WindowsPrincipal is incorrect after AD account rename

Discussion in 'ASP .Net Security' started by lgalusha, Nov 15, 2006.

  1. lgalusha

    lgalusha Guest

    Our environment is - we use Visual Studio 2005, Dotnet 2.0, VB to create a
    web application which we run on IIS 6.

    Our Web.config file has the following set:

    <authentication mode="Windows" />
    <identity impersonate="true"/>


    We are using

    MyPrincipal = New WindowsPrincipal(Current.User.Identity)

    to obtain the name of the currently logged on user.

    This is working until we are forced to rename a user's account in Active
    Directory. For example, Mary Smith (domain\marys) gets married and becomes
    Mary Jones (domain\maryj). We rename the account in Active Directory Users
    and Computers and the rename appears to be fine. However from this point on
    when we look at WindowsPrincipal(Current.User.Identity) it returns
    domain\marys rather than her new name of domain\maryj.

    What are we missing?
     
    lgalusha, Nov 15, 2006
    #1
    1. Advertising

  2. Hello,

    What is the result if you check "Current.User.Identity.Name", is it
    "domain\marys" or 'domain\maryj"? Will a IIS reset fix the problem? Also,
    you may have the user clear her local IE cache and cookie to see if this
    will help.

    Sincerely,

    Luke Zhang

    Microsoft Online Community Support
    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.

    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/subscriptions/support/default.aspx.
    ==================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Luke Zhang [MSFT], Nov 16, 2006
    #2
    1. Advertising

  3. lgalusha

    lgalusha Guest

    I have included more of our code as I don't think I gave you enough
    information in my first post. Also an IISRest and clearing the IE cache do
    not resolve the problem.

    First we call setUser to get the identity of the logged on user. Then we
    call getUserInfo to find the AD account so that we can display information
    about the user (display name, supervisor, etc.) on the screen in our web
    app. When a user's name changes we get the wrong name in setUser so when we
    call getUserInfo we do not get a match.

    Is there a better way to do this or are we missed something when we do our
    AD rename.

    =====================================================

    Public Sub setUser()

    Try 'to get the current user's identity

    Dim s As Integer '*** Holds the position of the slash in user
    Dim l As Integer '*** Holds the length of the user characters

    '*** Get the user's Window's information

    MyPrincipal = New WindowsPrincipal(Current.User.Identity)
    myUser = MyPrincipal.Identity.Name

    '*** Parse out the domain and user
    s = myUser.IndexOf("\")
    l = myUser.Length
    If l > 0 Then
    userDomain = myUser.Substring(0, s)
    userName = myUser.Substring(s + 1, l - (s + 1))
    End If

    Catch exp As Exception

    myErrMsg = "Exception: " + exp.Message

    End Try 'to get the current user's identity

    End Sub 'setUser

    =====================================================

    Public Sub getUserInfo()

    Dim x As Integer '*** Holds the position of the CN= in manager
    Dim y As Integer '*** Holds the position of the , in manager
    (first one)
    Dim mgrsupr As String 'hold string for manager/supervisor

    '*** Set the properties of the directory entry
    myDEntry.Path = dePath
    myDEntry.Username = deUsername
    myDEntry.Password = dePassword
    myDEntry.AuthenticationType = AuthenticationTypes.Secure

    '*** Set the properties of the searcher
    myFilter = "(&(anr=" & userName &
    ")(objectclass=user)(objectcategory=person))"
    mySearch = New DirectorySearcher(myDEntry)
    mySearch.Filter = myFilter
    mySearch.SearchScope = SearchScope.Subtree

    Try 'searching for the Active Directory Entry for the current
    windows identity

    src = mySearch.FindAll

    For Each sr In src
    '*** Get the search result's Active Directory Account name
    '*** we have to initially check to make sure that
    sAMAccountName is a valid
    '*** property that was loaded

    If sr.Properties.Contains("sAMAccountName") Then
    If sr.Properties("sAMAccountName")(0) <> Nothing Then
    myAN = CType(sr.Properties("sAMAccountName")(0),
    String)
    Else
    myAN = "Unknown"
    End If
    Else
    myAN = "Unknown"
    myErrMsg = "Exception: Active Directory Account Not
    Found"
    Exit Sub
    End If

    '*** First check to see if this search result is the one we
    want by
    '*** matching the Active Directory Account Name to the
    Domain User Name
    If myAN.ToLower = userName.ToLower Then

