If I have a basic web form for our company's intranet and all users are logged in to the domain via AD authentication, can I extract a visitors user name in c#?
Use the User property on the current Page, like so,
var username = this.User.Identity.Name
If you are using Windows Authentication, and don't allow anonymous access, then HttpContext.Current.User.Identity.Name will have the name of the currently logged on user in the format domain\username.
If you want more info from AD (e.g. a display name), then you need to use the classes in the System.DirectoryServices namespace. You may need to provide credentials to access AD if your site is running under a restricted account such as the Network Service account.
Related
i have windows service which is deployed using service.msc using c#,
i want to access the current logged in users download folder
eg: if the current logged in username is admin, then i want to access
C:\Users\admin\Downloads
and if the current logged in username is tomas, then i want to acess
C:\Users\tomas\Downloads.
You can use SHGetKnownFolderPath(FOLDERID_Downloads), passing in a token for the desired user account. The trick will be in knowing which user you want. There may be more than one user logged in at the same time. There may be no users logged in at all. If your service is running under the SYSTEM account, it can enumerate active user sessions via WTSEnumerateSessions() and get their user token via WTSQueryUserToken().
I am connecting to a service account using a service account credential.
I'm trying to scale this up to be used for multiple users within the same company. All users will have Google accounts managed by this company, and I will have a gsuite service account for the entire company. How can I upload a file to users personal Google Drive based on an email address using a gsuite service account?
You want to use ServiceAccountCredential, with a User property set to the appropriate user.
Assuming you're loading the credentials using GoogleCredential, this isn't too hard. For example:
GoogleCredential credential = Google.GetApplicationDefault()
.CreateScoped(...)
.CreateWithUser("foo#bar.com");
If you wanted to use the same original credentials for many different users, you could keep the result of CreateScoped(...) around, and just call CreateWithUser to create a new user-specific credential for each operation.
Using Oauth2 you are going to have to have each of the users authentication your application. This will give you access to their drive account directly. Now you say you have a master user. You could just request that these other users share a folder on their Google drive account with the master user then it will have access. Note you can't share the root directory.
You might want to consider using a service account instead of oauth2 this the users will then have to grant the service account access to their drive account.
Now if this is a gsuite users all of this can be automatically done useing domain wide delegation of the service account.
Here in my work we have the same scenario as you, and to be able to achive this type of integration we created a service account with wide domain delegation enabled for this account.
This way we can use the service account to access users data on their behalf.
But for that, when creating the service account credential, you must impersonate the service account credential passing the user email, this way you'll be able to access user data on their behalf using the service account.
Since you're using C#, I've created a small library that create service account credentials for any type of google api services and for both JSON or P12 credentials.
https://github.com/drodriguesaar/GoogleApiServiceFactory
So I'm developing a web application that allows users to view their SQL reporting services reports externally, and users log in with a custom username the user created themselves.
I would like to authenticate these usernames against their windows domain accounts, which a check against the active directory to see if the user is in a relevant group and that will determine the access rights to certain reports.
Now I can't use windows authentication as a login procedure to my web application but I do have a SQL table which stores their custom username (which they log in with) mapped against their windows domain account, and on login I store the domain name into the session (stores the windows account credentials as a string) as a property which is exposed by my base controller.
I've already gone off and tried this solution,
http://www.benramey.com/2014/10/20/active-directory-authentication-in-asp-net-mvc-5-with-forms-authentication-and-group-based-authorization/
but as you can see from my previous post (see here Trying to authenticate users against the AD - ASP.NET MVC) i'm not getting the desired result.
Just looking for some advice on how I can achieve authenticating against the AD with my scenario.
I'm trying to achieve the simplest functionality related to windows authentication in DotNetNuke. What I need is just the user to be authenticated using windows authentication when accessing DNN site (no need for user to be logged in within DNN) and read his username (HttpContext.User.Identity.Name).
How can I achieve this as simple as possible?
Is it possible without using any 3rd party authentication providers e.g. DNN Auth: Active Directory?
If you need the user to be in the domain to get to the site, but don't want them in the actual DNN site as a user, simply deny "anonymous" access to the website and require windows authentication. IIS will handle this for you.
This is all configured in IIS under the AUthorization option.
I bet I know what your problem is...
Try this: create a new user in DNN whose username is: DOMAIN\username
Where DOMAIN\username matches that of a Windows User on that machine. As Mitchel pointed out, deny Anonymous and enable Windows auth for the DNN site in question in IIS.
For fun, do cmd iisreset, restart your browser and hit your DNN site.
When prompted, use DOMAIN\username and the Windows user's password, NOT the password you assigned that user in DNN.
Is it possible to mix all these access controls in one site?
I have a requirement saying
a) Users from the AD must be allowed
access, using integrated security
b) Users from some other AD must be
allowed access; potentially by
logging in
c) Users not in the AD's
should be able to create a new
account on the site.
Now, ofcourse, i would like the site not to care about where a user was authenticated; just that he was.
What is the best way to achieve this?
I did something like this on a project a while ago, and it worked like this:
I set the application to use Forms Authentication, with anonymous access enabled in IIS.
I created a standard Forms Authentication login page that accepted a user ID and password to do non-integrated logins.
I also made a special .aspx page for integrated security login and set ONLY that one page to use integrated security (and not anonymous access) in IIS. This page manually created a Forms Authentication ticket based on the credentials from IIS.
In the main Forms Authentication login page, I looked at the incoming address on the request to see if it was from the LAN, and if so, redirected to the integrated security login page (so the user did not get prompted for user ID and password, it just logged them in with integrated security).
I also made the Forms Authentication login page smart enough to determine, based on your user ID, if you were an AD user, and do an LDAP lookup against the AD if so to check your password. This enabled users who had AD accounts to log using their AD credentials even when not on the LAN (and thus not using integrated security). For non-AD users, verification was done against a separate list of user IDs and password hashes maintained by the application.
I think that there is an answer from the man himself. Basically you should use the usual asp.net membership provider model. But create your own custom provider that wrap the active directory and the sql provider. Maybe two different active directory providers.