?
Solved

Getting SID of a user without Active directory in asp.net

Posted on 2003-02-24
18
Medium Priority
?
2,855 Views
Last Modified: 2007-12-19
I have seen different examples using Active directory to get the sid from a user that browse the pages of my intranet website but they use impersonation wich i do not want for security....
I use for the moment a dll written in c++ (msseclib) that returns me the sid without any AD or impersonation so i think it should be possible to do it in vbscript or so...

If anybody could help :)

Thx
0
Comment
Question by:PatrickStorms
  • 5
  • 5
  • 4
  • +1
18 Comments
 
LVL 10

Expert Comment

by:apollois
ID: 8007322
Well, we'd really need to know something about your C++ DLL, but assuming that you have registered it on the web server you  should be able to instantiate it like any other object:

<%
DIM objSID
DIM strSID

SET objSID = Server.CreateObject("YourRegisteredClassName")
strSID = objSID.value     'or whatever the property/method is to return the SID
SET objSID = nothing

'--- ADD YOUR CODE HERE TO USE THE SID ---

%>

Just a guess.

Best Regards,
apollois
0
 
LVL 7

Expert Comment

by:lavinder
ID: 8007338
Hi
 
 I agree with apollois; to retrieve an object's SID you can use following

 sid = obj.Get("objectSID")

hp!!

0
 
LVL 7

Expert Comment

by:lavinder
ID: 8007347
one more thing, without AD you cannot fetch SID of an object, because SID is stored in AD, so i think the title of your question is probably incorrect. If i am wrong, please correct me.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:PatrickStorms
ID: 8007353
The c++ dll is working fine i get the sid from it, no problem at all... I think i did not explain correctly sorry ;p
I want to get the SID of the user browsing a page
- without using Active directory
- without using impersonation
- without using this C++ dll

Hope i am clear now, sorry for the misunderstanding
0
 

Author Comment

by:PatrickStorms
ID: 8007369
sorry lavinder  was adding the comment whil you where adding yours hehe. It is totally feasible to do it without Active directory because the I do not have active directory installed on the network and this C++ dll (wich I do not have the source code) gives me the sid of the users... it is just that i want torewrite the same function in vbscript maybe a "API" call could be a solution....
0
 
LVL 10

Expert Comment

by:apollois
ID: 8007376
ASP does not have any built-in objects/methods to return the SID.  The closest is the NT username if you are using Windows authentication:

LOGON_USER

The Windows account that the user is logged into.
strLogonUser = Request.ServerVariables("LOGON_USER")


There is also

REMOTE_USER

Unmapped user-name string sent in by the user. This is the name that is really sent by the user, as opposed to the names that are modified by any authentication filter installed on the server.
0
 
LVL 10

Expert Comment

by:apollois
ID: 8007405
I'm pretty sure that you can't get to the OS API from ASP VBScript without going through some ActiveX object.  This is by design for security and performance considerations.

Why not use your C++ DLL?

Best Regards,
apollois
0
 

Author Comment

by:PatrickStorms
ID: 8007419
Imports System.Security
Imports System.Security.Principal
<...>
Dim bUser As New WindowsUser(User.Identity.Name)
<...>

then youcan use buser.accountname ,... .domain, ... but never the sid...
0
 
LVL 10

Expert Comment

by:apollois
ID: 8007436
I'm sorry, I missed the ".NET" in your question title.  Thought you were using standard ASP.

Can't help you yet with ASP.net

Good luck with your project.

Best Regards,
apollois
0
 

Accepted Solution

by:
wvandeneede earned 1100 total points
ID: 8008084
Easy... Try this:

[DllImport( "advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
private static extern bool LookupAccountName( string sys, string acc, IntPtr psid, ref int cbsid, [Out] StringBuilder dom, ref int cbdom, out int use );

[DllImport( "advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
private static extern bool ConvertSidToStringSid( IntPtr psid, ref IntPtr pstr );

private const int ERROR_INSUFFICIENT_BUFFER = 122;

[MTAThread]
public static string GetSID(string userName)
{
int cbsid = 0;
int cbdom = 0;
int use;
               
// first call to just get buffer sizes:
bool ok = LookupAccountName( null, userName, IntPtr.Zero, ref cbsid, null, ref cbdom, out use );
if( ! ok )
{
 int err = Marshal.GetLastWin32Error();
 if( err != ERROR_INSUFFICIENT_BUFFER )
 {
  return ( "LookupAccountName: error {0}: " +  err );
 }
}

IntPtr psid = Marshal.AllocHGlobal( cbsid );
StringBuilder domain = new StringBuilder( cbdom );
ok = LookupAccountName( null, userName, psid, ref cbsid, domain, ref cbdom, out use );

IntPtr pstr = IntPtr.Zero;
ok = ConvertSidToStringSid( psid, ref pstr );
string sidstr = Marshal.PtrToStringAuto( pstr );
Marshal.FreeHGlobal( pstr );

Marshal.FreeHGlobal( psid );

return sidstr;
}
0
 

Author Comment

by:PatrickStorms
ID: 8008242
This is exactly what I needed I just have to translate it to vb :)

thx again !
0
 
LVL 7

Expert Comment

by:lavinder
ID: 8014109
Hi

 I am glad to see that your query has been answered, can you paste the vb code solution here. I would also like to see, how it was done in vb, if possible.

happy programming!!
0
 

Expert Comment

by:wvandeneede
ID: 8015031
Hi lavinder,

You want to have the vb.net translation or the vb6 way of doing this?

Kind regards,

Wez
0
 
LVL 7

Expert Comment

by:lavinder
ID: 8015297
Hi wez

 I would like to see vb6 version preferably.

thanks
0
 

Expert Comment

by:wvandeneede
ID: 8015406
hmmm, well it's been a while since i've coded in vb6 now... but anyway... this is how you would declare the api call in vb6:

Declare Function LookupAccountName Lib "advapi32.dll" Alias "LookupAccountNameA" (lpSystemName As String, ByVal lpAccountName As String, sid As Any, cbSid As Long, ByVal ReferencedDomainName As String, cbReferencedDomainName As Long, peUse As Long) As Long

In vb6 you need an api call to get the currently logged on user too. (GetUserName) this one is declared like this:

Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA" (ByVal lpBuffer As String, nSize As Long) As Long

If you want to find out more about this api and others, give <a href='www.allapi.net'>www.allapi.net</a> a try.

Here is a function i found that should do more or less the same...

'<---Start Copy--->
Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA" (ByVal lpBuffer As String, nSize As Long) As Long
Declare Function LookupAccountName Lib "advapi32.dll" Alias "LookupAccountNameA" (lpSystemName As String, ByVal lpAccountName As String, sid As Any, cbSid As Long, ByVal ReferencedDomainName As String, cbReferencedDomainName As Long, peUse As Long) As Long


Public Function GetLogonDomainuser() As String
  Dim lResult As Long            ' Result of various API calls.
  Dim I As Integer               ' Used in looping.
  Dim bUserSid(255) As Byte      ' This will contain your SID.
  Dim sUserName As String

  Dim sDomainName As String * 255   ' Domain the user belongs to.
  Dim lDomainNameLength As Long     ' Length of domain name needed.

  Dim lSIDType As Long              ' The type of SID info we are
                                    ' getting back.
 
  ' Get the SID of the user. (Refer to the MSDN for more information on SIDs
  ' and their function/purpose in the operating system.) Get the SID of this
  ' user by using the LookupAccountName API. In order to use the SID
  ' of the current user account, call the LookupAccountName API
  ' twice. The first time is to get the required sizes of the SID
  ' and the DomainName string. The second call is to actually get
  ' the desired information.
  sUserName = GetLogonUser
  lResult = LookupAccountName(vbNullString, sUserName, _
     bUserSid(0), 255, sDomainName, lDomainNameLength, _
     lSIDType)

  ' Now set the sDomainName string buffer to its proper size before
  ' calling the API again.
  sDomainName = Space(lDomainNameLength)
  ' Call the LookupAccountName again to get the actual SID for user.
  lResult = LookupAccountName(vbNullString, sUserName, _
     bUserSid(0), 255, sDomainName, lDomainNameLength, _
     lSIDType)

  ' Return value of zero means the call to LookupAccountName failed;
  ' test for this before you continue.
    If (lResult = 0) Then
       MsgBox "Error: Unable to Lookup the Current User Account: " _
          & sUserName
       Exit Function
    End If
    sDomainName = Left$(sDomainName, InStr(sDomainName, Chr$(0)) - 1)
    GetLogonDomainuser = Trim(sDomainName) & "\" & sUserName

End Function
Private Function GetLogonUser() As String
   Dim strTemp As String, strUserName As String
   'Create a buffer
   strTemp = String(100, Chr$(0))
   'strip the rest of the buffer
   strTemp = Left$(strTemp, InStr(strTemp, Chr$(0)) - 1)

   'Create a buffer
   strUserName = String(100, Chr$(0))
   'Get the username
   GetUserName strUserName, 100
   'strip the rest of the buffer
   strUserName = Left$(strUserName, InStr(strUserName, Chr$(0)) - 1)
   GetLogonUser = strUserName
End Function
'<---End Copy--->

Kind regards,

WeZ
0
 

Expert Comment

by:wvandeneede
ID: 8015411
oops ... sorry about that... but hey you get the idea ;)

WeZ
0
 

Expert Comment

by:wvandeneede
ID: 8015422
--> i'll just repost this :)

hmmm, well it's been a while since i've coded in vb6 now... but anyway... this is how you would declare the api call in vb6:

Declare Function LookupAccountName Lib "advapi32.dll" Alias "LookupAccountNameA" (lpSystemName As String, ByVal lpAccountName As String, sid As Any, cbSid As Long, ByVal ReferencedDomainName As String, cbReferencedDomainName As Long, peUse As Long) As Long

In vb6 you need an api call to get the currently logged on user too. (GetUserName) this one is declared like this:

Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA" (ByVal lpBuffer As String, nSize As Long) As Long

If you want to find out more about this api and others, give www.allapi.net a try.

Here is a function i found that should do more or less the same...

'<---Start Copy--->
Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA" (ByVal lpBuffer As String, nSize As Long) As Long
Declare Function LookupAccountName Lib "advapi32.dll" Alias "LookupAccountNameA" (lpSystemName As String, ByVal lpAccountName As String, sid As Any, cbSid As Long, ByVal ReferencedDomainName As String, cbReferencedDomainName As Long, peUse As Long) As Long


Public Function GetLogonDomainuser() As String
 Dim lResult As Long            ' Result of various API calls.
 Dim I As Integer               ' Used in looping.
 Dim bUserSid(255) As Byte      ' This will contain your SID.
 Dim sUserName As String

 Dim sDomainName As String * 255   ' Domain the user belongs to.
 Dim lDomainNameLength As Long     ' Length of domain name needed.

 Dim lSIDType As Long              ' The type of SID info we are
                                   ' getting back.
 
 ' Get the SID of the user. (Refer to the MSDN for more information on SIDs
 ' and their function/purpose in the operating system.) Get the SID of this
 ' user by using the LookupAccountName API. In order to use the SID
 ' of the current user account, call the LookupAccountName API
 ' twice. The first time is to get the required sizes of the SID
 ' and the DomainName string. The second call is to actually get
 ' the desired information.
 sUserName = GetLogonUser
 lResult = LookupAccountName(vbNullString, sUserName, _
    bUserSid(0), 255, sDomainName, lDomainNameLength, _
    lSIDType)

 ' Now set the sDomainName string buffer to its proper size before
 ' calling the API again.
 sDomainName = Space(lDomainNameLength)
 ' Call the LookupAccountName again to get the actual SID for user.
 lResult = LookupAccountName(vbNullString, sUserName, _
    bUserSid(0), 255, sDomainName, lDomainNameLength, _
    lSIDType)

 ' Return value of zero means the call to LookupAccountName failed;
 ' test for this before you continue.
   If (lResult = 0) Then
      MsgBox "Error: Unable to Lookup the Current User Account: " _
         & sUserName
      Exit Function
   End If
   sDomainName = Left$(sDomainName, InStr(sDomainName, Chr$(0)) - 1)
   GetLogonDomainuser = Trim(sDomainName) & "\" & sUserName

End Function
Private Function GetLogonUser() As String
  Dim strTemp As String, strUserName As String
  'Create a buffer
  strTemp = String(100, Chr$(0))
  'strip the rest of the buffer
  strTemp = Left$(strTemp, InStr(strTemp, Chr$(0)) - 1)

  'Create a buffer
  strUserName = String(100, Chr$(0))
  'Get the username
  GetUserName strUserName, 100
  'strip the rest of the buffer
  strUserName = Left$(strUserName, InStr(strUserName, Chr$(0)) - 1)
  GetLogonUser = strUserName
End Function
'<---End Copy--->

Kind regards,

WeZ
0
 
LVL 7

Expert Comment

by:lavinder
ID: 8015448
thank you very much
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question