    '*** Get the user's Common Name
    If sr.Properties.Contains("CN") Then
    If sr.Properties("CN")(0) <> Nothing Then
    FullEmployeeName = CType(sr.Properties("CN")(0),
    String)
    Else
    FullEmployeeName = "Unknown"
    End If
    Else
    FullEmployeeName = "Unknown"
    End If

    '*** Get the user's Display Name
    If sr.Properties.Contains("displayName") Then
    If sr.Properties("DisplayName")(0) <> Nothing Then
    EmployeeShortName =
    CType(sr.Properties("DisplayName")(0), String)
    Else
    EmployeeShortName = "Unknown"
    End If
    Else
    EmployeeShortName = "Unknown"
    End If

    '*** Get the user's department
    If sr.Properties.Contains("department") Then
    If sr.Properties("department")(0) <> Nothing Then
    DepartmentName =
    CType(sr.Properties("department")(0), String)
    Else
    DepartmentName = "Unknown"
    End If
    Else
    DepartmentName = "Unknown"
    End If

    '*** Get the user's phone extension
    If sr.Properties.Contains("telephoneNumber") Then
    If sr.Properties("telephoneNumber")(0) <> Nothing
    Then
    EmployeeExtension =
    CType(sr.Properties("telephoneNumber")(0), String)
    Else
    EmployeeExtension = "???"
    End If
    Else
    EmployeeExtension = "???"
    End If

    '*** Get the users employee number
    If sr.Properties.Contains("otherTelephone") Then
    If sr.Properties("otherTelephone")(0) <> Nothing
    Then
    EmployeeIDNumber =
    CType(sr.Properties("otherTelephone")(0), String)
    Else
    EmployeeIDNumber = "????"
    End If
    Else
    EmployeeIDNumber = "???"
    End If

    '*** Get the user's internet email address
    If sr.Properties.Contains("mail") Then
    'If sr.Properties("mail")(0) <> Nothing Then
    'If InStr(1, CType(sr.Properties("mail")(0),
    String), "@", CompareMethod.Text) > 0 Then
    If CType(sr.Properties("mail")(0), String) Like
    "*@*" Then
    EmployeeEmailAddress =
    CType(sr.Properties("mail")(0), String)
    Else
    EmployeeEmailAddress = "Unknown"
    End If
    Else
    EmployeeEmailAddress = "Unknown"
    End If

    '*** Get the user's internet email address - alternate
    If sr.Properties.Contains("ipphone") Then
    'If sr.Properties("ipphone")(0) <> Nothing Then
    'If InStr(1, CType(sr.Properties("ipphone")(0),
    String), "@", CompareMethod.Text) > 0 Then
    If CType(sr.Properties("ipphone")(0), String) Like
    "*@*" Then
    EmployeeAlternateEmailAddress =
    CType(sr.Properties("ipphone")(0), String)
    Else
    EmployeeAlternateEmailAddress = "Unknown"
    End If
    Else
    EmployeeAlternateEmailAddress = "Unknown"
    End If

    '*** Get the user's title
    If sr.Properties.Contains("title") Then
    If sr.Properties("title")(0) <> Nothing Then
    EmployeeTitle = CType(sr.Properties("title")(0),
    String)
    Else
    EmployeeTitle = "Unknown"
    End If
    Else
    EmployeeTitle = "Unknown"
    End If

    '*** Get the user's manager
    If sr.Properties.Contains("manager") Then
    If sr.Properties("manager")(0) <> Nothing Then
    mgrsupr = CType(sr.Properties("manager")(0),
    String)

    '*** Parse out the manager/supervisor name
    x = mgrsupr.IndexOf("CN=")
    y = mgrsupr.IndexOf(",")
    If y > 0 Then
    EmployeeSupervisorManager =
    mgrsupr.Substring(x + 3, y - (x + 3))
    getUserInfoforMgr(EmployeeSupervisorManager)
    Else
    EmployeeSupervisorManager = "Unknown"
    EmployeeMgrEmailAddress = "Unknown"
    EmployeeMgrAlternateEmailAddress = "Unknown"
    End If
    Else
    EmployeeSupervisorManager = "Unknown"
    EmployeeMgrEmailAddress = "Unknown"
    EmployeeMgrAlternateEmailAddress = "Unknown"
    End If
    Else
    EmployeeSupervisorManager = "Unknown"
    EmployeeMgrEmailAddress = "Unknown"
    EmployeeMgrAlternateEmailAddress = "Unknown"
    End If

