What is the easiest way to validate a UPN and a NT login name?
Question
We allow our users to enter Active Directory account information using either an NT account name (domain\\account) or a UPN (account@email,xxx). I would like to write some code to validate the account in active directory before allowing the user to move on. Note, we are not validating a password, just the account name.
I can use UserPrincipal.FindByIdentity , however, this expects only a user name.
Can I validate the account name in either format using .NET? Or am I relegated to parsing out out the domain from the account name to validate both parts of the user input? The later would be a bit messy, woudln't it?
2 answers
solution1
2 ACCPTED 2010-07-12 21:31:59
Attempt to create a WindowsIdentity from the UPN:
WindowsIdentity wi = new WindowsIdentity("alias@example.com");
It will succeed for an UPN valid in AD, throw an exception for invalid ones. The process validating the UPN must be connected to the AD and have proper access rights (ie. no anonimization due to delegation constraint on an impersonated context).
solution2
1 2010-07-12 21:47:29
Take a look at the System.DirectoryServices.AccountManagement namespace, especially the PrincipalSearcher . I think you can do a quick FindOne using a well formed QueryFilter using Query by Example and check for either accountname or UPN.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.