?
Solved

Getting SID of a user without Active directory in asp.net

Posted on 2003-02-24
18
Medium Priority
?
2,843 Views
Last Modified: 2007-12-19
I have seen different examples using Active directory to get the sid from a user that browse the pages of my intranet website but they use impersonation wich i do not want for security....
I use for the moment a dll written in c++ (msseclib) that returns me the sid without any AD or impersonation so i think it should be possible to do it in vbscript or so...

If anybody could help :)

Thx
0
Comment
Question by:PatrickStorms
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 4
  • +1
18 Comments
 
LVL 10

Expert Comment

by:apollois
ID: 8007322
Well, we'd really need to know something about your C++ DLL, but assuming that you have registered it on the web server you  should be able to instantiate it like any other object:

<%
DIM objSID
DIM strSID

SET objSID = Server.CreateObject("YourRegisteredClassName")
strSID = objSID.value     'or whatever the property/method is to return the SID
SET objSID = nothing

'--- ADD YOUR CODE HERE TO USE THE SID ---

%>

Just a guess.

Best Regards,
apollois
0
 
LVL 7

Expert Comment

by:lavinder
ID: 8007338
Hi
 
 I agree with apollois; to retrieve an object's SID you can use following

 sid = obj.Get("objectSID")

hp!!

0
 
LVL 7

Expert Comment

by:lavinder
ID: 8007347
one more thing, without AD you cannot fetch SID of an object, because SID is stored in AD, so i think the title of your question is probably incorrect. If i am wrong, please correct me.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:PatrickStorms
ID: 8007353
The c++ dll is working fine i get the sid from it, no problem at all... I think i did not explain correctly sorry ;p
I want to get the SID of the user browsing a page
- without using Active directory
- without using impersonation
- without using this C++ dll

Hope i am clear now, sorry for the misunderstanding
0
 

Author Comment

by:PatrickStorms
ID: 8007369
sorry lavinder  was adding the comment whil you where adding yours hehe. It is totally feasible to do it without Active directory because the I do not have active directory installed on the network and this C++ dll (wich I do not have the source code) gives me the sid of the users... it is just that i want torewrite the same function in vbscript maybe a "API" call could be a solution....
0
 
LVL 10

Expert Comment

by:apollois
ID: 8007376
ASP does not have any built-in objects/methods to return the SID.  The closest is the NT username if you are using Windows authentication:

LOGON_USER

The Windows account that the user is logged into.
strLogonUser = Request.ServerVariables("LOGON_USER")


There is also

REMOTE_USER

Unmapped user-name string sent in by the user. This is the name that is really sent by the user, as opposed to the names that are modified by any authentication filter installed on the server.
0
 
LVL 10

Expert Comment

by:apollois
ID: 8007405
I'm pretty sure that you can't get to the OS API from ASP VBScript without going through some ActiveX object.  This is by design for security and performance considerations.

Why not use your C++ DLL?

Best Regards,
apollois
0
 

Author Comment

by:PatrickStorms
ID: 8007419
Imports System.Security
Imports System.Security.Principal
<...>
Dim bUser As New WindowsUser(User.Identity.Name)
<...>

then youcan use buser.accountname ,... .domain, ... but never the sid...
0
 
LVL 10

Expert Comment

by:apollois
ID: 8007436
I'm sorry, I missed the ".NET" in your question title.  Thought you were using standard ASP.

Can't help you yet with ASP.net

Good luck with your project.

Best Regards,
apollois
0
 

Accepted Solution

by:
wvandeneede earned 1100 total points
ID: 8008084
Easy... Try this:

[DllImport( "advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
private static extern bool LookupAccountName( string sys, string acc, IntPtr psid, ref int cbsid, [Out] StringBuilder dom, ref int cbdom, out int use );

[DllImport( "advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
private static extern bool ConvertSidToStringSid( IntPtr psid, ref IntPtr pstr );

private const int ERROR_INSUFFICIENT_BUFFER = 122;

[MTAThread]
public static string GetSID(string userName)
{
int cbsid = 0;
int cbdom = 0;
int use;
               
// first call to just get buffer sizes:
bool ok = LookupAccountName( null, userName, IntPtr.Zero, ref cbsid, null, ref cbdom, out use );
if( ! ok )
{
 int err = Marshal.GetLastWin32Error();
 if( err != ERROR_INSUFFICIENT_BUFFER )
 {
  return ( "LookupAccountName: error {0}: " +  err );
 }
}

