f



Is it possible to use the Windows 2003 user names instead of pre-Windows 2000 user names in Windows Authentication?

Hello,
I am trying to get username information by using
User.Identity.Name.ToString, if i logged in with username to given
network place, it is ok! It returns SERVERNAME/username.
Otherwise if I logged in with "name.surname@SERVERNAME.com" it again
returns SERVERNAME/username although i want it to return
"name.surname".
I changed the IIS server settings, checked digest authentication and
tried the other things, too. But makes no difference.
It is said to originated from Kerberos Authentication...
If anyone can help me I will be appreciated.
Thanks for now,
MK

0
mkastro (2)
9/5/2006 1:27:58 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

4 Replies
1184 Views

Similar Articles

[PageSpeed] 11

IIS must be making the translation internally from the UPN to the 
sAMAccountName. It's not hard to get the UPN given the WindowsIdentity 
object that you have at hand, and relying on the UPN for the user's true 
name is bad programming practice IMHO.

My recommendation is to search AD for that user's object in the directory 
and retrieve the first and last name properties or whatever else you need in 
your code.

-- 
Thanks,
Brian Desmond
Windows Server MVP - Directory Services

www.briandesmond.com


"MaURiCe" <mkastro@gmail.com> wrote in message 
news:1157462878.505088.151490@m73g2000cwd.googlegroups.com...
> Hello,
> I am trying to get username information by using
> User.Identity.Name.ToString, if i logged in with username to given
> network place, it is ok! It returns SERVERNAME/username.
> Otherwise if I logged in with "name.surname@SERVERNAME.com" it again
> returns SERVERNAME/username although i want it to return
> "name.surname".
> I changed the IIS server settings, checked digest authentication and
> tried the other things, too. But makes no difference.
> It is said to originated from Kerberos Authentication...
> If anyone can help me I will be appreciated.
> Thanks for now,
> MK
> 


0
brian4942 (2)
9/5/2006 8:22:03 PM
Thank you for your answer but is there any other option that we can
solve it by changing the settings of IIS...
Moris

Brian Desmond [MVP] wrote:
> IIS must be making the translation internally from the UPN to the
> sAMAccountName. It's not hard to get the UPN given the WindowsIdentity
> object that you have at hand, and relying on the UPN for the user's true
> name is bad programming practice IMHO.
>
> My recommendation is to search AD for that user's object in the directory
> and retrieve the first and last name properties or whatever else you need in
> your code.
>
> --
> Thanks,
> Brian Desmond
> Windows Server MVP - Directory Services
>
> www.briandesmond.com
>
>
> "MaURiCe" <mkastro@gmail.com> wrote in message
> news:1157462878.505088.151490@m73g2000cwd.googlegroups.com...
> > Hello,
> > I am trying to get username information by using
> > User.Identity.Name.ToString, if i logged in with username to given
> > network place, it is ok! It returns SERVERNAME/username.
> > Otherwise if I logged in with "name.surname@SERVERNAME.com" it again
> > returns SERVERNAME/username although i want it to return
> > "name.surname".
> > I changed the IIS server settings, checked digest authentication and
> > tried the other things, too. But makes no difference.
> > It is said to originated from Kerberos Authentication...
> > If anyone can help me I will be appreciated.
> > Thanks for now,
> > MK
> >

0
mkastro (2)
9/6/2006 11:38:18 AM
When you stated
> It is said to originated from Kerberos Authentication...
you are indicating strong evidence from the security event
logs showing that the login was negotiated to and did then
successfully use Kerberos, not NTLM ??


"MaURiCe" <mkastro@gmail.com> wrote in message 
news:1157462878.505088.151490@m73g2000cwd.googlegroups.com...
> Hello,
> I am trying to get username information by using
> User.Identity.Name.ToString, if i logged in with username to given
> network place, it is ok! It returns SERVERNAME/username.
> Otherwise if I logged in with "name.surname@SERVERNAME.com" it again
> returns SERVERNAME/username although i want it to return
> "name.surname".
> I changed the IIS server settings, checked digest authentication and
> tried the other things, too. But makes no difference.
> It is said to originated from Kerberos Authentication...
> If anyone can help me I will be appreciated.
> Thanks for now,
> MK
> 


0
mvpNOSpam (26)
9/6/2006 2:22:17 PM

MaURiCe wrote:

> Hello,
> I am trying to get username information by using
> User.Identity.Name.ToString, if i logged in with username to given
> network place, it is ok! It returns SERVERNAME/username.
> Otherwise if I logged in with "name.surname@SERVERNAME.com" it again
> returns SERVERNAME/username although i want it to return
> "name.surname".

