If you have AuthenticationMode = "Windows" turned on in your web.config, the type of IIdentity object that is being used is actually a WindowsIdentity. So you can simply do this to get the groups he is a member of:
You can do a foreach string loop on the Groups. Each item in the Groups is the Sid of the group in AD.If you are using ASP.Net membership with an ActiveDirectoryRoleProvider then you can simply do a User.IsInRole("groupName") to check their membership. Otherwise
you will need to do a lookup in AD.Keep in mind, if this is for authentication, then you will want to handle as much of this up front when the session is established or cache it so multiple trips to AD can be minimized.
Dim principal As String() = Context.User.Identity.Name.Split("\"c)
Dim filter As String = string.Format("(&(ObjectClass={0})(sAMAccountName={1}))", "person", principal)
DirectoryEntry adRoot = new DirectoryEntry("LDAP://corp.net", null, null, AuthenticationTypes.Secure)
DirectorySearcher searcher = new DirectorySearcher(adRoot)
searcher.SearchScope = SearchScope.Subtree
searcher.PropertiesToLoad.Add("sn") ' last name
searcher.PropertiesToLoad.Add("givenName") ' first name
searcher.PropertiesToLoad.Add("mail") ' e-mail
searcher.PropertiesToLoad.Add("telephoneNumber") ' phone
searcher.Filter = filter
Dim result SearchResult = searcher.FindOne()
Dim directoryEntry As DirectoryEntry = result.GetDirectoryEntry()
Dim displayName As String = directoryEntry.Properties("displayName".Value.ToString()
Dim firstName As String = directoryEntry.Properties("givenName").Value.ToString()
Dim lastName As String = directoryEntry.Properties("sn").Value.ToString()
Dim email As String = directoryEntry.Properties("mail").Value.ToString()
ad
Marked as answer by Dino He - MSFT on Feb 24, 2012 06:27 AM
lordplazikov...
Member
195 Points
319 Posts
Active Directory getting info user
Feb 17, 2012 10:42 AM|LINK
Hi all,
How do I get the information of an user that is logged in to the domain?
I already can get his username, but I need his group and role.
I'm doing this in VB.NET.
Thanks in advance.
ad
yarbizzle
Member
16 Points
3 Posts
Re: Active Directory getting info user
Feb 17, 2012 05:59 PM|LINK
If you have AuthenticationMode = "Windows" turned on in your web.config, the type of IIdentity object that is being used is actually a WindowsIdentity. So you can simply do this to get the groups he is a member of:
You can do a foreach string loop on the Groups. Each item in the Groups is the Sid of the group in AD.If you are using ASP.Net membership with an ActiveDirectoryRoleProvider then you can simply do a User.IsInRole("groupName") to check their membership. Otherwise you will need to do a lookup in AD.Keep in mind, if this is for authentication, then you will want to handle as much of this up front when the session is established or cache it so multiple trips to AD can be minimized.
smirnov
All-Star
23416 Points
4024 Posts
Re: Active Directory getting info user
Feb 21, 2012 06:15 PM|LINK
Try something like this
Dim principal As String() = Context.User.Identity.Name.Split("\"c) Dim filter As String = string.Format("(&(ObjectClass={0})(sAMAccountName={1}))", "person", principal) DirectoryEntry adRoot = new DirectoryEntry("LDAP://corp.net", null, null, AuthenticationTypes.Secure) DirectorySearcher searcher = new DirectorySearcher(adRoot) searcher.SearchScope = SearchScope.Subtree searcher.PropertiesToLoad.Add("sn") ' last name searcher.PropertiesToLoad.Add("givenName") ' first name searcher.PropertiesToLoad.Add("mail") ' e-mail searcher.PropertiesToLoad.Add("telephoneNumber") ' phone searcher.Filter = filter Dim result SearchResult = searcher.FindOne() Dim directoryEntry As DirectoryEntry = result.GetDirectoryEntry() Dim displayName As String = directoryEntry.Properties("displayName".Value.ToString() Dim firstName As String = directoryEntry.Properties("givenName").Value.ToString() Dim lastName As String = directoryEntry.Properties("sn").Value.ToString() Dim email As String = directoryEntry.Properties("mail").Value.ToString()ad