Extract SID from IWA response

Discussion in 'ASP .Net Security' started by Kevin Dorle, Feb 17, 2005.

  1. Kevin Dorle

    Kevin Dorle Guest

    It appears in .NET 2.0 there is a property of the
    System.Security.Principal.WindowsIdentity class called User that returns a
    string representation of a user's SID after they have authenticated using
    IWA. My question, is a similar property in .NET 1.1 from another class that
    will return the same information? I know there are several properties that
    return a domain/username string but to get the SID requires an DS lookup
    function which is performed across the wire. The application we are
    developing resides on a web server in a domain that has several dozen trust
    relationships to "account" domains across WAN links with varying speeds. To
    maximize performance, the user property appears to work without going over
    the wire. I am assuming it is getting this from the Kerberos authenticator
    that is passed during the IWA handshake.

    Thanks,
    Kevin
     
    Kevin Dorle, Feb 17, 2005
    #1
    1. Advertising

  2. The way to do this in .NET 1.1 would be to do a p/invoke on the
    GetTokenInformation API using the Token property of the WindowsIdentity
    class as the main input. You don't need to do a DS call to get the SID when
    you have the token.

    There are some nice wrapper classes out there that support this such as the
    one on GotDotNet Win32 Security Library or DataMarvel.

    Joe K.

    "Kevin Dorle" <Kevin > wrote in message
    news:...
    > It appears in .NET 2.0 there is a property of the
    > System.Security.Principal.WindowsIdentity class called User that returns a
    > string representation of a user's SID after they have authenticated using
    > IWA. My question, is a similar property in .NET 1.1 from another class
    > that
    > will return the same information? I know there are several properties
    > that
    > return a domain/username string but to get the SID requires an DS lookup
    > function which is performed across the wire. The application we are
    > developing resides on a web server in a domain that has several dozen
    > trust
    > relationships to "account" domains across WAN links with varying speeds.
    > To
    > maximize performance, the user property appears to work without going over
    > the wire. I am assuming it is getting this from the Kerberos
    > authenticator
    > that is passed during the IWA handshake.
    >
    > Thanks,
    > Kevin
     
    Joe Kaplan \(MVP - ADSI\), Feb 17, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?RGFuIE5hc2g=?=

    unauthorised to view page with IWA

    =?Utf-8?B?RGFuIE5hc2g=?=, Oct 12, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    358
    =?Utf-8?B?RGFuIE5hc2g=?=
    Oct 12, 2004
  2. musosdev

    How to enable IWA over multiple servers

    musosdev, Mar 13, 2007, in forum: ASP .Net Security
    Replies:
    9
    Views:
    151
    Steven Cheng[MSFT]
    Mar 16, 2007
  3. Parag Gaikwad

    Use Forms to Logon to IWA website

    Parag Gaikwad, Apr 24, 2007, in forum: ASP .Net Security
    Replies:
    2
    Views:
    119
    Parag Gaikwad
    Jul 4, 2007
  4. musosdev

    accessing IWA secured website from Mac?

    musosdev, Jun 8, 2007, in forum: ASP .Net Security
    Replies:
    4
    Views:
    408
    Steven Cheng[MSFT]
    Jun 13, 2007
  5. VT

    IWA and Anonymous Access

    VT, Jul 23, 2007, in forum: ASP .Net Security
    Replies:
    0
    Views:
    126
Loading...

Share This Page