I need to validate a user with Active directory and check their groups. Problem is that a user is returning multiple UserPrincipal. Admins are unable to find the issue with this user. My code is straight forward;
var usr = UserPrincipal.FindByIdentity(context, username);
Now I know I could do this;
var usr = new WindowsPrincipal(WindowsIdentity.GetCurrent());
if (usr.IsInRole("MyRole")
{
//Do stuff
}
That does work for the current user logged, however, there are times that I need to authentic a users that is not currently logged in
I have a system where I monitor recent account locks, using:
UserPrincipal.FindByLockoutTime(...)
I use this to give me a list of recently locked accounts. I could click on the username to drill down into the details using:
UserPrincipal.FindByIdentity(context, userId)
I could see I had an account named Administrator, every time I clicked on it to drill down I was getting the same error:
MultipleMatchesException
I discovered the FindByIdentity method accepts an overload for identity type which is an int:
As I knew I was querying by SamAccountName changing the method signature to:
UserPrincipal.FindByIdentity(context, 0, userId)
Solved this issue for me.