how to get windows authenticated user guid from internal asp web application?

2

Ok, so this was working in my VS test server (naturally), but as soon as I publish to IIS, it breaks. What I need for this to work is to be able to get ahold of the GUID (not the SID, please) of the user currenctly logged into the machine. Using DirectoryServices, this was my original implementation:

var guid = UserPrincipal.Current.Guid.ToString();

This is giving me an error that I cannot cast from GroupPrincipal to UserPrincipal. So it sounds like the application is trying to run as a some authenticated group or something. I realize, the normal approach would be something like HttpContext.Current.User.Identity, but I'm not sure what to do with that as it has no Guid property and when I try to convert it to a SID and run an LDAP query, it throws an exception. Can someone help me with the necessary steps to achieve this?

Thanks

UPDATE: Okay here's my most current attempt:

protected string GetUserGuid()
    {
        var pc = new PrincipalContext(ContextType.Domain);
        var windowsID = HttpContext.Current.User.Identity;
        var up = UserPrincipal.FindByIdentity(pc, windowsID.Name);
        return up.Guid.ToString();
    }

And the exception I get:

[COMException (0x8007054b): The specified domain either does not exist or could not be contacted. ]
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) +788 System.DirectoryServices.DirectoryEntry.Bind() +44
System.DirectoryServices.DirectoryEntry.get_AdsObject() +42
System.DirectoryServices.PropertyValueCollection.PopulateList() +29
System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) +63
System.DirectoryServices.PropertyCollection.get_Item(String propertyName) +163
System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() +436 System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() +51 System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() +141 System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() +42 System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) +29
System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) +95 TicketsToMe.GetUserGuid() +123
TicketsToMe.Page_Load(Object sender, EventArgs e) +38
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25 System.Web.UI.Control.LoadRecursive() +71 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3048

c#
asp.net
iis-7
active-directory
windows-authentication
asked on Stack Overflow Mar 28, 2012 by Sinaesthetic • edited Mar 28, 2012 by Sinaesthetic

1 Answer

1

If something runs locally but not on IIS it can be a permission thing. Have you checked trust level on your IIS? Local VS test server runs on Full trust but IIS (especially 7) website may be set to Medium or lower. This has caused me problems before with similar results i.e. something running locally but not on IIS.

Also it is worth checking permissions for app pool user.

answered on Stack Overflow Mar 28, 2012 by Maciej • edited Mar 28, 2012 by Maciej

User contributions licensed under CC BY-SA 3.0