When binding a user to a Windows Account Im using the UserPrincipal SamAccountName according to this post(binding saved in database). Then when doing a login I need to check this binded user(from database) against the loggedin Windows Account and this is done with a WindowsIdentity objeckt.
The problem is that WindowsClient.Name will state Group\SamAccountName instead of just the SamAccount? It would be good to use the group but the UserPrincipal does not seem to return this?
So how should I match thay to? Should I just remove the Group in WindowsClient.Name or is there a way to add it in the UserPrincipal?
There are a few options here:
Don't compare principals using SamAccountName only, theyre only unique within a single domain, use SID instead: UserPrincipal.Sid and WindowsIdentity.User
Don't use WindowsIdentity to get the current user, use UserPrincipal.Current instead.