    Exit Sub '*** Let's get out of here because we've got
    our info

    End If 'the Active Directory entry is the correct one

    Next 'Next Active Directory entry

    Catch exp As Exception

    myErrMsg = "Exception:" & exp.Message
    FullEmployeeName = "Not Found 3"
    EmployeeShortName = "Not Found 3"
    DepartmentName = "Not Found 3"
    EmployeeExtension = "000"
    EmployeeIDNumber = "0000"
    EmployeeEmailAddress = ""
    EmployeeAlternateEmailAddress = ""
    EmployeeSupervisorManager = "Not Found 3"
    EmployeeTitle = "Not Found 3"

    End Try 'searching for the Active Directory Entry for the current
    windows identity
    End Sub 'getUserInfo

    =====================================================

    "Luke Zhang [MSFT]" <> wrote in message
    news:...
    > Hello,
    >
    > What is the result if you check "Current.User.Identity.Name", is it
    > "domain\marys" or 'domain\maryj"? Will a IIS reset fix the problem? Also,
    > you may have the user clear her local IE cache and cookie to see if this
    > will help.
    >
    > Sincerely,
    >
    > Luke Zhang
    >
    > Microsoft Online Community Support
    > ==================================================
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    > ications.
    >
    > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    > where an initial response from the community or a Microsoft Support
    > Engineer within 1 business day is acceptable. Please note that each follow
    > up response may take approximately 2 business days as the support
    > professional working with you may need further investigation to reach the
    > most efficient resolution. The offering is not appropriate for situations
    > that require urgent, real-time or phone-based interactions or complex
    > project analysis and dump analysis issues. Issues of this nature are best
    > handled working with a dedicated Microsoft Support Engineer by contacting
    > Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/subscriptions/support/default.aspx.
    > ==================================================
    >
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    >
    >
    >
     
    lgalusha, Nov 17, 2006
    #3
  4. lgalusha

    Joe Kaplan Guest

    What happens if the browser user logs out and logs back in again? Does that
    fix it?

    Also, if you are using .NET 2.0 instead of 1.1, there is a relatively
    straightforward way you can code around this problem.

    Basically, the steps would be to cast the Context.User.Identity to a
    WindowsIdentity and get the user's SID. Then, once you have the SID, you
    can do an LDAP query based on that instead of querying based on the
    username. The SID is rename safe and only changes if the user is moved to a
    different domain.

    That is probably the cleanest solution to this problem.