Sound like you are trying to retrieve the Kerberos principal name,
but the function you are using is returning the account name.
In Windows an account can have multiple principal names.

You might be able to get the client principal name from the Kerberos
ticket. To see if is even possible, install the Microsoft klist or
kerbtray programs which can look at the tickets and see if the principal
name is preserved.

> I changed the IIS server settings, checked digest authentication and
> tried the other things, too. But makes no difference.
> It is said to originated from Kerberos Authentication...
> If anyone can help me I will be appreciated.
> Thanks for now,
> MK
> 
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
deengert (574)
9/6/2006 8:32:40 PM
Reply:

Similar Artilces:

window class name and window name
Hi, Is there any free utility available on net which can show the the window name and window class name if the mouse cursor is put on a perticular window. Thanks, Vijay. ...

Windows is named Windows : But Why?
http://thehmccompany.com/2015/06/19/windows-is-named-windows-but-why/ Quoting from the URL above: The following was taken from a Microsoft corporate blog designed to document the history of Microsoft. When I joined Microsoft as Vice President of Corporate Communications, I came from the cosmetics / skin care industry where perception (branding) was far more important than reality. The branding strategy for Microsoft Corporation & the specific names for the products (which was part of the company branding strategy) came from the original branding strategy ...

Connect using different Windows user name...?!?!
I've scoured Google searching for an answer that seems like it should be easy but apparently isn't...when I open SSMS to connect to a SQL 2005 database and choose Windows authentication, it greys out the User Name box...problem is, the server I need to connect to is in another domain...how on earth are you supposed to specify a different Windows user name to connect with other than the one currently logged into the machine? -Ben -- Posted via a free Usenet account from http://www.teranews.com On Jul 6, 3:12 am, "Ben Hanson" <transparency...@hotmail.com> wro...

authenticate users using windows authentication
I'm a javascript newbie and trying to modify a javascript code so that it will authenticate the user and popup a warning if necessary and restrict access. We have a purely Microsoft Implementation, the website is using an IIS server, the clients are IE, we have a Windows Domain and we want to restrict the website to members of the MyGroup group. I know the web.config has an authentication section in it, but we don't want to perform any authentication in there because of a third party software bug, so I am investigating whether I can perform authentication elsewhere, hopefully ...

Get users network login name when different from the windows local login name
Hi everyone, I want to get the users login name, and currently use a number of functions, one of which is based on this one: http://www.mvps.org/access/api/api0008.htm However, it doesn't work properly on a network. If the user logs into the network as joe, and then in the local windows PC as Administrator, then that function will bring back Administrator. I have functionality in some applications that is only available to the network admin, but if a user can use a local user account on their own machine called admin, then that function will think they are the network administrator. I ...

Using dynamic variable as window name and detecting if window exists
I am trying to create popup windows with dynamic variable names and then see if they exist or not. For example, if I call the function like so openWin("2600","2000") I would like the function to create a window called "win26002000". I have tried the following code (and many other variations) but I cannot get it to work function openWin(senderID, recipientID) { //Create the window if it does not exist or it has been closed if (typeof "win" + senderID + recipientID=="undefined" || "win" + senderID + recipientID.closed) ...

How to get Windows user name?
Hi, all I am trying to detect the user who's currently login the Windows system. Is there way to do it in Ruby? Thanks -- Posted via http://www.ruby-forum.com/. Mike Johnson wrote: > Hi, all > > I am trying to detect the user who's currently login the Windows system. > Is there way to do it in Ruby? > > Thanks require 'win32ole' network=WIN32OLE.new("Wscript.Network") puts network.username #or puts ENV['username'] #for win95/98 use puts ENV['userid'] #or (stolen from www.,rubytips.org) require 'Win32API' name = "...

AS/400 and Windows User Names
Is there a way to cross reference our Windows and AS/400 user names? For example our company uses first initial and last name for e-mail and access to our Windows servers. But some names are longer than the 10 chars allowed by the AS/400. This is causing some problems on Win98 computers not allowing them access to the netserver. Thanks for any tips. Short answer: nope. Not so short: have you tried mapping drives/printers and specifying a different name? At least you'd only have to do it once. Or allowing Win98 to cache the user ID & password? Long answer: you may be able t...

