How can i differentiate the userid if same userid is available in two different OU wi

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • shrikant kesh
    New Member
    • Apr 2011
    • 4
    #1

    How can i differentiate the userid if same userid is available in two different OU wi

    Hi All,
    I am using ADFS ,Active Directory and asp.net based relying party application.
    In my active directory structure there are two OU (customer and CustomerSupport ). I am creating a user in customer OU through C# code and using UPN field as user logon name. And Creating same UserId from backend in customerSupport OU.
    Now I am using below code in my relying party application for retrieving the user from OU’s.
    Code:
    public static string GetADPath(string userType)
        {
            if (_logger.IsDebugEnabled)
                _logger.Debug("ADHelper:Enter GetADPath");
            // Local variables
            string adPath = string.Empty;
            try
            {
                if (userType.Equals(Constants.UserType.Customer))
                    adPath = Utility.GetConfigSetting(Constants.AppSettings.CustomersOUPath);
                else if (userType.Equals(Constants.UserType.CustomerSupport))
                    adPath = Utility.GetConfigSetting(Constants.AppSettings.CustomersSupportOUPath);
                if (_logger.IsDebugEnabled)
                    _logger.Debug("ADHelper:Exit GetADPath");
                return adPath;
            }
            catch (ApplicationException appex)
            {
                if (_logger.IsErrorEnabled)
                    _logger.Error("ADHelper:Exception occurred in GetADPath. Message: ", appex);
                throw appex;
            }
            catch (Exception ex)
            {
                if (_logger.IsErrorEnabled)
                    _logger.Error("ADHelper:Exception occurred in GetADPath. Message: ", ex);
                throw ex;
            }
        }
    Now my problem is if the same user-Id and password is created on both OU’s. Then CustomerSupport OU user never get login in relying party application its throw rights error.Even I have provided all admin rights in the CustomerSupport OU user’s.
    But each time my application check Customer OU’s user (normal user) and user can login other application as normal user.
    When I changed the password of CustomerSupport OU user’s then it’s throw “ invalid Id password error”.And user never login in the Relying Party application.
    Please any one can suggest how can I handle this situation.
    Thanks in Advance.
    Last edited by PsychoCoder; Mar 24 '12, 10:16 PM. Reason: Code tags added
    Tags: active directory
    • RhysW
      New Member
      • Mar 2012
      • 70
      #2
      the simplest solution would be to never let there be a creation of the same username! a solution taken by just about any login script i know of!
      Failing that i would hazard a guess that it is always selecting the first instance of the sent username and password which is where your problem is lying as this one doesn't have the correct rights, i'm not extremely familiar with the problem you are facing but i really would suggest restricting there to being one instance only of each username and password

      I mean lets look at it as if it were a human not a database if i told you to fetch me someone called jeff where the password is password and there were two instances of this with absolutely no way of differentiating which was which then you would just throw back the first one you find, from your point of view you provided me with what i wanted why should you bother looking again incase there is another instance? so you either need a way to tell them apart or you should never let there be two of them in the first place! i mean say you make a mistake and release the code allowing two usernames to be identical, with different rights and a normal user is for some reason then allowed to log in as the admin user because they share the same fields bit of a security risk there

        Comment

        Previous template Next
        Working...