How to get WindowsIdentity for a remote logged in user?

Question

I am working on client server application with following details:

Client(C++) -----------HTTPS---     Server (C#/WCF)

Server:

• With Users in windows Active Directory domain
• WCF service running in IIS providing authentication service against windows AD
• Provides REST based authentication API which uses windows API logonUser.

Client:

• Client uses REST SDK (Visual Studio 2013 based) to connect server
• Client provides authentication API for authentication using HTTPS.

Currently I am working to authenticate windows user logged-in in client at server:

• AD user logs in to client and invoke the authentication API
• The current logged in user details have to be sent to Server using HTTPS ( of course only username)
• Create WindowsIdentity structure with the information retrieved from the client.

I have tried following:

• To get the SID from the client machine and pass it to server. Recreate the WindowsIdentity from the SID of client login.
  • I could not get the WindowsIdentity from the SID passed.

Questions:

1. How to get the windows identity in server (C#) from the SID of the logged in AD User passed from the client?
2. Are there any other better ways to achieve the above setup?

Answer 1

have you tried

ServiceSecurityContext.Current.WindowsIdentity.Name

but there is no way of converting the username format without involving a query to Active Directory. Since that is the case there is no need to create WindowsPrincipal for checking the group membership since that would probably need yet another connection to AD. try to use the solution provided in this link