    It is also doable in .NET 1.1, but there isn't an easy way to get the user's
    SID from the token without p/invoke, so it is more complex.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "lgalusha" <> wrote in message
    news:...
    >I have included more of our code as I don't think I gave you enough
    >information in my first post. Also an IISRest and clearing the IE cache do
    >not resolve the problem.
    >
    > First we call setUser to get the identity of the logged on user. Then we
    > call getUserInfo to find the AD account so that we can display information
    > about the user (display name, supervisor, etc.) on the screen in our web
    > app. When a user's name changes we get the wrong name in setUser so when
    > we call getUserInfo we do not get a match.
    >
    > Is there a better way to do this or are we missed something when we do our
    > AD rename.
    >
    > =====================================================
    >
    > Public Sub setUser()
    >
    > Try 'to get the current user's identity
    >
    > Dim s As Integer '*** Holds the position of the slash in
    > user
    > Dim l As Integer '*** Holds the length of the user
    > characters
    >
    > '*** Get the user's Window's information
    >
    > MyPrincipal = New WindowsPrincipal(Current.User.Identity)
    > myUser = MyPrincipal.Identity.Name
    >
    > '*** Parse out the domain and user
    > s = myUser.IndexOf("\")
    > l = myUser.Length
    > If l > 0 Then
    > userDomain = myUser.Substring(0, s)
    > userName = myUser.Substring(s + 1, l - (s + 1))
    > End If
    >
    > Catch exp As Exception
    >
    > myErrMsg = "Exception: " + exp.Message
    >
    > End Try 'to get the current user's identity
    >
    > End Sub 'setUser
    >
    > =====================================================
    >
    > Public Sub getUserInfo()
    >
    > Dim x As Integer '*** Holds the position of the CN= in manager
    > Dim y As Integer '*** Holds the position of the , in manager
    > (first one)
    > Dim mgrsupr As String 'hold string for manager/supervisor
    >
    > '*** Set the properties of the directory entry
    > myDEntry.Path = dePath
    > myDEntry.Username = deUsername
    > myDEntry.Password = dePassword
    > myDEntry.AuthenticationType = AuthenticationTypes.Secure
    >
    > '*** Set the properties of the searcher
    > myFilter = "(&(anr=" & userName &
    > ")(objectclass=user)(objectcategory=person))"
    > mySearch = New DirectorySearcher(myDEntry)
    > mySearch.Filter = myFilter
    > mySearch.SearchScope = SearchScope.Subtree
    >
    > Try 'searching for the Active Directory Entry for the current
    > windows identity
    >
    > src = mySearch.FindAll
    >
    > For Each sr In src
    > '*** Get the search result's Active Directory Account name
    > '*** we have to initially check to make sure that
    > sAMAccountName is a valid
    > '*** property that was loaded
    >
    > If sr.Properties.Contains("sAMAccountName") Then
    > If sr.Properties("sAMAccountName")(0) <> Nothing Then
    > myAN = CType(sr.Properties("sAMAccountName")(0),
    > String)
    > Else
    > myAN = "Unknown"
    > End If
    > Else
    > myAN = "Unknown"
    > myErrMsg = "Exception: Active Directory Account Not
    > Found"
    > Exit Sub
    > End If
    >
    > '*** First check to see if this search result is the one we
    > want by
    > '*** matching the Active Directory Account Name to the
    > Domain User Name
    > If myAN.ToLower = userName.ToLower Then
    >
    > '*** Get the user's Common Name
    > If sr.Properties.Contains("CN") Then
    > If sr.Properties("CN")(0) <> Nothing Then
    > FullEmployeeName =
    > CType(sr.Properties("CN")(0), String)
    > Else
    > FullEmployeeName = "Unknown"
    > End If
    > Else
    > FullEmployeeName = "Unknown"
    > End If
    >
    > '*** Get the user's Display Name
    > If sr.Properties.Contains("displayName") Then
    > If sr.Properties("DisplayName")(0) <> Nothing Then
    > EmployeeShortName =
    > CType(sr.Properties("DisplayName")(0), String)
    > Else
    > EmployeeShortName = "Unknown"
    > End If
    > Else
    > EmployeeShortName = "Unknown"
    > End If
    >
    > '*** Get the user's department
    > If sr.Properties.Contains("department") Then
    > If sr.Properties("department")(0) <> Nothing Then
    > DepartmentName =
    > CType(sr.Properties("department")(0), String)
    > Else
    > DepartmentName = "Unknown"
    > End If
    > Else
    > DepartmentName = "Unknown"
    > End If
    >
    > '*** Get the user's phone extension
    > If sr.Properties.Contains("telephoneNumber") Then
    > If sr.Properties("telephoneNumber")(0) <> Nothing
    > Then
    > EmployeeExtension =
    > CType(sr.Properties("telephoneNumber")(0), String)
    > Else
    > EmployeeExtension = "???"
    > End If
    > Else
    > EmployeeExtension = "???"
    > End If
    >
    > '*** Get the users employee number
    > If sr.Properties.Contains("otherTelephone") Then
    > If sr.Properties("otherTelephone")(0) <> Nothing
    > Then
    > EmployeeIDNumber =
    > CType(sr.Properties("otherTelephone")(0), String)
    > Else
    > EmployeeIDNumber = "????"
    > End If
    > Else
    > EmployeeIDNumber = "???"
    > End If
    >
    > '*** Get the user's internet email address
    > If sr.Properties.Contains("mail") Then
    > 'If sr.Properties("mail")(0) <> Nothing Then
    > 'If InStr(1, CType(sr.Properties("mail")(0),
    > String), "@", CompareMethod.Text) > 0 Then
    > If CType(sr.Properties("mail")(0), String) Like
    > "*@*" Then
    > EmployeeEmailAddress =
    > CType(sr.Properties("mail")(0), String)
    > Else
    > EmployeeEmailAddress = "Unknown"
    > End If
    > Else
    > EmployeeEmailAddress = "Unknown"
    > End If
    >
    > '*** Get the user's internet email address - alternate
    > If sr.Properties.Contains("ipphone") Then
    > 'If sr.Properties("ipphone")(0) <> Nothing Then
    > 'If InStr(1, CType(sr.Properties("ipphone")(0),
    > String), "@", CompareMethod.Text) > 0 Then
    > If CType(sr.Properties("ipphone")(0), String) Like
    > "*@*" Then
    > EmployeeAlternateEmailAddress =
    > CType(sr.Properties("ipphone")(0), String)
    > Else
    > EmployeeAlternateEmailAddress = "Unknown"
    > End If
    > Else
    > EmployeeAlternateEmailAddress = "Unknown"
    > End If
    >
    > '*** Get the user's title
    > If sr.Properties.Contains("title") Then
    > If sr.Properties("title")(0) <> Nothing Then
    > EmployeeTitle =
    > CType(sr.Properties("title")(0), String)
    > Else
    > EmployeeTitle = "Unknown"
    > End If
    > Else
    > EmployeeTitle = "Unknown"
    > End If
    >
    > '*** Get the user's manager
    > If sr.Properties.Contains("manager") Then
    > If sr.Properties("manager")(0) <> Nothing Then
    > mgrsupr = CType(sr.Properties("manager")(0),
    > String)
    >
    > '*** Parse out the manager/supervisor name
    > x = mgrsupr.IndexOf("CN=")
    > y = mgrsupr.IndexOf(",")
    > If y > 0 Then
    > EmployeeSupervisorManager =
    > mgrsupr.Substring(x + 3, y - (x + 3))
    >
    > getUserInfoforMgr(EmployeeSupervisorManager)
    > Else
    > EmployeeSupervisorManager = "Unknown"
    > EmployeeMgrEmailAddress = "Unknown"
    > EmployeeMgrAlternateEmailAddress =
    > "Unknown"
    > End If
    > Else
    > EmployeeSupervisorManager = "Unknown"
    > EmployeeMgrEmailAddress = "Unknown"
    > EmployeeMgrAlternateEmailAddress = "Unknown"
    > End If
    > Else
    > EmployeeSupervisorManager = "Unknown"
    > EmployeeMgrEmailAddress = "Unknown"
    > EmployeeMgrAlternateEmailAddress = "Unknown"
    > End If
    >
    > Exit Sub '*** Let's get out of here because we've
    > got our info
    >
    > End If 'the Active Directory entry is the correct one
    >
    > Next 'Next Active Directory entry
    >
    > Catch exp As Exception
    >
    > myErrMsg = "Exception:" & exp.Message
    > FullEmployeeName = "Not Found 3"
    > EmployeeShortName = "Not Found 3"
    > DepartmentName = "Not Found 3"
    > EmployeeExtension = "000"
    > EmployeeIDNumber = "0000"
    > EmployeeEmailAddress = ""
    > EmployeeAlternateEmailAddress = ""
    > EmployeeSupervisorManager = "Not Found 3"
    > EmployeeTitle = "Not Found 3"
    >
    > End Try 'searching for the Active Directory Entry for the current
    > windows identity
    > End Sub 'getUserInfo
    >
    > =====================================================
    >
    > "Luke Zhang [MSFT]" <> wrote in message
    > news:...
    >> Hello,
    >>
    >> What is the result if you check "Current.User.Identity.Name", is it
    >> "domain\marys" or 'domain\maryj"? Will a IIS reset fix the problem? Also,
    >> you may have the user clear her local IE cache and cookie to see if this
    >> will help.
    >>
    >> Sincerely,
    >>
    >> Luke Zhang
    >>
    >> Microsoft Online Community Support
    >> ==================================================
    >> Get notification to my posts through email? Please refer to
    >> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    >> ications.
    >>
    >> Note: The MSDN Managed Newsgroup support offering is for non-urgent
    >> issues
    >> where an initial response from the community or a Microsoft Support
    >> Engineer within 1 business day is acceptable. Please note that each
    >> follow
    >> up response may take approximately 2 business days as the support
    >> professional working with you may need further investigation to reach the
    >> most efficient resolution. The offering is not appropriate for situations
    >> that require urgent, real-time or phone-based interactions or complex
    >> project analysis and dump analysis issues. Issues of this nature are best
    >> handled working with a dedicated Microsoft Support Engineer by contacting
    >> Microsoft Customer Support Services (CSS) at
    >> http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >> ==================================================
    >>
    >> This posting is provided "AS IS" with no warranties, and confers no
    >> rights.
    >>
    >>
    >>

