Vulnerability in EPiServer.Forms
Version: EPiServer CMS 6
When using windows authentication with EPiServer, to get fullname and email address from the current user, do I need to query the active directory to retrieve this info? (i.e. System.DirectoryServices) This info isn't avaiable in any other fashion?
No I don't think it is readily available anywhere else. The MembershipUser object is rather "thin" and I guess the ProfileBase subclasses are the objects meant to carry extended user info. There's no Windows/AD profile provider that I know of, but you could probably create your own which reads from directory services (or use some more direct way of getting that info).
EPiServer 5 has a AD membership provider:
That could allow you to access the information you want. Its meant for EPiServer 5 but its a standard Membership provider so should plug straight into EPiServer 6
Thanks for the info. EPiServer recommends using Windows Authentication (due to performance), so I guess using this AD Membership Provider wouldn't be ideal?
I'm now doing a sort of workaround, while using Windows Authentication, at the start of a user session I'm querying the AD for the info I need (name and email) and storing it in the sqlprofile. I'm not sure if this is any better though...