My web-app is hosted on mydomain, with the following URI associated with the domain: blah.net.
I can login to using either of the following usernames:
What are the names of each of these types of login (and are there any differences), within the context of Windows Authentication?
In mydomain\ben "ben" is the SAM (Security Account Manager, the old Windows NT account system) account name. I don't know if there is a name for the entire "mydomain\ben" construct.
[email protected] is called UPN or User Principal Name, where "blah.net" is the UPN suffix.
In Active directory there is also something called Distinguished Name or DN which for ben would probably be "CN=ben,OU=Users,DC=blah,DC=net". This is the closest to "fully qualified" name I think you get. It describes both the name of the object (the CN part) and the container (OU part) where it resides within the active directory as well as the DNS domain name (DC part) of the Active Directory.
Of those three, the DN is the only one that can be used to bind to the LDAP user object without having any other information. Using the UPN you have to know a domain controller to query. (It is possible to get to the object from the Domain\SamAccountName as well, but it requires first finding the domain controller for Domain and then doing a search for the object with the given SamAccountName).
The formats known to GetUserNameEx are listed in the EXTENDED_NAME_FORMAT enumeration.
I think there is a length restriction on SAM compatible names that can sometimes be overcome with UPN format.