    >
    >
     
    Joe Kaplan, Nov 17, 2006
    #4
  5. lgalusha

    lgalusha Guest

    Thanks Joe, this is working for us.


    "Joe Kaplan" <> wrote in message
    news:...
    > What happens if the browser user logs out and logs back in again? Does
    > that fix it?
    >
    > Also, if you are using .NET 2.0 instead of 1.1, there is a relatively
    > straightforward way you can code around this problem.
    >
    > Basically, the steps would be to cast the Context.User.Identity to a
    > WindowsIdentity and get the user's SID. Then, once you have the SID, you
    > can do an LDAP query based on that instead of querying based on the
    > username. The SID is rename safe and only changes if the user is moved to
    > a different domain.
    >
    > That is probably the cleanest solution to this problem.
    >
    > It is also doable in .NET 1.1, but there isn't an easy way to get the
    > user's SID from the token without p/invoke, so it is more complex.
    >
    > Joe K.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services
    > Programming"
    > http://www.directoryprogramming.net
    > --
    > "lgalusha" <> wrote in message
    > news:...
    >>I have included more of our code as I don't think I gave you enough
    >>information in my first post. Also an IISRest and clearing the IE cache
    >>do not resolve the problem.
    >>
    >> First we call setUser to get the identity of the logged on user. Then we
    >> call getUserInfo to find the AD account so that we can display
    >> information about the user (display name, supervisor, etc.) on the screen
    >> in our web app. When a user's name changes we get the wrong name in
    >> setUser so when we call getUserInfo we do not get a match.
    >>
    >> Is there a better way to do this or are we missed something when we do
    >> our AD rename.
    >>
    >> =====================================================
    >>
    >> Public Sub setUser()
    >>
    >> Try 'to get the current user's identity
    >>
    >> Dim s As Integer '*** Holds the position of the slash in
    >> user
    >> Dim l As Integer '*** Holds the length of the user
    >> characters
    >>
    >> '*** Get the user's Window's information
    >>
    >> MyPrincipal = New WindowsPrincipal(Current.User.Identity)
    >> myUser = MyPrincipal.Identity.Name
    >>
    >> '*** Parse out the domain and user
    >> s = myUser.IndexOf("\")
    >> l = myUser.Length
    >> If l > 0 Then
    >> userDomain = myUser.Substring(0, s)
    >> userName = myUser.Substring(s + 1, l - (s + 1))
    >> End If
    >>
    >> Catch exp As Exception
    >>
    >> myErrMsg = "Exception: " + exp.Message
    >>
    >> End Try 'to get the current user's identity
    >>
    >> End Sub 'setUser
    >>
    >> =====================================================
    >>
    >> Public Sub getUserInfo()
    >>
    >> Dim x As Integer '*** Holds the position of the CN= in manager
    >> Dim y As Integer '*** Holds the position of the , in manager
    >> (first one)
    >> Dim mgrsupr As String 'hold string for manager/supervisor
    >>
    >> '*** Set the properties of the directory entry
    >> myDEntry.Path = dePath
    >> myDEntry.Username = deUsername
    >> myDEntry.Password = dePassword
    >> myDEntry.AuthenticationType = AuthenticationTypes.Secure
    >>
    >> '*** Set the properties of the searcher
    >> myFilter = "(&(anr=" & userName &
    >> ")(objectclass=user)(objectcategory=person))"
    >> mySearch = New DirectorySearcher(myDEntry)
    >> mySearch.Filter = myFilter
    >> mySearch.SearchScope = SearchScope.Subtree
    >>
    >> Try 'searching for the Active Directory Entry for the current
    >> windows identity
    >>
    >> src = mySearch.FindAll
    >>
    >> For Each sr In src
    >> '*** Get the search result's Active Directory Account name
    >> '*** we have to initially check to make sure that
    >> sAMAccountName is a valid
    >> '*** property that was loaded
    >>
    >> If sr.Properties.Contains("sAMAccountName") Then
    >> If sr.Properties("sAMAccountName")(0) <> Nothing Then
    >> myAN = CType(sr.Properties("sAMAccountName")(0),
