views:

11

answers:

1

I am using Windows Authentication on a website where users create reports that are stored in a database. When I save a report, I want to know which user filled it out, so I have been storing the SecurityIdentifier of their WindowsIdentity in the database to identify which user filled out the report. Here is the code I use to get the SecurityIdentifier value for the current Windows user:

public static string GetCurrentUserSID() { IPrincipal princ = HttpContext.Current.User; WindowsIdentity winId = princ.Identity as WindowsIdentity; SecurityIdentifier si = winId.User; string securityIdentifierValue = winId.User.Value; return securityIdentifierValue; }

Questions

  1. Am I doing the right thing by storing the SecurityIdentifier in the database instead of username or some other value? What is the best practice to follow in this sort of situation?

  2. How can I get the user’s username from the SecurityIdentifier value I have stored?

+1  A: 

Should contain the username:

HttpContext.Current.User.Identity.Name
JungleFreak
Guess I should. It's unique, and all the methods I want to use to get identities have 'username' as the parameter, not some SecurityIdentifier. That must be the correct way to do it.
John Fischer

related questions