Saturday, March 24, 2012

Windows Authentication, storing user identity

I am using Windows Authentication for a web application. I want to
store the identity of users who add, update and delete records in the
database. What is a good built-in active directory identifier to
use? Username, SID? I'd rather not use the username, because this
could change.

Thanks ~ MattOn Apr 9, 3:19 pm, "Matt" <mattmor...@.yahoo.comwrote:

Quote:

Originally Posted by

I am using Windows Authentication for a web application. I want to
store the identity of users who add, update and delete records in the
database. What is a good built-in active directory identifier to
use? Username, SID? I'd rather not use the username, because this
could change.


I would recommend to use the username, because it's a unique id in
AD.

If you cannot use it, consider a Globally Unique Identifier (GUID).
I would recommend to use the username, because it's a unique id in

Quote:

Originally Posted by

AD.


Username could change, right?

Quote:

Originally Posted by

If you cannot use it, consider a Globally Unique Identifier (GUID).


Are you talking about the objectGUID property from AD or creating a
mapping table?
On Apr 9, 6:16 pm, "Matt" <mattmor...@.yahoo.comwrote:

Quote:

Originally Posted by

>
Username could change, right?


In my experience this happen very seldom.
You might also use a user's full name (Display Name)

Quote:

Originally Posted by

Are you talking about the objectGUID property from AD


Yes. GUID is never changed. SID can change and it is used only by
security principals.
On Apr 9, 3:36 pm, "Alexey Smirnov" <alexey.smir...@.gmail.comwrote:

Quote:

Originally Posted by

On Apr 9, 6:16 pm, "Matt" <mattmor...@.yahoo.comwrote:
>
>
>

Quote:

Originally Posted by

Username could change, right?


>
In my experience this happen very seldom.
You might also use a user's full name (Display Name)
>

Quote:

Originally Posted by

Are you talking about the objectGUID property from AD


>
Yes. GUID is never changed. SID can change and it is used only by
security principals.


How do you get all your info from AD?

I found a nice class library for this:
http://www.codeproject.com/cs/inter...veDirectory.asp

Posted by secreteasdv at 8:50 AM
Labels: , , , , , , , , , , , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)