Re: Get currently logged in user's ojectGUID
- From: "Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx>
- Date: Mon, 19 Mar 2007 20:31:59 +0100
"MuZZy" <tnr@xxxxxxxxxxxxxxxxx> wrote in message news:%23Sury$kaHHA.4008@xxxxxxxxxxxxxxxxxxxxxxx
Willy Denoyette [MVP] wrote:"MuZZy" <tnr@xxxxxxxxxxxxxxxxx> wrote in message news:O2qy1UZaHHA.4940@xxxxxxxxxxxxxxxxxxxxxxxI can explain why do i need it - maybe you can give me a better advice.Hi,
I am looking to find a way to get currently logged in user's object GUID without querying ActiveDirectory. For example, when i log in to my laptop from home, I'm not on the office network so i can't reach AD but I'm sure i still can get my AD's objectGUID, as the profile is cached locally.
Any ideas?
Thank you,
Andrey
No, the objectGUID is not part of the profile, so, not cached locally, don't know why you need this objectGUID anyway.
Willy.
Our application currently supports its own set of application users/logins, but it becomes a problem for our bigger clients who want all of their software to be "One click login" so that once you are logged in to Windows, you have access to all apps without need to login again using those apps' logins. Like in SQL server you can login using sql account or using windows authentication.
Not sure what do you mean by this? SQL server and Windows authentication are different beasts!
So i want to add mapping of existing application accounts to Active Directory users, for that i need some user's ID which is reliable and which doesn't change if user is say renamed (that's why i can't use principal name for that). SO my idea was to use either GUID or SID, but as i understand SID can change, but GUID will never change.GUID, and objectSID's don't change by renaming an object, anyway,authentication (in an AD realm) doesn't use objectGUID's or GUID's or SID, authentication uses kerberos tickets obtained by a login (specifying login credentials). A kerberos ticket is cached localy and is valid for a configurable period only, after which it can't be used any longer.
In case if the user is currently not on the network i still need to be able to authenticate him that's why i need something i can query locally, without access to AD.
I guess, i will go with SID then...
I'm not quite clear on what you mean in your last paragraph, if the user is not on the network, how do you access network resources? or what do you need to authenticate the user for?
Willy.
.
- Follow-Ups:
- Re: Get currently logged in user's ojectGUID
- From: MuZZy
- Re: Get currently logged in user's ojectGUID
- References:
- Get currently logged in user's ojectGUID
- From: MuZZy
- Re: Get currently logged in user's ojectGUID
- From: Willy Denoyette [MVP]
- Re: Get currently logged in user's ojectGUID
- From: MuZZy
- Get currently logged in user's ojectGUID
- Prev by Date: how do you handle multiple update request on the database?
- Next by Date: Re: collection classes
- Previous by thread: Re: Get currently logged in user's ojectGUID
- Next by thread: Re: Get currently logged in user's ojectGUID
- Index(es):
Relevant Pages
|
