Windows Authentication, storing user identity

[Matt]

I am using Windows Authentication for a web application. I want to
store the identity of users who add, update and delete records in the
database. What is a good built-in active directory identifier to
use? Username, SID? I'd rather not use the username, because this
could change.

Thanks ~ Matt

 

[Alexey Smirnov]

I am using Windows Authentication for a web application. I want to
store the identity of users who add, update and delete records in the
database. What is a good built-in active directory identifier to
use? Username, SID? I'd rather not use the username, because this
could change.

I would recommend to use the username, because it's a unique id in
AD.

If you cannot use it, consider a Globally Unique Identifier (GUID).

 

[Matt]

I would recommend to use the username, because it's a unique id in

AD.

Username could change, right?

If you cannot use it, consider a Globally Unique Identifier (GUID).

Are you talking about the objectGUID property from AD or creating a
mapping table?

 

[Alexey Smirnov]

Username could change, right?

In my experience this happen very seldom.
You might also use a user's full name (Display Name)

Are you talking about the objectGUID property from AD

Yes. GUID is never changed. SID can change and it is used only by
security principals.

 

[Matt]

In my experience this happen very seldom.
You might also use a user's full name (Display Name)


Yes. GUID is never changed. SID can change and it is used only by
security principals.

How do you get all your info from AD?

I found a nice class library for this:
http://www.codeproject.com/cs/internet/StorerActiveDirectory.asp