I have an application that is using a custom security framework that we built. The framework authentication mechanism is using ActiveDirectory.

Applications will be deployed as Intranet applications only. What I want is to pass the current windows account and the domain name into the security framework and bypass authentication since the user was already authenticated during login.

This create some security holes where the domain name can be spoof in one of the workstation.

Is there a way for me to check if the current machine is a member of a given domain?


Another thing is if the domain is a member of a forest, and the forest contains account names existing in different domain, how does authentication work?



"Dont you ever give up!"

__________________
\"Dont you ever give up!\"

Yep, the current user is in WindowsIdentity.GetCurrentUser(), and you can extract the domain from there.