /////////////////////////////////////////////////////////////////////////////// My web site is using Integrated Windows authentication with Digest authentication selectec and Anonymous access off. I appreciate any ideas you might have. Thanks for you help, -Keith [quoted text, click to view] "Joe Kaplan (MVP - ADSI)" wrote:
> You might consider p/invoking the TranslateName API or something like that. > > Agreed that if you want to use the authenticated user's credentials to > access AD via LDAP, you will need Kerberos delegation and that can be a > little painful at times. It is definitely possible though. > > Joe K. > > "Keith Harris" <KeithHarris@discussions.microsoft.com> wrote in message > news:9BA9064F-1EA0-45CB-878F-A5B57F2A492B@microsoft.com... > > Hi > > > > I am developing a SSO web part between a SharePoint site and my web > > application. I would like to accomplish this by passing the guid of the > > currently logged on user to the target web site. > > > > It seems the only way to get this id is by performing an AD lookup for the > > current logged in user. Is that correct or am I missing something? > > > > Because of the difficulty in setting up DirectoryServices access from an > > SPS > > web part, I would like to discover an easier way of doing this. > > > > Any help is greatly appreciated. > > Thanks. > >
Your p/invoke looks good to me. I think I'd change it throw a
System.ComponentModel.Win32Exception using the result from GetLastWin32Error if there is a failure, but I don't think that is crucial. You might try www.pinvoke.net to see if they've wrapped this API or also perhaps try the framework.interop newgroup. If I get a chance to play with later today, I'll try it myself and see what can be made to happen. Joe K. [quoted text, click to view] "Keith Harris" <KeithHarris@discussions.microsoft.com> wrote in message news:F034BED1-944E-483C-AB84-1DA773934455@microsoft.com... > Hi Joe, > I found the information I needed to use the secur32 dll but when I try to > convert the username to a unique id, it's always blank. Here's the code I > use: > > /////////////////////////////////////////////////////////////////////////////// > #region setup call to dll > [Flags] > public enum EXTENDED_NAME_FORMAT > { > NameUnknown = 0, > NameFullyQualifiedDN = 1, > NameSamCompatible = 2, > NameDisplay = 3, > NameUniqueId = 6, > NameCanonical = 7, > NameUserPrincipal = 8, > NameCanonicalEx = 9, > NameServicePrincipal = 10, > NameDnsDomain = 12 > } > /////////////////////////////////////////////////////////////////////////////// > [DllImport("secur32", CharSet=CharSet.Auto, SetLastError=true)] > static extern bool TranslateName(string lpAccountName, > EXTENDED_NAME_FORMAT AccountNameFormat, EXTENDED_NAME_FORMAT > DesiredNameFormat, System.Text.StringBuilder lpTranslatedName, ref int > nSize); > #endregion > > /////////////////////////////////////////////////////////////////////////////// > string PrintName(string userName, EXTENDED_NAME_FORMAT fromFmt) > { > StringBuilder translatedName = new StringBuilder(256); > int nSize = translatedName.Capacity; > if (!TranslateName(userName, fromFmt, > EXTENDED_NAME_FORMAT.NameUniqueId, translatedName, ref nSize)) > return Marshal.GetLastWin32Error().ToString(); > else > return translatedName.ToString(); > } > > /////////////////////////////////////////////////////////////////////////////// > protected void Page_Load(object sender, EventArgs e) > { > string username = HttpContext.Current.User.Identity.Name; > Response.Write(PrintName(username, > EXTENDED_NAME_FORMAT.NameDnsDomain)); > } > > /////////////////////////////////////////////////////////////////////////////// > > My web site is using Integrated Windows authentication with Digest > authentication selectec and Anonymous access off. > > I appreciate any ideas you might