I'm going to integrate my application with Active Directory, so that if i add a Windows user to the app, he/she will not need to login with the app's credentials, pretty much like you have SQL server in mixed mode - you can use SQL login, or you can use windows authentication.
So i figured out that for Windows users i shouldn't store the username but rather the objectGUID of that user, because if the user gets renamed it should seamlessly affect my app.
Now, the problem is i can't figure out how to get currently logged in user's GUID without querying AD, because if i'm logged in but not on the network it will not find the DC to query.
Interesting idea but see no reason for that.
Why don't use Domain User Groups, instead of adding every user to sql logins. With this method you will setup security of SQL with several number of groups and all management will be posible from Domain user managment.
I'm not doing anything with SQL logins - i talked about sql to give an example of mixed authentication. I'm going to map the application users to their windows logins, so that they can auto-login to my application. It will work like this: when you start the app and choose to user windows login, it will find your windows login, then from the database it will get the application login fo rthis windows login, and will log you into the app as that user.
Hey I know this is really old but I thought I'd mention this for anyone else attempting to obtain the GUID for the currently logged in domain user.
In .Net 3.5 the UserPrinciple class was introduced under the System.DirectoryServices.AccountManagement namespace. It has a property for both getting the current UserPrinciple and the Guid from it.
using System.DirectoryServices.AccountManagement; Guid currentGuid = UserPrincipal.Current.Guid;
- Proposed as answer by Fls'Zen Friday, September 02, 2011 2:18 PM