Develop Reference

Active Directory / LDPA is not being authenticated with long Username

I am trying to authenticate Active Directory User as follow:
Method 1:
bool IsValidUser = new PrincipalContext(ContextType.Domain, DomainName).ValidateCredentials(Username, Password);
Method 2:
DirectoryEntry DE = new DirectoryEntry("LDAP://" + DomainName, Username, Password);
I have tried following credentials:
DomainName = mydomain.local
Username = adminldapfooicxrecord
Password = adminldapfooicxrec0rd*
With above Username Method 1 is returning false while Method 2 on DE.Children is throwing an error of Logon failure: unknown user name or bad password.
If Username would be adminldapfooicxrecord#mydomain.local it would work perfectly.
Why is this so ? Any clue ?

User accounts in Active Directory have two usernames, and you can authenticate using either one:
sAMAccountName - This is what is commonly called the "username". It's also described as the "User logon name (pre-Windows 2000)" in AD Users and Computers
userPrincipalName - This is a newer username field that was made to look like an email address. It is often made up of the sAMAccountName and # the domain name, and can even match the user's email address, but there is no technical requirement that this be true.
If you are using the userPrincipalName to login, then you must use the entire value, which includes #mydomain.local.

change active directory password in sharepoint webpart

I want to change active directory password in my web part in SharePoint but when i change the password, the stored account password in SharePoint does not change and i get this error:
This operation can be performed only on a computer that is joined to a server farm by users who have permissions in SQL Server to read from the configuration database. To connect this server to the server farm, use the SharePoint Products Configuration Wizard, located on the Start menu in Microsoft SharePoint 2010 Products.
This is my code for change password:
public void ChangePassword(string usrDomain, string username, string oldPassword, string newPassword)
{
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, usrDomain, username, oldPassword))
{
UserPrincipal user = new UserPrincipal(ctx);
user = UserPrincipal.FindByIdentity(ctx, username);
user.ChangePassword(oldPassword, newPassword);
user.Save();
}
}

Assuming your AD server is "in the sharepoint farm", you will have to run your code with another account.
Solution is to impersonate with an admin user token who has rights in the AD server :
SPUser AdminUser = SPContext.Current.Web.SiteUsers[#"domain\username"];
using(SPSite oSiteCollection = new SPSite("http://YOURSITE", AdminUser.UserToken))
{
//run your code
}

A reliable way to obtain the Windows user display name

I need to get the Display Name of the current user, and cannot find a solution that always works. Just for clarity, I'm not looking for the username. I need the "John Doe". The value displayed on the Start Menu.
There are many posts about this question however none have solved my problem.
Get Windows User Display Name
How do I get the AD Display Name of the currently logged in user
These two posts lead me to:
PrincipalContext context = domain.Equals(Environment.MachineName, StringComparison.CurrentCultureIgnoreCase) ?
new PrincipalContext(ContextType.Machine) :
new PrincipalContext(ContextType.Domain, domain);
UserPrincipal userPrincipal = new UserPrincipal(context) { SamAccountName = username };
PrincipalSearcher searcher = new PrincipalSearcher(userPrincipal);
userPrincipal = searcher.FindOne() as UserPrincipal;
string displayName = userPrincipal.DisplayName;
And this code works for the most part. However if the user's has disabled/stopped the Server service on his/her computer I get an exception saying "The Server service is not started."
System.DirectoryServices.AccountManagement.UserPrincipal.Current.DisplayName
Same error.
How to get logged-in user's full name in windows?
StringBuilder name = new StringBuilder(1024);
uint userNameSize = (uint)name.Capacity;
const int NameDisplay = 3;
GetUserNameEx(NameDisplay, name, ref userNameSize)
Returns no error, but an empty string if the user is not on a domain.
How do you read the user's display (first and last) name on all versions of Windows reliably?
// get SAM compatible name <server/machine>\\<username>
if (0 != GetUserNameEx(2, username, ref userNameSize))
{
IntPtr bufPtr;
try
{
string domain = Regex.Replace(username.ToString(), #"(.+)\\.+", #"$1");
DirectoryContext context = new DirectoryContext(DirectoryContextType.Domain, domain);
DomainController dc = DomainController.FindOne(context);
if (0 == NetUserGetInfo(dc.IPAddress,
Regex.Replace(username.ToString(), #".+\\(.+)", "$1"),
10, out bufPtr))
{
var userInfo = (USER_INFO_10) Marshal.PtrToStructure(bufPtr, typeof (USER_INFO_10));
return Regex.Replace(userInfo.usri10_full_name, #"(\S+), (\S+)", "$2 $1");
}
}
finally
{
NetApiBufferFree(out bufPtr);
}
}
With the above I get an ActiveDirectoryObjectNotFoundException with message "Domain controller not found in the domain.." when DomainController.FindOne is called.
I haven't found a registry setting for the display name.
I'm don't know what else to try. Please help.

