locked
how to distinguish between two AD accounts with the same name RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-875744750 posted

    hello

    in my web application mvc4 i want to authorize to authenticated user (Active Directory membeship) to access a depatments data record where he belongs. for that, in controller action methode i would implement Where linq clause Where(x=>x.username == User.Identity.Name)

    but what if we have tow accounts with the same name how i can distinguish between them?

    Wednesday, September 4, 2019 7:44 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User753101303 posted

    Hi,

    This is really the AD membership provider or you are using Windows authentication with 4.­­5 or later ? It should be unique at any given time.

    A problem though is that it could be changed or deleted and reused later for another account. To handle this case I'm doing a check to "translate" the authentication info to my own internal user id and I then use that internal id in my app.

    Wednesday, September 4, 2019 8:07 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-875744750 posted

    hello again

    his is really the AD membership provider or you are using Windows authentication with 4.­­5 or later ?

    the AD membership provider

    check to "translate" the authentication info to my own internal user id and I then use that internal id in my app.

    how can i "translate" the authentication info to my own internal user id?

    Thursday, September 5, 2019 7:08 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User1724605321 posted

    Hi bensam16,

    Do you already have exist internal user and want to map the AD user after authenticated ? If yes , you should make the mapping one to one based on id or name .

    Best Regards,

    Nan Yu

    Friday, September 6, 2019 2:05 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User753101303 posted

    What do you have for https://docs.microsoft.com/en-us/dotnet/api/system.web.security.activedirectorymembershipuser.provideruserkey?view=netframework-4.8 ?

    If using the name to lookup this key and then use this key in your db it should work :
    - if the SamAccountName is changed you should get the same key
    - if deleted and another account with the same name is created you'll have another key

    And so you'll keep linking the user to its data as you have now a true pk (ie a value that never changed once assigned and that is never reused unlike the sam account name).

    Friday, September 6, 2019 8:25 AM