从Azure Active Directory获取MVC Web应用程序中的samAccountName名称

Question

I have a requirement to get the AD samAccountName in an MVC C# application that's deployed to an Azure Web App.

The app is Windows Authenticated against Azure AD which is synced with our local on premise AD servers using ADConnect.

When we run the Web App locally (Visual Studio 2017), the value that's returned from:

User.Identity.Name

is returned in the format DOMAIN\\UserName

But when looking at the WebApp in Azure, the same code returns it in the format firstname.lastname@domain.co.uk

I appreciate that we won't be able to use User.Identity.Name to achieve a consistent result, but we do need a way of getting this information when the site is running Azure.

We've looked various ways of achieving this using Claims Descriptions and Extended Properties but have had no luck so far.

I've tried to give as much information as possible, but I'm working in conjunction with our infrastructure team so may not have provided enough, please let me know if more info is required.

Answer 1

The "firstname.lastname@domain.co.uk" format would be the userPrincipalName attribute of the account. So if you see an "@" in the name, you can connect to AD and search for the account and pull the sAMAccountName . Something like this:

var searcher =
    new DirectorySearcher(
        new DirectoryEntry("LDAP://domain.co.uk"),
        $"(&(objectClass=user)(userPrincipalName={User.Identity.Name}))");
searcher.PropertiesToLoad.Add("sAMAccountName");
var result = searcher.FindOne();
var sAmAccountName = result.Properties["sAMAccountName"][0] as string;