I am trying to get details of a AD user that logged in a directory pc. I mean that when a user logged in a pc (in AD) by his account and then open a site that's working on intranet, i'll automatically detect his account name, sAMAccountName etc.
Is that possible or i've gotta use an agent or something installed before?
I'm confused about it. I don't want to make a log-in screen for it if possible ofc.
Thanks in advice!
Related
Each user of my asp.net forms app logs into a PC with their Active Directory credentials.
How could the ASP.NET forms app get the user name and the email address currently logged into the PC?
There is no guaranteed way to find out which user they are logged into their computer with. However, you can:
Enable Windows Authentication so they need to authenticate with your website with an AD account
Add your website to the Trusted Sites in the Internet Options on their computer (this can be done in group policy) so that IE and Chrome will automatically send the credentials of the currently-logged-on user account. (Firefox uses its own network.negotiate-auth.delegation-uris setting)
If you skip step 2, then the user will be prompted for credentials. If the credentials sent in step 2 fail for whatever reason (for example, they are logged in with a local account instead of a domain account), the user will be prompted for credentials. Then they can type in whatever AD account they want, which may not be the same as what they are logged into their computer with. That's why I say that there is no 100% guaranteed way to know what account they are logged into their computer with.
If only some of your users have AD accounts, and some don't, then you can use split Forms and Windows authentication. I've done this before and described how I did it in a past answer.
Get User Name with HttpContext.Current.Request.LogonUserIdentity than Query to AD to get Email check How to get a user's e-mail address from Active Directory?
I have used used the Intranet template to create my site and I have set up some AD users and groups. I have configured Internet Explorer to add the site to the local intranet so that I log-in automatically. When I have an Authorize attribute set to specific Users, the user is logged in automatically. But I when use roles such as [Authorize(Roles = "MyADGroup")], the user is not logged in automatically, he needs to enter the password again and then he is logged in.
I cannot understand why this would not work with single sign on. Do I need to add some other configuration to enable this?
Turns out ... I just needed a machine restart. Something was being cached somewhere
I am working on an old ASP.NET application whose end users authenticate with a local Windows account (no domain). We want to switch to using membership (via aspnet_regsql), and move the application to a new server. What's the best way to seamlessly do this?
My biggest concern is I don't want every single user to have to go through the "forgot password" process. Regarding passwords. As I understand, there's no supported way to get at the passwords in order to convert them to membership users. Is there an unsupported way to grab the passwords?
There are about 1000 users, and they log into the system rarely -- maybe a few times per year. Point being: there will be a huge % of users that won't log in until the old system is dead and gone.
My current thought is that we will need to implement two workflows:
Before migration to the new server, anyone that logs in will be authenticated with Windows, and their account automatically converted to a membership user. We will have their password from our custom login page.
After migration, anyone logging in that hasn't been converted to membership will have to go through the "forgot password" routine. We would present a message to them explaining why.
So bottom line: Is there a way to do this without requiring users to go through the forgot password process at all?
I would expect you cannot get the passwords from the windows accounts, you could import the users, create a password and send out an email to users with their new password or you could send a link for users to login and create a password or request a password reset given their email address?
I’ve a Gmail account, assume that me#gmail.com. Now I want to login (as admin) in my website through this account. I know I can use OpenID etc. for that purpose but I want to limit it for just me only. Can I do this? I don’t let anyone else to know which service I used to login and what is my address and etc. (Note: My website contains just one and only one login form, for just me, only!)
I assume that once your OpenID has been verified you will have you own database storing logins (me#gmail.com) so you provide persistence.
You would have a table of logins with an admin column so that for example even though noadmin#gmail.com was verified by OpenID I do not want to let them access, so Response.Redirect them outta there.
I am developing an asp.net application with Windows authentication. User.Identity.Name seems to return the logged in user in the form MACHINENAME\USERNAME.
I would like to use this to access a database of user specific settings but what happens if the user logs on from a different machine, then the MACHINENAME part will be different. So can I simply take the USERNAME part and ignore the MACHINENAME part? Is the format of User.Identity.Name always MACHINENAME\USERNAME for Windows authentication?
Thanks,
AJ
More specifically, User.Identity.Name returns in the format [Domain]\[User]
If your users are showing up as different domains when they access from different machines, then they are in fact different user accounts. You may be able to strip out the [Domain] part, but that means that if anybody on a machine (domain) connects as a user with the same name as a user on a different machine (domain) then the system won't be able to tell them apart. This may be "fine, for now" in your scenario, but it's definitely not good practice.