IntPtr psid = Marshal.AllocHGlobal( cbsid );
StringBuilder domain = new StringBuilder( cbdom );
ok = LookupAccountName( null, userName, psid, ref cbsid, domain, ref cbdom, out use );

IntPtr pstr = IntPtr.Zero;
ok = ConvertSidToStringSid( psid, ref pstr );
string sidstr = Marshal.PtrToStringAuto( pstr );
Marshal.FreeHGlobal( pstr );

Marshal.FreeHGlobal( psid );

return sidstr;
}
0
 

Author Comment

by:PatrickStorms
ID: 8008242
This is exactly what I needed I just have to translate it to vb :)

thx again !
0
 
LVL 7

Expert Comment

by:lavinder
ID: 8014109
Hi

 I am glad to see that your query has been answered, can you paste the vb code solution here. I would also like to see, how it was done in vb, if possible.

happy programming!!
0
 

Expert Comment

by:wvandeneede
ID: 8015031
Hi lavinder,

You want to have the vb.net translation or the vb6 way of doing this?

Kind regards,

Wez
0
 
LVL 7

Expert Comment

by:lavinder
ID: 8015297
Hi wez

 I would like to see vb6 version preferably.

thanks
0
 

Expert Comment

by:wvandeneede
ID: 8015406
hmmm, well it's been a while since i've coded in vb6 now... but anyway... this is how you would declare the api call in vb6:

Declare Function LookupAccountName Lib "advapi32.dll" Alias "LookupAccountNameA" (lpSystemName As String, ByVal lpAccountName As String, sid As Any, cbSid As Long, ByVal ReferencedDomainName As String, cbReferencedDomainName As Long, peUse As Long) As Long

In vb6 you need an api call to get the currently logged on user too. (GetUserName) this one is declared like this:

Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA" (ByVal lpBuffer As String, nSize As Long) As Long

If you want to find out more about this api and others, give <a href='www.allapi.net'>www.allapi.net</a> a try.

Here is a function i found that should do more or less the same...

'<---Start Copy--->
Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA" (ByVal lpBuffer As String, nSize As Long) As Long
Declare Function LookupAccountName Lib "advapi32.dll" Alias "LookupAccountNameA" (lpSystemName As String, ByVal lpAccountName As String, sid As Any, cbSid As Long, ByVal ReferencedDomainName As String, cbReferencedDomainName As Long, peUse As Long) As Long


Public Function GetLogonDomainuser() As String
  Dim lResult As Long            ' Result of various API calls.
  Dim I As Integer               ' Used in looping.
  Dim bUserSid(255) As Byte      ' This will contain your SID.
  Dim sUserName As String

  Dim sDomainName As String * 255   ' Domain the user belongs to.
  Dim lDomainNameLength As Long     ' Length of domain name needed.

  Dim lSIDType As Long              ' The type of SID info we are
                                    ' getting back.
 
  ' Get the SID of the user. (Refer to the MSDN for more information on SIDs
  ' and their function/purpose in the operating system.) Get the SID of this
  ' user by using the LookupAccountName API. In order to use the SID
  ' of the current user account, call the LookupAccountName API
  ' twice. The first time is to get the required sizes of the SID
  ' and the DomainName string. The second call is to actually get
  ' the desired information.
  sUserName = GetLogonUser
  lResult = LookupAccountName(vbNullString, sUserName, _
     bUserSid(0), 255, sDomainName, lDomainNameLength, _
     lSIDType)

  ' Now set the sDomainName string buffer to its proper size before
  ' calling the API again.
  sDomainName = Space(lDomainNameLength)
  ' Call the LookupAccountName again to get the actual SID for user.
  lResult = LookupAccountName(vbNullString, sUserName, _
     bUserSid(0), 255, sDomainName, lDomainNameLength, _
     lSIDType)

  ' Return value of zero means the call to LookupAccountName failed;
  ' test for this before you continue.
    If (lResult = 0) Then
       MsgBox "Error: Unable to Lookup the Current User Account: " _
          & sUserName
       Exit Function
    End If
    sDomainName = Left$(sDomainName, InStr(sDomainName, Chr$(0)) - 1)
    GetLogonDomainuser = Trim(sDomainName) & "\" & sUserName

End Function
Private Function GetLogonUser() As String
   Dim strTemp As String, strUserName As String
   'Create a buffer
   strTemp = String(100, Chr$(0))
   'strip the rest of the buffer
   strTemp = Left$(strTemp, InStr(strTemp, Chr$(0)) - 1)

   'Create a buffer
   strUserName = String(100, Chr$(0))
   'Get the username
   GetUserName strUserName, 100
   'strip the rest of the buffer
   strUserName = Left$(strUserName, InStr(strUserName, Chr$(0)) - 1)
   GetLogonUser = strUserName
End Function
'<---End Copy--->

Kind regards,

WeZ
0
 

Expert Comment

by:wvandeneede
ID: 8015411
oops ... sorry about that... but hey you get the idea ;)

WeZ
0
 

Expert Comment

by:wvandeneede
ID: 8015422
--> i'll just repost this :)

hmmm, well it's been a while since i've coded in vb6 now... but anyway... this is how you would declare the api call in vb6:

Declare Function LookupAccountName Lib "advapi32.dll" Alias "LookupAccountNameA" (lpSystemName As String, ByVal lpAccountName As String, sid As Any, cbSid As Long, ByVal ReferencedDomainName As String, cbReferencedDomainName As Long, peUse As Long) As Long

In vb6 you need an api call to get the currently logged on user too. (GetUserName) this one is declared like this:

Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA" (ByVal lpBuffer As String, nSize As Long) As Long

If you want to find out more about this api and others, give www.allapi.net a try.

Here is a function i found that should do more or less the same...

'<---Start Copy--->
Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA" (ByVal lpBuffer As String, nSize As Long) As Long
Declare Function LookupAccountName Lib "advapi32.dll" Alias "LookupAccountNameA" (lpSystemName As String, ByVal lpAccountName As String, sid As Any, cbSid As Long, ByVal ReferencedDomainName As String, cbReferencedDomainName As Long, peUse As Long) As Long


Public Function GetLogonDomainuser() As String
 Dim lResult As Long            ' Result of various API calls.
 Dim I As Integer               ' Used in looping.
 Dim bUserSid(255) As Byte      ' This will contain your SID.
 Dim sUserName As String

 Dim sDomainName As String * 255   ' Domain the user belongs to.
 Dim lDomainNameLength As Long     ' Length of domain name needed.

 Dim lSIDType As Long              ' The type of SID info we are
                                   ' getting back.
 
 ' Get the SID of the user. (Refer to the MSDN for more information on SIDs
 ' and their function/purpose in the operating system.) Get the SID of this
 ' user by using the LookupAccountName API. In order to use the SID
 ' of the current user account, call the LookupAccountName API
 ' twice. The first time is to get the required sizes of the SID
 ' and the DomainName string. The second call is to actually get
 ' the desired information.
 sUserName = GetLogonUser
 lResult = LookupAccountName(vbNullString, sUserName, _
    bUserSid(0), 255, sDomainName, lDomainNameLength, _
    lSIDType)

 ' Now set the sDomainName string buffer to its proper size before
 ' calling the API again.
 sDomainName = Space(lDomainNameLength)
 ' Call the LookupAccountName again to get the actual SID for user.
 lResult = LookupAccountName(vbNullString, sUserName, _
    bUserSid(0), 255, sDomainName, lDomainNameLength, _
    lSIDType)

 ' Return value of zero means the call to LookupAccountName failed;
 ' test for this before you continue.
   If (lResult = 0) Then
      MsgBox "Error: Unable to Lookup the Current User Account: " _
         & sUserName
      Exit Function
   End If
   sDomainName = Left$(sDomainName, InStr(sDomainName, Chr$(0)) - 1)
   GetLogonDomainuser = Trim(sDomainName) & "\" & sUserName

End Function
Private Function GetLogonUser() As String
  Dim strTemp As String, strUserName As String
  'Create a buffer
  strTemp = String(100, Chr$(0))
  'strip the rest of the buffer
  strTemp = Left$(strTemp, InStr(strTemp, Chr$(0)) - 1)

  'Create a buffer
  strUserName = String(100, Chr$(0))
  'Get the username
  GetUserName strUserName, 100
  'strip the rest of the buffer
  strUserName = Left$(strUserName, InStr(strUserName, Chr$(0)) - 1)
  GetLogonUser = strUserName
End Function
'<---End Copy--->

Kind regards,

WeZ
0
 
LVL 7

Expert Comment

by:lavinder
ID: 8015448
thank you very much
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question