Getting the NT-ID of a user in SharePoint - sharepoint

What is the simplest way to get the NT-ID of a user in a C# application? I would probably need to get it only having a name of the user, or maybe an email address.

Most of the time, you can get it from the current web, for example:
string login = SPContext.Current.Web.CurrentUser.LoginName
string mail = SPContext.Current.Web.CurrentUser.Email

From within SharePoint, you can get a user's Active Directory information (including display name and email) using SPUtility.ResolveWindowsPrincipal:
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.utilities.sputility.resolvewindowsprincipal.aspx
For example:
SPPrincipalInfo pi = SPUtility.ResolveWindowsPrincipal(SPContext.Current.Site.WebApplication, "MYDOMAIN\\myusername", SPPrincipalType.All, false);
Outside of SharePoint, you want to look at the System.DirectoryServices namespace.

Related

IBM Domino 10 - Java XPage create session or compare credentials of another user

I'm writing Java code in an XPage Rest Service basing on https://setza-projects.atlassian.net/wiki/spaces/RSD/pages/44007659/IBM+Domino which is an REST service written in Java used to handle Resource Reservations database. However the way it currently works, it creates the reservations for the current session user only:
private JsonObject createIntanceAppointment(ResourceDefinition rd, Database reDatabase, Date dtStart, Date dtEnd, String subject) throws NotesException {
Session session = reDatabase.getParent();
Name nnOrganizier = session.createName(session.getEffectiveUserName());
Name nnREsource = session.createName(rd.getFullName());
DateTime dt_startDateUTC = session.createDateTime(dtStart);
DateTime dt_endDateUTC = session.createDateTime(dtEnd);
Document doc = reDatabase.createDocument();
doc.replaceItemValue("form", "Reservation");
doc.replaceItemValue("Purpose", subject);
doc.replaceItemValue("ReservedFor", nnOrganizier.getCanonical());
doc.replaceItemValue("ResourceName", nnREsource.getAbbreviated());
doc.replaceItemValue("ResNameFormat", nnREsource.getAbbreviated());
I'm doing a very similar integration with Domino, although I'd prefer to have the reservations created for individual users (they provide their username & password on the room-booking application on a touch screen).
I could just authenticate as the user in my REST client, but if I understand the installation requirements for that RoomZ api correctly, the 'api managing user' needs to be exclusively signed to the database, so I would need to do that for every user in Domino that could make reservations.
I tried using NotesFactory.createSession("", "user", "password"); but that doesn't work, it gives Cannot create a session from an agent error
If I cannot create another session, is there any way I could verify that the username and password passed to the API in the payload is correct (to verify if the user can login)? Then I could just set the organizer/reserved for to this user.
Also, is there any way to make these reservation also appear in the organizer's Notes calendar? Currently they are succesfully created in the Reservations database and all, but the organizer is unaware of them despite he's assigned to the reservation.
You do not need to create a session for every user. The important thing is the nnOrganizer = session.createName(" ") which should contain the user. Probably you'll also need to set additional fields like chair or from for the reservation.
If you want to have some entries in the organizers calendar, send them a proper invitation or create a calendar entry in their mailfile.

How to programmatically create a bookmark for another connections user?

We want to create bookmarks programmatically and this works fine if the email parameter matches the account of the currently authenticated user.
The question is, how can we create a bookmark for another user ?
Below is the pseudo we use from the SBT.
String apiPath = "/dogear/api/app";
Response<String> postResponse = restClient.doPost(apiPath).parameter("email","another users email").body(body, "application/atom+xml").asString();
The log files are not very helpful, in the client we get an ERROR 400 Bad Request

