determine trusted domain with windows authentication

[Jerry N]

I am planning on using Windows authentication for a web page. I've added
these lines to my web.config file:

<identity impersonate="true"/>
<authentication mode="Windows" />

And I can view the name with:

void Page_Load(object sender, EventArgs e) {
if(User.Identity.IsAuthenticated ) {
lblIdentity.Text = "The current user is " + User.Identity.Name;
} else {
lblIdentity.Text = "The current user is not authenticated.";
}
}

So my question is, how can I authenticate the "Domain" from the
User.Identity.Name property? I was going to split the "Domain\Username"
value to get the domain name but I don't want a remote Windows client to
spoof the domain name. I also hoping to avoid hardcoding the valid domain
names and use Active Directory to validate them.

Any ideas?

Thanks,
Jerry N

 

[Joe Kaplan \(MVP - ADSI\)]

The domain name in the user name is formed by Windows authentication based
on how Windows translates the user's SID into an NT-format name, not by
input data, so you don't need to worry about it being spoofed by the user.

Joe K.

 

[Jerry N]

Thanks, I thought it was created using tokens but the domain name is still
determined by a [system admin] user. Can I get determine if the security
token came from a trusted domain? How many 'WORKGROUP' or 'MSHOME'
workgroups/domains are there?

Jerry

in message The domain name in the user name is formed by Windows authentication based
on how Windows translates the user's SID into an NT-format name, not by
input data, so you don't need to worry about it being spoofed by the user.

Joe K.

 

[Joe Kaplan \(MVP - ADSI\)]

Windows authentication will only authenticate users it trusts. That would
mean that only local machine users, users in the machine's domain and users
in trusted domains will be authenticated.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--

Thanks, I thought it was created using tokens but the domain name is still
determined by a [system admin] user. Can I get determine if the security
token came from a trusted domain? How many 'WORKGROUP' or 'MSHOME'
workgroups/domains are there?

Jerry

in message The domain name in the user name is formed by Windows authentication based
on how Windows translates the user's SID into an NT-format name, not by
input data, so you don't need to worry about it being spoofed by the user.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--

I am planning on using Windows authentication for a web page. I've added
these lines to my web.config file:

<identity impersonate="true"/>
<authentication mode="Windows" />

And I can view the name with:

void Page_Load(object sender, EventArgs e) {
if(User.Identity.IsAuthenticated ) {
lblIdentity.Text = "The current user is " + User.Identity.Name;
} else {
lblIdentity.Text = "The current user is not authenticated.";
}
}

So my question is, how can I authenticate the "Domain" from the
User.Identity.Name property? I was going to split the "Domain\Username"
value to get the domain name but I don't want a remote Windows client to
spoof the domain name. I also hoping to avoid hardcoding the valid
domain
names and use Active Directory to validate them.

Any ideas?

Thanks,
Jerry N