Getting windows user name
(This was also posted to comp.database.ms-access before I realized this was the hep group.) Lets say that my WinXP computer has two users: Michael and Kathryn. One or the other logs into the computer and opens up an Access database (I happen to be using 2002). There is no security on the database -- just click on the shortcut and you're in. I want to be able to determine who opened that database by knowing who logged into the computer. Is there a way to get the windows user name? I have another question, and this one may be a bit off-topic, but I'll run it up the flagpole. I want ...

windows registered user name
can I make Delphi bring up the windows registered user name and put it as text in a edit box. I know it must be in the registry some where but I think it may be encrypted. This value stored really in registry and is not encrypted. HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info -- With best regards, Mike Shkolnik E-mail: mshkolnik@scalabium.com WEB: http://www.scalabium.com "nick" <madmurg@btinternet.com> wrote in message news:426a2698$0$299$cc9e4d1f@news.dial.pipex.com... > can I make Delphi bring up the windows registered user name and p...

Windows class names from window handles
As part of a hooking application -- I am watching the system for certain windows to open. I know the class name of the window I am waiting for and need to trigger each time one of these come up. My hook watches for WH_CBT's HCBT_CREATEWND and HCBT_DESTROYWND. All of these events are posted to my own app for processing. So back, in my other app - I get all these events, and I need to figure out how to get the class name. Mode code does this -- it fails often at GetClassInfo. wParam conains the HWND, lParam contains the instance handle. afx_msg LRESULT CSkypeButtonClient...

Can any Windows user be useful for a moment. Windows XP internet connection issue
Has anyone seen this: A friend of mine has an old Windows XP machine that has started to exhibit the odd behaviour where any data connection to something on the internet dies after about 300K of data. Local area transfers work fine, but if the source for the data is on the internet, it's no go. Any thoughts? Alan Baker wrote: > Has anyone seen this: > > A friend of mine has an old Windows XP machine that has started to > exhibit the odd behaviour where any data connection to something on the > internet dies after about 300K of data. Local area transfe...

User Data at Risk on a Windows 8 =?windows-1252?Q?=96_Linux_?= =?windows-1252?Q?Dual-Boot_System?=
January 11th, 2013, 15:46 GMT � By Bogdan Popa Fast Startup is one of the new features integrated into Microsoft�s Windows 8 operating system that basically allows Windows to boost faster on a dual-boot configuration. [quote] The problem is that the tool puts locally stored data at risk when the user loads the second operating system, in most cases a Linux distribution. The explanation is as simple as it could be. In dual-boot configurations, the Fast Startup option doesn�t shut down Windows 8 completely, but only forces it to enter a hibernation mode that allows it to reboot a bit quicker when the users sign out from the other operating system. Since this is nothing more than a hibernation state, Windows 8 will continue to store Windows session information, including file system data belonging to FAT and NTFS partitions. Even though these system files are actually �locked� in a memory image automatically restored when the user boots back in Windows 8 with Fast Startup, specific files could be easily removed. And here�s why. The developers behind the ntfs-3g FUSE filesystem driver have discovered that Linux distributions may attempt to write data on Windows partitions as well, sometimes overwriting the system file stored in the memory image we were talking about. When booting back into Windows 8, Fast Startup loads the operating system, but without the missing data. In order to overcome this problem, the software creators have introduced...

can either windows 2000 Pro or Windows Xp Pro handle different language user interfaces?
Hello, I want to install windows 2000 Pro or Windows XP Pro, but I need English and/or Italian, Spanish , Japanese user interfaces. Is this possible with either of these operating systems when bootins ? Can I choose in what language to boot ? Or Can I have a different language for each user created ? Please explain me what I need. Thanks, Mario I think there is a software tool from Microsoft, which can translate the dialogs. The system self will be english, but you can set all dialogs to another language. I know that this tool is available, but I'm not sure if it'...

different user names on windows and linux
I have different user names on my windows and linux installations. Let's say my login on windows is Windy and on Debian it's Linda. When I try to launch some applications in Wine, the settings stored in my Win profile are - obviously - not transfered. Now, I want to be able to run uTorrent (and a few other apps) on both windows and debian box with the same configuration. I tried to do search & replace on wine configuration (changing Linda to Windy) but it is reset when Wine is started. Is that possible to do? Information: Wine 1.0, Debian testing, symlink in Wine t...