    >> String)
    >> Else
    >> myAN = "Unknown"
    >> End If
    >> Else
    >> myAN = "Unknown"
    >> myErrMsg = "Exception: Active Directory Account Not
    >> Found"
    >> Exit Sub
    >> End If
    >>
    >> '*** First check to see if this search result is the one
    >> we want by
    >> '*** matching the Active Directory Account Name to the
    >> Domain User Name
    >> If myAN.ToLower = userName.ToLower Then
    >>
    >> '*** Get the user's Common Name
    >> If sr.Properties.Contains("CN") Then
    >> If sr.Properties("CN")(0) <> Nothing Then
    >> FullEmployeeName =
    >> CType(sr.Properties("CN")(0), String)
    >> Else
    >> FullEmployeeName = "Unknown"
    >> End If
    >> Else
    >> FullEmployeeName = "Unknown"
    >> End If
    >>
    >> '*** Get the user's Display Name
    >> If sr.Properties.Contains("displayName") Then
    >> If sr.Properties("DisplayName")(0) <> Nothing Then
    >> EmployeeShortName =
    >> CType(sr.Properties("DisplayName")(0), String)
    >> Else
    >> EmployeeShortName = "Unknown"
    >> End If
    >> Else
    >> EmployeeShortName = "Unknown"
    >> End If
    >>
    >> '*** Get the user's department
    >> If sr.Properties.Contains("department") Then
    >> If sr.Properties("department")(0) <> Nothing Then
    >> DepartmentName =
    >> CType(sr.Properties("department")(0), String)
    >> Else
    >> DepartmentName = "Unknown"
    >> End If
    >> Else
    >> DepartmentName = "Unknown"
    >> End If
    >>
    >> '*** Get the user's phone extension
    >> If sr.Properties.Contains("telephoneNumber") Then
    >> If sr.Properties("telephoneNumber")(0) <> Nothing
    >> Then
    >> EmployeeExtension =
    >> CType(sr.Properties("telephoneNumber")(0), String)
    >> Else
    >> EmployeeExtension = "???"
    >> End If
    >> Else
    >> EmployeeExtension = "???"
    >> End If
    >>
    >> '*** Get the users employee number
    >> If sr.Properties.Contains("otherTelephone") Then
    >> If sr.Properties("otherTelephone")(0) <> Nothing
    >> Then
    >> EmployeeIDNumber =
    >> CType(sr.Properties("otherTelephone")(0), String)
    >> Else
    >> EmployeeIDNumber = "????"
    >> End If
    >> Else
    >> EmployeeIDNumber = "???"
    >> End If
    >>
    >> '*** Get the user's internet email address
    >> If sr.Properties.Contains("mail") Then
    >> 'If sr.Properties("mail")(0) <> Nothing Then
    >> 'If InStr(1, CType(sr.Properties("mail")(0),
    >> String), "@", CompareMethod.Text) > 0 Then
    >> If CType(sr.Properties("mail")(0), String) Like
    >> "*@*" Then
    >> EmployeeEmailAddress =
    >> CType(sr.Properties("mail")(0), String)
    >> Else
    >> EmployeeEmailAddress = "Unknown"
    >> End If
    >> Else
    >> EmployeeEmailAddress = "Unknown"
    >> End If
    >>
    >> '*** Get the user's internet email address - alternate
    >> If sr.Properties.Contains("ipphone") Then
    >> 'If sr.Properties("ipphone")(0) <> Nothing Then
    >> 'If InStr(1, CType(sr.Properties("ipphone")(0),
    >> String), "@", CompareMethod.Text) > 0 Then
    >> If CType(sr.Properties("ipphone")(0), String) Like
    >> "*@*" Then
    >> EmployeeAlternateEmailAddress =
    >> CType(sr.Properties("ipphone")(0), String)
    >> Else
    >> EmployeeAlternateEmailAddress = "Unknown"
    >> End If
    >> Else
    >> EmployeeAlternateEmailAddress = "Unknown"
    >> End If
    >>
    >> '*** Get the user's title
    >> If sr.Properties.Contains("title") Then
    >> If sr.Properties("title")(0) <> Nothing Then
    >> EmployeeTitle =
    >> CType(sr.Properties("title")(0), String)
    >> Else
    >> EmployeeTitle = "Unknown"
    >> End If
    >> Else
    >> EmployeeTitle = "Unknown"
    >> End If
    >>
    >> '*** Get the user's manager
    >> If sr.Properties.Contains("manager") Then
    >> If sr.Properties("manager")(0) <> Nothing Then
    >> mgrsupr = CType(sr.Properties("manager")(0),
    >> String)
    >>
    >> '*** Parse out the manager/supervisor name
    >> x = mgrsupr.IndexOf("CN=")
    >> y = mgrsupr.IndexOf(",")
    >> If y > 0 Then
    >> EmployeeSupervisorManager =
    >> mgrsupr.Substring(x + 3, y - (x + 3))