have. > > Thanks for you help, > -Keith > > "Joe Kaplan (MVP - ADSI)" wrote: > >> You might consider p/invoking the TranslateName API or something like >> that. >> >> Agreed that if you want to use the authenticated user's credentials to >> access AD via LDAP, you will need Kerberos delegation and that can be a >> little painful at times. It is definitely possible though. >> >> Joe K. >> >> "Keith Harris" <KeithHarris@discussions.microsoft.com> wrote in message >> news:9BA9064F-1EA0-45CB-878F-A5B57F2A492B@microsoft.com... >> > Hi >> > >> > I am developing a SSO web part between a SharePoint site and my web >> > application. I would like to accomplish this by passing the guid of >> > the >> > currently logged on user to the target web site. >> > >> > It seems the only way to get this id is by performing an AD lookup for >> > the >> > current logged in user. Is that correct or am I missing something? >> > >> > Because of the difficulty in setting up DirectoryServices access from >> > an >> > SPS >> > web part, I would like to discover an easier way of doing this. >> > >> > Any help is greatly appreciated. >> > Thanks. >> >> >>
I found a much easier way to get the user id is to use the UserProfileManager
to get a UserProfile object which contains the user's id. Here's the code: UserProfileManager upm = new UserProfileManager(PortalContext.Current); if (upm != null) { UserProfile up = upm.GetUserProfile(HttpContext.Current.User.Identity.Name); if (up != null) return up.ID; } [quoted text, click to view] "Joe Kaplan (MVP - ADSI)" wrote:
> Your p/invoke looks good to me. I think I'd change it throw a > System.ComponentModel.Win32Exception using the result from GetLastWin32Error > if there is a failure, but I don't think that is crucial. > > You might try www.pinvoke.net to see if they've wrapped this API or also > perhaps try the framework.interop newgroup. If I get a chance to play with > later today, I'll try it myself and see what can be made to happen. > > Joe K. > > "Keith Harris" <KeithHarris@discussions.microsoft.com> wrote in message > news:F034BED1-944E-483C-AB84-1DA773934455@microsoft.com... > > Hi Joe, > > I found the information I needed to use the secur32 dll but when I try to > > convert the username to a unique id, it's always blank. Here's the code I > > use: > > > > /////////////////////////////////////////////////////////////////////////////// > > #region setup call to dll > > [Flags] > > public enum EXTENDED_NAME_FORMAT > > { > > NameUnknown = 0, > > NameFullyQualifiedDN = 1, > > NameSamCompatible = 2, > > NameDisplay = 3, > > NameUniqueId = 6, > > NameCanonical = 7, > > NameUserPrincipal = 8, > > NameCanonicalEx = 9, > > NameServicePrincipal = 10, > > NameDnsDomain = 12 > > } > > /////////////////////////////////////////////////////////////////////////////// > > [DllImport("secur32", CharSet=CharSet.Auto, SetLastError=true)] > > static extern bool TranslateName(string lpAccountName, > > EXTENDED_NAME_FORMAT AccountNameFormat, EXTENDED_NAME_FORMAT > > DesiredNameFormat, System.Text.StringBuilder lpTranslatedName, ref int > > nSize); > > #endregion > > > > /////////////////////////////////////////////////////////////////////////////// > > string PrintName(string userName, EXTENDED_NAME_FORMAT fromFmt) > > { > > StringBuilder translatedName = new StringBuilder(256); > > int nSize = translatedName.Capacity; > > if (!TranslateName(userName, fromFmt, > > EXTENDED_NAME_FORMAT.NameUniqueId, translatedName, ref nSize)) > > return Marshal.GetLastWin32Error().ToString(); > > else > > return translatedName.ToString(); > > } > > > > /////////////////////////////////////////////////////////////////////////////// > > protected void Page_Load(object sender, EventArgs e) > > { > > string username = HttpContext.Current.User.Identity.Name; > > Response.Write(PrintName(username, > > EXTENDED_NAME_FORMAT.NameDnsDomain)); > > } > > > > /////////////////////////////////////////////////////////////////////////////// > > > > My web site is using Integrated Windows authentication with Digest > > authentication selectec and Anonymous access off. > > > > I appreciate any ideas you might have. > > > > Thanks for you help, > > -Keith > > > > "Joe Kaplan (MVP - ADSI)" wrote: > > > >> You might consider p/invoking the TranslateName API or something like > >> that. > >> > >> Agreed that if you want to use the authenticated user's credentials to > >> access AD via LDAP, you will need Kerberos delegation and that can be a > >> little painful at times. It is definitely possible though. > >> > >> Joe K. > >> > >> "Keith Harris" <KeithHarris@discussions.microsoft.com> wrote in message > >> news:9BA9064F-1EA0-45CB-878F-A5B57F2A492B@microsoft.com... > >> > Hi > >> > > >> > I am developing a SSO web part between a SharePoint site and my web > >> > application. I would like to accomplish this by passing the guid of > >> > the > >> > currently logged on user to the target web site. > >> > > >> > It seems the only way to get this id is by performing an AD lookup for > >> > the > >> > current logged in user. Is that correct or am I missing something? > >> > > >> > Because of the difficulty in setting up DirectoryServices access from > >> > an > >> > SPS > >> > web part, I would like to discover an easier way of doing this. > >> > > >> > Any help is greatly appreciated. > >> > Thanks. > >> > >> > >> > >
Great, if that works, then cool. Is that a SharePoint feature, or something
else? Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- [quoted text, click to view] "Keith Harris" <KeithHarris@discussions.microsoft.com> wrote in message news:DBCB66A4-1B8F-40E5-BB02-8F42DB06020C@microsoft.com... >I found a much easier way to get the user id is to use the >UserProfileManager > to get a UserProfile object which contains the user's id. Here's the > code: > > UserProfileManager upm = new UserProfileManager(PortalContext.Current); > if (upm != null) > { > UserProfile up = > upm.GetUserProfile(HttpContext.Current.User.Identity.Name); > if (up != null) > return up.ID; > } > > > "Joe Kaplan (MVP - ADSI)" wrote: > >> Your p/invoke looks good to me. I think I'd change it throw a >> System.ComponentModel.Win32Exception using the result from >> GetLastWin32Error >> if there is a failure, but I don't think that is crucial. >> >> You might try www.pinvoke.net to see if they've wrapped this API or also >> perhaps try the framework.interop newgroup. If I get a chance to play >> with >> later today, I'll try it myself and see what can be made to happen. >> >> Joe K. >> >> "Keith Harris" <KeithHarris@discussions.microsoft.com> wrote in message >> news:F034BED1-944E-483C-AB84-1DA773934455@microsoft.com... >> > Hi Joe, >> > I found the information I needed to use the secur32 dll but when I try >> > to >> > convert the username to a unique id, it's always blank. Here's the >> > code I >> > use: >> > >> > /////////////////////////////////////////////////////////////////////////////// >> > #region setup call to dll >> > [Flags] >> > public enum EXTENDED_NAME_FORMAT >> > { >> > NameUnknown = 0, >> > NameFullyQualifiedDN = 1, >> > NameSamCompatible = 2, >> > NameDisplay = 3, >> > NameUniqueId = 6, >> > NameCanonical = 7, >> > NameUserPrincipal = 8, >> > NameCanonicalEx = 9, >> > NameServicePrincipal = 10, >> > NameDnsDomain = 12 >> > } >> > /////////////////////////////////////////////////////////////////////////////// >> > [DllImport("secur32", CharSet=CharSet.Auto, SetLastError=true)] >> > static extern bool TranslateName(string lpAccountName, >> > EXTENDED_NAME_FORMAT AccountNameFormat, EXTENDED_NAME_FORMAT >> > DesiredNameFormat, System.Text.StringBuilder lpTranslatedName, ref