[ciao-users] =?windows-1252?q?Can=92t_get_the_consumer_from_a_str?= =?windows-1252?q?ingfied_component_object_reference_-_Aditional_in?= =?windows-1252?q?formation?=
--0016e644d6ae098b060462bfd08c Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sorry, I forgot to say that this code doesn't work if the publisher and consumer are on diferent nodes. It works when they are on the same node. The connection goes fine too when consumer and publisher are connected by DAnCE. CIAO VERSION: 0.6.7 TAO VERSION : 1.6.7 ACE VERSION : 5.6.7 HOST MACHINE and OPERATING SYSTEM: If on Windows based OS's, which version of WINSOCK do you use?: Pentium IV, Debian linux kernel 2.6 TARGET MACHINE and OPERATING SYSTEM, if different from HOST: COMPILER NAME AND VERSION (AND PATCHLEVEL): THE $ACE_ROOT/ace/config.h FILE [if you use a link to a platform- specific file, simply state which one]:#include "ace/config- linux.h" THE $ACE_ROOT/include/makeinclude/platform_macros.GNU FILE [if you use a link to a platform-specific file, simply state which one (unless this isn't used in this case, e.g., with Microsoft Visual C++)]: no_hidden_visibility=1 include $(ACE_ROOT)/include/makeinclude/platform_linux.GNU CONTENTS OF $ACE_ROOT/bin/MakeProjectCreator/config/ default.features (used by MPC when you generate your own makefiles): There is no such file. AREA/CLASS/EXAMPLE AFFECTED: [What example failed? What module failed to compile?] ...

Windows NT vs Windows 2000 vs Windows XP
Hi, I am pretty ignorant when it comes to computers. I posted in another thread that I just purchased a used computer for close to nothing. I have an old windows NT workstation which I plan on installing. My question is : A friend of mine can sell me a Windows 2000 or Windows XP license for cheap. Is there any reason I need to spend $40 to buy any one of these two operating systems for an old Pentium II computer, instead of a free windows NT workstation system that I already have ? For general home use : access internet, typing documents, etc, is there any difference in us...

Problem with window.opener AND window.name IN firefox
Hello eveybody Here's my problem: I have 2 files: File A.html: ----------------> <script> window.name='test'; alert("cette fenetre s'apelle:"+window.name); </script> File B.html: ----------------> <script> alert("normalement yahoo devrait s'ouvrir dans la page ou a �t� load� A.html") window.open('http://www.yahoo.com','test') </script> I open A.html in a window (or tab), and after, i open B.html in another new window (or tab). Yahoo should be open in the same window that A.html but firefox open me a...

Crapware Windows user about to throw laptop out of the window (!)
"My computer wont boot windows, it get stuck in the loop of failing at starting windows and restarting. Ive tried start up repair and it cant fix it, Ive tried two different system restore points, ran the windows memory diagnostic tool and I do not have a system image to recover it or an installation disc." http://answers.microsoft.com/en-us/windows/forum/windows_7-system/help-im-at-my-wits-end-and-about-to-throw-my/884d5c70-168c-4b3f-8cbc-271626883370 In article <aalpkcF4urU1@mid.individual.net>, Gordonbp <gordonbparker@yahoo.com> wrote: > I do not h...

Windows is not a security nightmare says WIndows user
Windows is not a security nightmare David Mackie June 2, 2004 The security of Microsoft Windows has been receiving a lot of media coverage lately. It seems everyone is saying that Windows is poorly written and riddled with bugs. The majority are anti-Microsoft and state that running Linux is the only way to be safe and secure. [...] While I use and sell Microsoft products, I am not interested in participating in the operating system holy war that goes on between the Microsoft and Linux advocates. I just want something that works .. Windows XP Professional is just such a product. Microsoft ...

Using Eudora 6.0.1.1 in Windows 2000/XP with Application Data Redirected to Windows 2003 Server
Does anybody have any experience with using Eudora 6.0 on Windows 2000/XP machines? Per the installation guide we are using Eudora with user data stored in the Application Data folder for the user. Problems have arisen as we've migrated to Windows 2003 Server and Active Directory. Users now have roaming profiles (stored on the server) and redirected folders (My Documents and Application Data) also stored on the server. Some users also are using laptops with 'Offline Files' turned on. The problems we are seeing are... - OWNER.LOK files are not getting deleted when Eudora quits (or they are getting syncronized from the Client Side Cache to the server on log out) causing multiple instance of Eudora messages. Proceeding with "Accept the consequences" is resulting in TOC and/or MBX corruption. - We seem to be getting corruption of IN.TOC on the file server. Does Eudora support writing this file over a network connection or only to the local machines file system? Thanks for any insight. Trevor Cooper UCSD ...

