Click here to get back home

Is it possible to use the Windows 2003 user names instead of pre-Windows 2000 user names in Windows Authentication?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Is it possible to use the Windows 2003 user names instead of pre-Windows 2000 user names in Windows Authentication? MaURiCe 09-05-2006
Posted by MaURiCe on September 5, 2006, 9:27 am
Please log in for more thread options
 Hello,
I am trying to get username information by using
User.Identity.Name.ToString, if i logged in with username to given
network place, it is ok! It returns SERVERNAME/username.
Otherwise if I logged in with "name.surname@SERVERNAME.com" it again
returns SERVERNAME/username although i want it to return
"name.surname".
I changed the IIS server settings, checked digest authentication and
tried the other things, too. But makes no difference.
It is said to originated from Kerberos Authentication...
If anyone can help me I will be appreciated.
Thanks for now,
MK


Posted by Brian Desmond [MVP] on September 5, 2006, 4:22 pm
Please log in for more thread options
 IIS must be making the translation internally from the UPN to the
sAMAccountName. It's not hard to get the UPN given the WindowsIdentity
object that you have at hand, and relying on the UPN for the user's true
name is bad programming practice IMHO.

My recommendation is to search AD for that user's object in the directory
and retrieve the first and last name properties or whatever else you need in
your code.

--
Thanks,
Brian Desmond
Windows Server MVP - Directory Services

www.briandesmond.com


> Hello,
> I am trying to get username information by using
> User.Identity.Name.ToString, if i logged in with username to given
> network place, it is ok! It returns SERVERNAME/username.
> Otherwise if I logged in with "name.surname@SERVERNAME.com" it again
> returns SERVERNAME/username although i want it to return
> "name.surname".
> I changed the IIS server settings, checked digest authentication and
> tried the other things, too. But makes no difference.
> It is said to originated from Kerberos Authentication...
> If anyone can help me I will be appreciated.
> Thanks for now,
> MK
>



Posted by MaURiCe on September 6, 2006, 7:38 am
Please log in for more thread options
Thank you for your answer but is there any other option that we can
solve it by changing the settings of IIS...
Moris

Brian Desmond [MVP] wrote:
> IIS must be making the translation internally from the UPN to the
> sAMAccountName. It's not hard to get the UPN given the WindowsIdentity
> object that you have at hand, and relying on the UPN for the user's true
> name is bad programming practice IMHO.
>
> My recommendation is to search AD for that user's object in the directory
> and retrieve the first and last name properties or whatever else you need in
> your code.
>
> --
> Thanks,
> Brian Desmond
> Windows Server MVP - Directory Services
>
> www.briandesmond.com
>
>
> > Hello,
> > I am trying to get username information by using
> > User.Identity.Name.ToString, if i logged in with username to given
> > network place, it is ok! It returns SERVERNAME/username.
> > Otherwise if I logged in with "name.surname@SERVERNAME.com" it again
> > returns SERVERNAME/username although i want it to return
> > "name.surname".
> > I changed the IIS server settings, checked digest authentication and
> > tried the other things, too. But makes no difference.
> > It is said to originated from Kerberos Authentication...
> > If anyone can help me I will be appreciated.
> > Thanks for now,
> > MK
> >


Posted by Roger Abell [MVP] on September 6, 2006, 10:22 am
Please log in for more thread options
When you stated
> It is said to originated from Kerberos Authentication...
you are indicating strong evidence from the security event
logs showing that the login was negotiated to and did then
successfully use Kerberos, not NTLM ??


> Hello,
> I am trying to get username information by using
> User.Identity.Name.ToString, if i logged in with username to given
> network place, it is ok! It returns SERVERNAME/username.
> Otherwise if I logged in with "name.surname@SERVERNAME.com" it again
> returns SERVERNAME/username although i want it to return
> "name.surname".
> I changed the IIS server settings, checked digest authentication and
> tried the other things, too. But makes no difference.
> It is said to originated from Kerberos Authentication...
> If anyone can help me I will be appreciated.
> Thanks for now,
> MK
>



Similar ThreadsPosted
Use Windows 2003 CA to create a web server certificate with alternative DNS names June 2, 2007, 1:02 pm
Safely change the Administrator accounts and names 2003 server July 11, 2007, 6:15 pm
Windows 2000 Domain, Windows 2003 Enterprise CA July 15, 2005, 2:07 pm
windows 2003 user login failed locally October 16, 2005, 1:50 pm
What has Windows 2003 Server security done to domain user profiles January 17, 2006, 11:49 pm
plz help to creating a windows server 2003 domain member user April 7, 2007, 3:08 am
windows 2000 server like home permistions on 2003 November 30, 2006, 1:00 pm
Power Users & Servers - Windows 2000 & 2003 Differences December 7, 2006, 9:32 am
Best Practice for Group Names August 10, 2006, 8:35 am
Re: Windows Update Agent not found, or the computer is not running Windows 2000 SP3 or later. October 18, 2005, 4:15 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap