views:

443

answers:

1

We're currently developing a Windows Smartclient that needs to authenticate users using their AD group membership.

We now have a requirement for some users to connect over VPN. Is there any way I can get the AD account identity and groups from the VPN login?

WindowsIdentity.GetCurrent() returns the local user account rather than their VPN account information.

The local account name is different that the AD account used for the VPN connection. i.e the user is on their home PC, and connecting to the office using their work AD account.

A: 

If their computer is on the domain and they log in under their AD credentials, you're good. WindowsIdentity.GetCurrent() will return correctly. If you VPN into the network but not into AD, you're out of luck. Try running your program as the AD Account. If you authenticate properly in the "Run As" dialog, WindowsIdentity.GetCurrent() should be correct.

Dave Markle
This is true, but the issue I have is that the application is deployed with ClickOnce, and you cannot use "Run As". I solved my problem by writing a custom authentication service that prompts the user for a login, then queries the AD using their username and password.It's an odd situation, because the user account exists in our AD, but their computer is not on the domain.