int >> > nSize); >> > #endregion >> > >> > /////////////////////////////////////////////////////////////////////////////// >> > string PrintName(string userName, EXTENDED_NAME_FORMAT fromFmt) >> > { >> > StringBuilder translatedName = new StringBuilder(256); >> > int nSize = translatedName.Capacity; >> > if (!TranslateName(userName, fromFmt, >> > EXTENDED_NAME_FORMAT.NameUniqueId, translatedName, ref nSize)) >> > return Marshal.GetLastWin32Error().ToString(); >> > else >> > return translatedName.ToString(); >> > } >> > >> > /////////////////////////////////////////////////////////////////////////////// >> > protected void Page_Load(object sender, EventArgs e) >> > { >> > string username = HttpContext.Current.User.Identity.Name; >> > Response.Write(PrintName(username, >> > EXTENDED_NAME_FORMAT.NameDnsDomain)); >> > } >> > >> > /////////////////////////////////////////////////////////////////////////////// >> > >> > My web site is using Integrated Windows authentication with Digest >> > authentication selectec and Anonymous access off. >> > >> > I appreciate any ideas you might have. >> > >> > Thanks for you help, >> > -Keith >> > >> > "Joe Kaplan (MVP - ADSI)" wrote: >> > >> >> You might consider p/invoking the TranslateName API or something like >> >> that. >> >> >> >> Agreed that if you want to use the authenticated user's credentials to >> >> access AD via LDAP, you will need Kerberos delegation and that can be >> >> a >> >> little painful at times. It is definitely possible though. >> >> >> >> Joe K. >> >> >> >> "Keith Harris" <KeithHarris@discussions.microsoft.com> wrote in >> >> message >> >> news:9BA9064F-1EA0-45CB-878F-A5B57F2A492B@microsoft.com... >> >> > Hi >> >> > >> >> > I am developing a SSO web part between a SharePoint site and my web >> >> > application. I would like to accomplish this by passing the guid of >> >> > the >> >> > currently logged on user to the target web site. >> >> > >> >> > It seems the only way to get this id is by performing an AD lookup >> >> > for >> >> > the >> >> > current logged in user. Is that correct or am I missing something? >> >> > >> >> > Because of the difficulty in setting up DirectoryServices access >> >> > from >> >> > an >> >> > SPS >> >> > web part, I would like to discover an easier way of doing this. >> >> > >> >> > Any help is greatly appreciated. >> >> > Thanks. >> >> >> >> >> >> >> >> >>
SharePoint. These are classes in the
Microsoft.SharePoint.Portal.UserProfiles namespace. [quoted text, click to view] "Joe Kaplan (MVP - ADSI)" wrote:
> Great, if that works, then cool. Is that a SharePoint feature, or something > else? > > Joe K. > > -- > Joe Kaplan-MS MVP Directory Services Programming > Co-author of "The .NET Developer's Guide to Directory Services Programming" > http://www.directoryprogramming.net > -- > "Keith Harris" <KeithHarris@discussions.microsoft.com> wrote in message > news:DBCB66A4-1B8F-40E5-BB02-8F42DB06020C@microsoft.com... > >I found a much easier way to get the user id is to use the > >UserProfileManager > > to get a UserProfile object which contains the user's id. Here's the > > code: > > > > UserProfileManager upm = new UserProfileManager(PortalContext.Current); > > if (upm != null) > > { > > UserProfile up = > > upm.GetUserProfile(HttpContext.Current.User.Identity.Name); > > if (up != null) > > return up.ID; > > } > > > > > > "Joe Kaplan (MVP - ADSI)" wrote: > > > >> Your p/invoke looks good to me. I think I'd change it throw a > >> System.ComponentModel.Win32Exception using the result from > >> GetLastWin32Error > >> if there is a failure, but I don't think that is crucial. > >> > >> You might try www.pinvoke.net to see if they've wrapped this API or also > >> perhaps try the framework.interop newgroup. If I get a chance to play > >> with > >> later today, I'll try it myself and