C# – How to get the current user’s Active Directory details in C#

active-directorycldapnetwindows-authentication

I am working on an C# and ASP.Net application, that uses Windows Authentication.

i.e. in Web.config:

<system.web>
    <authentication mode="Windows" />
</system.web>

I want to get details for the current user (full name, email address, etc) from Active Directory.

I can get their pre Windows 2000 user login name (eg: SOMEDOMAIN\someuser) by using

string username = HttpContext.Current.Request.ServerVariables["AUTH_USER"];

I've worked out the LDAP query for the user, using their current login name (not their pre Windows 2000 user login name):

DirectorySearcher adSearch = new DirectorySearcher(
        "(userprincipalname=someuser@somedomain.com.au)");
SearchResult adSearchResult = adSearch.FindOne();

However, I don't know how to either search AD for the user using their pre W2K login name, or get their login name in the 'someuser@somedomain.com.au' format.

Any ideas?

Best Answer

The "pre Windows 2000" name i.e. DOMAIN\SomeBody, the Somebody portion is known as sAMAccountName.

So try:

using(DirectoryEntry de = new DirectoryEntry("LDAP://MyDomainController"))
{
   using(DirectorySearcher adSearch = new DirectorySearcher(de))
   {
     adSearch.Filter = "(sAMAccountName=someuser)";
     SearchResult adSearchResult = adSearch.FindOne();
   }
}

someuser@somedomain.com.au is the UserPrincipalName, but it isn't a required field.

Related Solutions

C# – How to get the index of the current iteration of a foreach loop

Ian Mercer posted a similar solution as this on Phil Haack's blog:

foreach (var item in Model.Select((value, i) => new { i, value }))
{
    var value = item.value;
    var index = item.i;
}

This gets you the item (item.value) and its index (item.i) by using this overload of LINQ's Select:

the second parameter of the function [inside Select] represents the index of the source element.

The new { i, value } is creating a new anonymous object.

Heap allocations can be avoided by using ValueTuple if you're using C# 7.0 or later:

foreach (var item in Model.Select((value, i) => ( value, i )))
{
    var value = item.value;
    var index = item.i;
}

You can also eliminate the item. by using automatic destructuring:

<ol>
foreach ((MyType value, Int32 i) in Model.Select((value, i) => ( value, i )))
{
    <li id="item_@i">@value</li>
}
</ol>

C# – Validate a username and password against Active Directory

If you work on .NET 3.5 or newer, you can use the System.DirectoryServices.AccountManagement namespace and easily verify your credentials:

// create a "principal context" - e.g. your domain (could be machine, too)
using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "YOURDOMAIN"))
{
    // validate the credentials
    bool isValid = pc.ValidateCredentials("myuser", "mypassword");
}

It's simple, it's reliable, it's 100% C# managed code on your end - what more can you ask for? :-)

Read all about it here:

Update:

As outlined in this other SO question (and its answers), there is an issue with this call possibly returning True for old passwords of a user. Just be aware of this behavior and don't be too surprised if this happens :-) (thanks to @MikeGledhill for pointing this out!)

Best Answer

Related Solutions

C# – How to get the index of the current iteration of a foreach loop

C# – Validate a username and password against Active Directory

Related Topic