Windows authentication and user info

[C Trailer]

Hi, thanks in advance for any help.

I'm trying to simply get user info (properties) from AD based on the current
user. ie. after a user is authenticated via IIS, i want to programatically
look up info from AD about the user, like displayname, group membership,
email, etc. I'm using asp.net, c#, framework 1.1. Is there more info i can
provide?

Any help is appreciated.

..chris.

 

[S.M. Altaf [MVP]]

Look at this example:
http://www.15seconds.com/issue/020730.htm

 

[C Trailer]

sorry, one other thing. i don't want to have to authenticate an
administrative user, ie. instantiate a new DirectoryEntry object passing
the username and password of an administrative user.

 

[Joe Kaplan \(MVP - ADSI\)]

If you want to use the user's security context in IIS to access AD on a
remote server, and you authenticated in IIS via IWA, then that will be a
double hop and you will need to configure Kerberos delegation in order to
get it to work.

I'd suggest starting with a few searches on Kerberos delegation. It is
discussed on this newsgroup 2-3 times per day.

The other option that works well is to not use impersonation in the web
application and instead configure the worker process account to be a domain
user with the privileges you need to access the required data in AD.

Or, you can pass in credentials for a service account to the DirectoryEntry,
but you already said you don't want to do that.

Joe K.