button name and window name
hi this was a small gotcha ... i added a button called JobPaths and had a small window to get them also called JobPaths. crash occurs in the init failing on loading the resource. fixed very easily by a name change of the button. richard Hi Richard, When I create first the small window "JobPaths" and then place the Button on the MainWindow named JobPaths ist works. Clicking the button opens the small window. First the button, than the window fails sometimes with the same error message as Alessandro reported: "VO 2.8SP1 IDE error". But I believe it i...

How to submit the AT command by a user with user right in Windows 2000 server
Hi! I read many news that know AT command can be submitted by user with administrator right. However, I want to have a user can submit AT command without administrator right. How can I do? Ming ...

[ciao-users] =?windows-1252?q?Problem_trying_to_include_=22Deploy?= =?windows-1252?q?ment=5FExecutionManagerC=2Eh=22_and_DeploymentC?= =?windows-1252?q?=2Eh=94_in_an_component_executor_header_file?=
------=_Part_26714_2167317.1204837519610 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline CIAO VERSION: 0.5.9 TAO VERSION : 1.5.9 ACE VERSION : 5.5.9 HOST MACHINE and OPERATING SYSTEM: If on Windows based OS's, which version of WINSOCK do you use?: Pentium IV, Debian linux kernel 2.6 TARGET MACHINE and OPERATING SYSTEM, if different from HOST: COMPILER NAME AND VERSION (AND PATCHLEVEL): THE $ACE_ROOT/ace/config.h FILE [if you use a link to a platform- specific file, simply state which one]:#include "ace/config- linux.h" THE $ACE_ROOT/include/makeinclude/platform_macros.GNU FILE [if you use a link to a platform-specific file, simply state which one (unless this isn't used in this case, e.g., with Microsoft Visual C++)]: no_hidden_visibility=1 include $(ACE_ROOT)/include/makeinclude/platform_linux.GNU CONTENTS OF $ACE_ROOT/bin/MakeProjectCreator/config/ default.features (used by MPC when you generate your own makefiles): There is no such file. AREA/CLASS/EXAMPLE AFFECTED: [What example failed? What module failed to compile?] DOES THE PROBLEM AFFECT: COMPILATION? Yes. If so, what do your $ACE_ROOT/ace/config.h and $ACE_ROOT/include/makeinclude/platform_macros.GNU contain? LINKING? On Unix systems, did you run make realcl...

Web resources about - Is it possible to use the Windows 2003 user names instead of pre-Windows 2000 user names in Windows Authentication? - comp.protocols.kerberos

Authentication - Wikipedia, the free encyclopedia
Authentication (from Greek : αὐθεντικός authentikos , "real, genuine," from αὐθέντης authentes , "author") is the act of confirming the truth ...

New Tools to Optimize App Authentication
At f8, we announced a redesigned Auth Dialog and a new authentication flow to give developers more control over people’s first experience with ...

Facebook Tells Some Developers They Have 48 Hours to Fix Authentication Data Leaks
... sent an email to what it calls a “very small percentage of the developer community” informing them their apps are suspected of leaking authentication ...

Lockdown - A better two-factor authentication experience on the App Store on iTunes
Get Lockdown - A better two-factor authentication experience on the App Store. See screenshots and ratings, and read customer reviews.


Sony Authentication Power Outlet Recognizes Users and Devices #DigInfo - YouTube
Sony Authentication Power Outlet Recognizes Users and Devices DigInfo TV - http://diginfo.tv 9/3/2012 NFC & Smart WORLD 2012 Sony Authentication ...

SafeNet brings Cloud-based authentication service to A/NZ
SafeNet has released its new Cloud-based authentication service, billed as Authentication-as-a-Service, in A/NZ.

Online account security: lazy authentication is still the norm
Even in the high-tech world of 2016, crims will be able to side-step your account security by making a phone call and saying they're you.

Digital authentication to become Google's next big focus
Streamlining the website login process a top priority, according to the company’s Australian business and consumer services manager Dan Metcalf. ...

ATO boosts service access via app and voice authentication
The ATO has announced it will extend its voice authentication system to its mobile app

Resources last updated: 3/10/2016 2:16:39 PM