see what can be made to happen. > >> > >> Joe K. > >> > >> "Keith Harris" <KeithHarris@discussions.microsoft.com> wrote in message > >> news:F034BED1-944E-483C-AB84-1DA773934455@microsoft.com... > >> > Hi Joe, > >> > I found the information I needed to use the secur32 dll but when I try > >> > to > >> > convert the username to a unique id, it's always blank. Here's the > >> > code I > >> > use: > >> > > >> > /////////////////////////////////////////////////////////////////////////////// > >> > #region setup call to dll > >> > [Flags] > >> > public enum EXTENDED_NAME_FORMAT > >> > { > >> > NameUnknown = 0, > >> > NameFullyQualifiedDN = 1, > >> > NameSamCompatible = 2, > >> > NameDisplay = 3, > >> > NameUniqueId = 6, > >> > NameCanonical = 7, > >> > NameUserPrincipal = 8, > >> > NameCanonicalEx = 9, > >> > NameServicePrincipal = 10, > >> > NameDnsDomain = 12 > >> > } > >> > /////////////////////////////////////////////////////////////////////////////// > >> > [DllImport("secur32", CharSet=CharSet.Auto, SetLastError=true)] > >> > static extern bool TranslateName(string lpAccountName, > >> > EXTENDED_NAME_FORMAT AccountNameFormat, EXTENDED_NAME_FORMAT > >> > DesiredNameFormat, System.Text.StringBuilder lpTranslatedName, ref int > >> > nSize); > >> > #endregion > >> > > >> > /////////////////////////////////////////////////////////////////////////////// > >> > string PrintName(string userName, EXTENDED_NAME_FORMAT fromFmt) > >> > { > >> > StringBuilder translatedName = new StringBuilder(256); > >> > int nSize = translatedName.Capacity; > >> > if (!TranslateName(userName, fromFmt, > >> > EXTENDED_NAME_FORMAT.NameUniqueId, translatedName, ref nSize)) > >> > return Marshal.GetLastWin32Error().ToString(); > >> > else > >> > return translatedName.ToString(); > >> > } > >> > > >> > /////////////////////////////////////////////////////////////////////////////// > >> > protected void Page_Load(object sender, EventArgs e) > >> > { > >> > string username = HttpContext.Current.User.Identity.Name; > >> > Response.Write(PrintName(username, > >> > EXTENDED_NAME_FORMAT.NameDnsDomain)); > >> > } > >> > > >> > /////////////////////////////////////////////////////////////////////////////// > >> > > >> > My web site is using Integrated Windows authentication with Digest > >> > authentication selectec and Anonymous access off. > >> > > >> > I appreciate any ideas you might have. > >> > > >> > Thanks for you help, > >> > -Keith > >> > > >> > "Joe Kaplan (MVP - ADSI)" wrote: > >> > > >> >> You might consider p/invoking the TranslateName API or something like > >> >> that. > >> >> > >> >> Agreed that if you want to use the authenticated user's credentials to > >> >> access AD via LDAP, you will need Kerberos delegation and that can be > >> >> a > >> >> little painful at times. It is definitely possible though. > >> >> > >> >> Joe K. > >> >> > >> >> "Keith Harris" <KeithHarris@discussions.microsoft.com> wrote in > >> >> message > >> >> news:9BA9064F-1EA0-45CB-878F-A5B57F2A492B@microsoft.com... > >> >> > Hi > >> >> > > >> >> > I am developing a SSO web part between a SharePoint site and my web > >> >> > application. I would like to accomplish this by passing the guid of > >> >> > the > >> >> > currently logged on user to the target web site. > >> >> > > >> >> > It seems the only way to get this id is by performing an AD lookup > >> >> > for > >> >> > the > >> >> > current logged in user. Is that correct or am I missing something? > >> >> > > >> >> > Because of the difficulty in setting up DirectoryServices access > >> >> > from > >> >> > an > >> >> > SPS > >> >> > web part, I would like to discover an easier way of doing this. > >> >> > > >> >> > Any help is greatly appreciated. > >> >> > Thanks. > >> >> > >> >> > >> >> > >> > >> > >> > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |