Don’t listen to the internet – getting account information from active directory for the current user is simple and easy in Visual Basic .NET – particularly if you are using Framework 3.5 or higher
Note: if you are using ASP.NET, there is a different way to do it – see the update below
You don’t need to do any stinking LDAP queries, or lookups, or credential passings – it’s all made simple using System.DirectoryServices.AccountManagement. Observe.
First, go to the references tab in project properties, click add reference, and find “System.DirectoryServices.AccountManagement” – no need to add “System.DirectoryServices”.
Now, in your application, add the following lines:
Dim currentADUser As System.DirectoryServices.AccountManagement.UserPrincipal currentADUser = System.DirectoryServices.AccountManagement.UserPrincipal.Current
(It’s even simpler if you import the namespace)
Poof. That’s it! You are done.
currentADUser is a strongly typed object containing attributes for most of the active directory properties you need = such as display name, email address, primary group membership, exchange mailbox info, etc, etc.
Say you want to get the current user’s email address. You could do it like so (after the previous code):
Dim userEmail as string = currentADUser.EmailAddress
That’s it. 1 additional line.
How about a concrete example – here is the problem I wanted to solve. Send an email message from the current user for error reporting – Make sure to change the To: email address, and the smtp server name, and this should be a drop-in solution:
Private Sub report_error(ByVal errorMessage As String) Dim currentADUser As System.DirectoryServices.AccountManagement.UserPrincipal currentADUser = System.DirectoryServices.AccountManagement.UserPrincipal.Current Dim mailClient As New System.Net.Mail.SmtpClient("smtpserver.company.local") mailClient.Send(currentADUser.DisplayName & " <" & currentADUser.EmailAddress & ">", _ "email@example.com", _ "ERROR REPORT: Application error for " & currentADUser.DisplayName, _ errorMessage) End Sub
Hope this helps!
Update – ASP.NET
The “better” way to get this info in an ASP page is to take advantage of the “User” object available to the ASP.NET Page class. User.Ientity can be cast to a System.Security.Principal.WindowsIdentity, giving you access to the User attribute (yes, User.Identity.User essentially) which is the domain SID. You use this SID to lookup the user in AD.
You check the User.Identity.IsAuthenticated to make sure that IIS has taken care of verifying the identity of the user.
Imports System.Security.Principal Imports System.DirectoryServices.AccountManagement Public Class WebForm1 Inherits System.Web.UI.Page Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load If Not User.Identity.IsAuthenticated Then Throw New InvalidOperationException("Specified user is not authenticated") End If If Not User.Identity.Name.StartsWith("DOMAIN\") Then Throw New InvalidOperationException("Specified user is not member of Domain") End If Dim userSid As String = CType(User.Identity, WindowsIdentity).User.Value Dim adContext As PrincipalContext = New PrincipalContext(ContextType.Domain, "Domain.local") Dim adUser As UserPrincipal = UserPrincipal.FindByIdentity(adContext, IdentityType.Sid, userSid) emaillbl.Text = adUser.EmailAddress End Sub End Class
This example is c# (I switched…) – hopefully you can translate?
using System.Security.Principal; using System.DirectoryServices.AccountManagement; ... if (!User.Identity.IsAuthenticated) throw new InvalidOperationException("Specified user is not authenticated"); if (!User.Identity.Name.StartsWith("Domain\\")) throw new InvalidOperationException("Specified user is not member of Domain"); string userSid = ((WindowsIdentity)User.Identity).User.Value; PrincipalContext adContext = new PrincipalContext(ContextType.Domain, "Domain.local"); UserPrincipal adUser = UserPrincipal.FindByIdentity(adContext, IdentityType.Sid, userSid); ...