How To Get List Of Active Directory Domain Groups When Not Connected To Domain

At my company we have a custom HMI. This HMI can login using the domain of the computer if the user would like to. Here's the scenario we're currently trying to solve
With user logged into Windows as a domain user, they login to the HMI using the same windows credentials - everything goes smoothly.
Network connection goes down and the user restarts the computer.
The user can login to Windows as before using the same domain logon (with the Windows cached user allowing this)
The user tries to login to our HMI and they can't because I haven't figured out how to access these cached active directory users.
Here's the code I'm using right now to detect if the user is member of one of the groups allowed to login to the HMI. These groups are stored in our SQL database, and are stored as Strings like SERVER\BUILDER for example
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)
WinPrincipal = New WindowsPrincipal(tempWindowsIdentity)
End If
If WinPrincipal.IsInRole(user.Group) Then
'Success - obviously there's more code after this
End If
The problem is that when the user is not connected to the domain I get an exception on the IsInRole method. I took a look at the overloading in the method and tried using the SID equivalent of the user.Group instead of the literal String. This seems to work, but now another problem comes up. When the user is not on the network I can't translate the Group Name (string from SQL) into these SIDs.
My current workaround is that when the user is connected to the domain, I save the SIDs and the groups into a lookup table (encrypted), then when the network is not connected, I take the group name from the database and literally lookup the SID string in the table.
The code I'm using to convert the group name to SID is the following
'' Get all groups available to the user
For i As Integer = 0 To WindowsIdentity.GetCurrent.Groups.Count - 1
Dim ir As IdentityReference = WindowsIdentity.GetCurrent.Groups(i)
sid(i) = New SecurityIdentifier(ir.Value)
sidName(i) = CType(ir.Translate(GetType(NTAccount)), NTAccount).Value
' Write to file as csv
writer.WriteLine(sidName(i) + "," + sid(i).ToString)
Next
Then I lookup the group name like so
If File.Exists(FILEPATH) = True Then
Dim reader As New StreamReader(FILEPATH)
While Not reader.EndOfStream
Dim sTemp() As String = reader.ReadLine.Split(",")
If groupName.Equals(sTemp(0)) Then
Return New SecurityIdentifier(sTemp(1))
End If
End While
End If
The reason I can't translate the group name to a SID when not on the network is because the IdentityReference.Translate throws an exception because it can't see the domain.
So, finally after all this explanation, here's what I'm looking for. I'm thinking that there must be access somewhere for me to get the SID from a group name, because windows MUST be storing it somewhere, otherwise I wouldn't be able to login to windows when not connected to the network.
I've done a lot of searching and I haven't been able to figure out where these cached credentials are stored. Any help would be appreciated and if I haven't been clear enough let me know and I'll try to explain as best I can.
I know it is old, but it was actual for me.
As a familiar post I will link this: Determine User Active Directory Groups from Local Machine off Network
The proposed solution was to store the SID in a local space which seems to be the best idea.

Change a document's permissions via Google Apps Script

I'm looking for sample script that resets the default permissions on an external spreadsheet based on the email address and DocumentID passed to the script. I intent to create a script that can parse information from an email message to acquire the DocumentID and email, execute the permission change from default to anyone with a link, then email the passed address with that link.
It appears that perms are controlled by the DocList API and I'm not finding samples of GAS interacting with that API.
At Google I/O 2013, DriveApp was launched. This allows developers to build use cases like Sharing to Anyone with link
https://developers.google.com/apps-script/reference/drive/
Sample code -
var quizTemplate = DriveApp.getFileById(QUIZ_TEMPLATE_ID);
quizTemplate.setSharing(DriveApp.Access.DOMAIN_WITH_LINK, DriveApp.Permission.VIEW);
or
var openFile = DriveApp.getFileById(WIDE_OPEN_ID)
openFile.setSharing(DriveApp.Access.ANYONE_WITH_LINK, DriveApp.Permission.COMMENT);
AFAIK DocsList Services does not have a function to change the sharing mode, between private/anyone with a link/public, only to add/remove editors and viewers. But we can still achieve this by previously setting manually the share settings of a specific folder to "anyone with a link". Then, we have just to add the file to that folder to have it shared.
A script to do that is particularly simple. e.g.
function shareWithAnyoneAndEmail(documentID,email) {
var sharedFolder = DocsList.getFolderById('id-to-your-previously-shared-folder');
var file = DocsList.getFileById(documentID);
file.addToFolder(sharedFolder);
MailApp.sendEmail(email, 'Here is your file', file.getName()+'\n'+file.getUrl());
}

SharePoint session persist across several users?

I have a custom web part that starts by getting a current user login name like this:
protected static string iAm = System.Web.HttpContext.Current.Request.ServerVariables["AUTH_USER"].Split("\\".ToCharArray())[1].ToLower().
Then it passes this string to a bbl class and fetches a user id:
`IDataReader _drInfo = cisf_BLL.bll_MyInfo.drGetMyInfo(iAm);
while (_drInfo.Read())
{
iUser_Ident = _drInfo.GetInt32(30);
}
`After that it passes the user id integer to another method that fetches user's training record:
_drUserTraining = bll_Training.drGet_required_training_records(iUser_Ident);
_drUserTrainingCompleted = bll_Training.drGet_completed_training_records(iUser_Ident);
This information is then displayed in a tab container with three tab such as "Overdue", "Required", and "Completed".
The problem I'm having is this: I'm logged into SharePoint collaboration site with my domain user name and all my training is displayed just fine. If my someone else then logs in to the SP Portal that user sees my training and not his, even though this user has logged in with his unique credential using a common access card, just as I.
Somehow some strange session seems to persist and I was hoping someone out here has encountered this anomaly.
Thanks in advance!
Risho
You are misusing static - a static property is stored once per web server process, not once per user.
Not an answer, but code improvement: there is much simplyer way to get current user name/id
SPUser user = Microsoft.SharePoint.[SPContext][1].Current.Web.CurrentUser;
user.ID;
user.Email;
user.Name
user.LoginName;
user.Grups;
....
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spuser_members.aspx

Resources