using Hagen.Frank.blog; - Collecting User Info from the Domain

Friday, December 22, 2006

In Intranet applications, it is often critical to know who your user is. NTLM and .NET give you the ability to get the login name, which is a great identifier, but tells you nothing about them. You get this by using:

						HttpContext.Current.User.Identity.Name
				

though typically that can be shortened to simply User.Identity.Name. However, with LDAP calls you can get more information, but you need to know the LDAP address of the domain controller for AD. One tool I found that helps is ldp.exe which is available with the Windows Support Tools from Microsoft (free!). Just connect to the AD controller and it gives you the LDAP address you can use in your System.DirectoryServices calls.

The guts of it are this:
Make a connection to the domain controller using an LDAP address:

						        szADPath = 
						String
						.Format(
						"LDAP://CN=Users,DC={0},DC=com"
						, szDomain);
				

						        
						DirectoryEntry
						entry = 
						new
						
						
						DirectoryEntry
						(szADPath);
				

Create a DirectorySearcher with filters and find the user you want:

        string_szUID = HttpContext.Current.User.Identity.Name;
 
        DirectorySearcher search = new DirectorySearcher(entry);
        search.Filter = String.Format("(SAMAccountName={0})", _szUID.Substring(_szUID.IndexOf("\\") + 1));
        search.PropertiesToLoad.Add("displayName");    // Full Name (Frank Hagen)
        search.PropertiesToLoad.Add("employeeid");     // EmplID   (123456)
        search.PropertiesToLoad.Add("givenname");      // First Name (Frank)
        search.PropertiesToLoad.Add("sn");             // Last Name  (Hagen)
        SearchResult result = search.FindOne();        // Execute filtered search

Then iterate through all of the properties returned:

        foreach(string key in result.Properties.PropertyNames)

That's really all there is to it.

Of course the data available is dependant on the quality of data input by the Network Support group. If they don't put anything useful in, your still stuck with nothing. We are fortunate here and are taking the employee id and querying against other sources for additional data.

I am building a class for internal projects to use this. When I have cleaned it up and optimized it properly, I will post it. It was hard to find good resources online for this, surprisingly, although there were many 3rd party paid products available. Maybe I should package it up and sell it too....

Friday, December 22, 2006 10:29:05 AM (Eastern Standard Time, UTC-05:00)

Comments [0] -
.NET

All comments require the approval of the site owner before being displayed.

OpenID
Please login with either your OpenID above, or your details below.

Name
E-mail	(will show your gravatar icon)
Home page

	Remember Me
Comment (Some html is allowed: `b, blockquote@cite, i, strike, strong, u`) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.
Enter the code shown (prevents robots):
Live Comment Preview