    >>
    >> getUserInfoforMgr(EmployeeSupervisorManager)
    >> Else
    >> EmployeeSupervisorManager = "Unknown"
    >> EmployeeMgrEmailAddress = "Unknown"
    >> EmployeeMgrAlternateEmailAddress =
    >> "Unknown"
    >> End If
    >> Else
    >> EmployeeSupervisorManager = "Unknown"
    >> EmployeeMgrEmailAddress = "Unknown"
    >> EmployeeMgrAlternateEmailAddress = "Unknown"
    >> End If
    >> Else
    >> EmployeeSupervisorManager = "Unknown"
    >> EmployeeMgrEmailAddress = "Unknown"
    >> EmployeeMgrAlternateEmailAddress = "Unknown"
    >> End If
    >>
    >> Exit Sub '*** Let's get out of here because we've
    >> got our info
    >>
    >> End If 'the Active Directory entry is the correct one
    >>
    >> Next 'Next Active Directory entry
    >>
    >> Catch exp As Exception
    >>
    >> myErrMsg = "Exception:" & exp.Message
    >> FullEmployeeName = "Not Found 3"
    >> EmployeeShortName = "Not Found 3"
    >> DepartmentName = "Not Found 3"
    >> EmployeeExtension = "000"
    >> EmployeeIDNumber = "0000"
    >> EmployeeEmailAddress = ""
    >> EmployeeAlternateEmailAddress = ""
    >> EmployeeSupervisorManager = "Not Found 3"
    >> EmployeeTitle = "Not Found 3"
    >>
    >> End Try 'searching for the Active Directory Entry for the current
    >> windows identity
    >> End Sub 'getUserInfo
    >>
    >> =====================================================
    >>
    >> "Luke Zhang [MSFT]" <> wrote in message
    >> news:...
    >>> Hello,
    >>>
    >>> What is the result if you check "Current.User.Identity.Name", is it
    >>> "domain\marys" or 'domain\maryj"? Will a IIS reset fix the problem?
    >>> Also,
    >>> you may have the user clear her local IE cache and cookie to see if this
    >>> will help.
    >>>
    >>> Sincerely,
    >>>
    >>> Luke Zhang
    >>>
    >>> Microsoft Online Community Support
    >>> ==================================================
    >>> Get notification to my posts through email? Please refer to
    >>> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    >>> ications.
    >>>
    >>> Note: The MSDN Managed Newsgroup support offering is for non-urgent
    >>> issues
    >>> where an initial response from the community or a Microsoft Support
    >>> Engineer within 1 business day is acceptable. Please note that each
    >>> follow
    >>> up response may take approximately 2 business days as the support
    >>> professional working with you may need further investigation to reach
    >>> the
    >>> most efficient resolution. The offering is not appropriate for
    >>> situations
    >>> that require urgent, real-time or phone-based interactions or complex
    >>> project analysis and dump analysis issues. Issues of this nature are
    >>> best
    >>> handled working with a dedicated Microsoft Support Engineer by
    >>> contacting
    >>> Microsoft Customer Support Services (CSS) at
    >>> http://msdn.microsoft.com/subscriptions/support/default.aspx.
    >>> ==================================================
    >>>
    >>> This posting is provided "AS IS" with no warranties, and confers no
    >>> rights.
    >>>
    >>>
    >>>

    >>
    >>

    >
    >
     
    lgalusha, Nov 27, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kevin Burton

    WindowsPrincipal and WindowsIdentity.

    Kevin Burton, Jan 7, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    7,483
    bruce barker
    Jan 8, 2004
  2. Mark
    Replies:
    1
    Views:
    3,256
    qvo178
    Feb 23, 2010
  3. Peter Moberg

    Role empty in WindowsPrincipal

    Peter Moberg, Jul 25, 2003, in forum: ASP .Net Security
    Replies:
    0
    Views:
    177
    Peter Moberg
    Jul 25, 2003
  4. Mark

    CurrentPrincipal, WindowsPrincipal

    Mark, Jan 12, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    188
    zeldadog
    Jan 12, 2004
  5. naijacoder naijacoder

    WindowsPrincipal.IsInRole() problem with non-builtin roles

    naijacoder naijacoder, Aug 30, 2004, in forum: ASP .Net Security
    Replies:
    4
    Views:
    281
    Joe Kaplan \(MVP - ADSI\)
    Sep 2, 2004
Loading...

Share This Page