All of the above methods will only work if you are on a domain. If you are not, then you must rely on the local user account store. The following details how to retrieve this info: How can I get a list Local Windows Users (Only the Users that appear in the windows Logon Screen). In a domain situation though, the users account will not be in the local store.
If you are on a domain but not connected to the domain controller, the Display Name will not be readily available to you. This information is stored on the domain controller, not the local user's computer. If your users are on a domain, they really shouldn't be able to disable the Server service(use GPOs). Also, they lose much more than the ability to retrieve their user account by disabling that service.
I would check for domain availability before trying to get the display name. If it fails, display a message indicating the failure. There are potentially too many edges cases here to make it work accounting for all of them. Go with the scenario that you intend the program to be used under, and give an error message for the others.

How to get Current User in Sharepoint site workflow 2010?

Am trying to find the current logged user in sharepoint site workflow 2010 while creating a project. Based on the user, I would like to retrieve the current user's project manager. Every time am trying to retrieve current user name, it's giving System Account.
I even tried logging in as different user but still displaying System Account as the current user.
I tried following options :
SPUser user = workflowProperties.OriginatorUser;
SPUser user = SPContext.Current.Web.CurrentUser;
SPWeb web = SPContext.Current.Web;
SPUser user = web.CurrentUser;
SPContext.Current.Web.CurrentUser.LoginName;
But everything failed. Am sure that am doing something wrong. I don't know the correct procedure. Some procedures give me null or Object reference not set to an instance of the object or System Account details. I have even tried using elevated permission and its giving me null value.
SPSecurity.CodeToRunElevated elevatedSubmit = new SPSecurity.CodeToRunElevated(delegate
{
//SPUser user = SPContext.Current.Web.CurrentUser;
//string strAssignedTo = user.Name;
string sspURL = "http://localhost/PWA/default.aspx";
SPSite site = new SPSite(sspURL);
SPWeb web = site.OpenWeb();
SPUser theUser = web.CurrentUser;
string strUserName = theUser.Name;
});
SPSecurity.RunWithElevatedPrivileges(elevatedSubmit);
Am I supposed to add users explicitly as SPUser or any other changes before trying to retrieve current user via workflow ?

SharePoint 2010 Get Current Username / Logged in User
check this StackExchange answer as well
Get the current user interacting with a site workflow
if you are wanting to get the current user when you log in you can try something like this
SPWeb webSite = SPControl.GetContextWeb(SPContext);
SPUser spUser = webSite.CurrentUser;
string strUserName = spUser.LoginName;
using this line below will return the OriginatorUser however if you are not logged in as Admin you will get the System Account UserName
//This give the Login name e.g <domain>\<name>
workflowProperties.OriginatorUser.LoginName;
** Note ** I noticed that in your code you are trying to get / assign user twice
you should only need this line if you decide to use your code
SPUser user = SPContext.Current.Web.CurrentUser;

its seem to work :
SPUser user = this.workflowProperties.OriginatorUser;
RunWithElevatedPrivileges gives you system account privileges in addition to the privileges you would get with a reverto call.
is that code executed on SPSecurity.RunWithElevatedPrivileges method ??
Here is a another trick that i found :
string ModifiedbyUserName = Convert.ToString(workflowProperties.Item.GetFormattedValue("Modified By"));
see this : logged-in user in workflow
Helps it helps!!

Create WindowsIdentity using just a domain and username

I am building a site that gets user information using the WindowsIdentity of the current user. The main info I get from this is the ssid.
I do this for the current users as follows
IntPtr logonToken = WindowsIdentity.GetCurrent().Token;
WindowsIdentity windowsId = new WindowsIdentity(logonToken);
string ssid = windowsId.User.ToString();
What I need to do now, and am failing at, is getting the ssid for any arbitrary username that exists on the domain.
I tried WindowsIdentity(string), but that gave me a SecurityException
The name provided is not a properly formed account name.

How are you formatting the principal? Generally they take the form of user#domain.ext, so if your AD provides principal resolution on say example.com, a user principal name (UPN) may look like: joe.bloggs#example.com. The WindowsIdentity(string) constructor accepts a UPN, not an older format username EXAMPLE\joe.bloggs