I am using Windows Authentication on a website where users create reports that are stored in a database. When I save a report, I want to know which user filled it out, so I have been storing the SecurityIdentifier of their WindowsIdentity in the database to identify which user filled out the report. Here is the code I use to get the SecurityIdentifier value for the current Windows user:
public static string GetCurrentUserSID() { IPrincipal princ = HttpContext.Current.User; WindowsIdentity winId = princ.Identity as WindowsIdentity; SecurityIdentifier si = winId.User; string securityIdentifierValue = winId.User.Value; return securityIdentifierValue; }
Questions
Am I doing the right thing by storing the SecurityIdentifier in the database instead of username or some other value? What is the best practice to follow in this sort of situation?
How can I get the user’s username from the SecurityIdentifier value I have stored?