Last post Sep 11, 2009 03:20 AM by GoranPersson
Sep 09, 2009 09:15 AM|GoranPersson|LINK
I'm implemeting a single sign on solution.
I know that the user is autheticated because she as logged in to the computer. I get the user name through Environment.UserName, but I can't get user information from Active Directory since I don't have the users password. But that is the point. The user
shouldn't have to type username och password one more time.
Can this be done? Getting user information from AD without knowing the user password?
Sep 09, 2009 11:20 AM|JeffWask|LINK
What information? Your application should use one ID that is Authorized to Read from the directory to gather information on the individual users.
myDirEntry = new DirectoryEntry(LDAPRoot, username, password, AuthenticationType.Secure)
Then you use the generic entry with an Application User autherorized as an AD reader to get the details on the individual users.
Sep 10, 2009 03:12 AM|GoranPersson|LINK
Thanks for your reply.
myDirEntry = new DirectoryEntry(LDAPRoot, username, password, AuthenticationType.Secure) works fine if I have the users password.
The problem is that I don't know the password. If I pass myDirEntry = new DirectoryEntry(LDAPRoot, username, "", AuthenticationType.Secure) an exception saying that the username or password is incorrect is thrown. But since the user allready is authenticated
I'd like to check against the AD without knowing the password.
Sep 10, 2009 09:31 AM|raghu1|LINK
Your question is confusing: what do you want to check ? . Per the previous reply once the user is authenticated by AD, you do not need the user's password. You need to use the service account to get other AD attributes.
Sep 11, 2009 03:20 AM|GoranPersson|LINK
Thanks for trying to help me. Sorry for the confusion.
I think I landed in that you have to have an administrator account to manage other accounts in the AD. The user will have to configure such an account. I was hoping that I could avoid that, but this will solve my problems. So be it.