A couple of comments:

- Are you certain the SID values you're getting are correct? They may have the same context issues we discussed earlier, and it would be very hard to tell that you're getting the wrong ones

- I don't see why you're going down this rabbit hole. If you get Windows Auth working that will give you a valid AD user name. If you store SIDs (assuming the ones you're getting are valid) you would still have to dereference them against AD to get human-meaningful values. And doing that would always return Jane, even if was previously John who accessed your app

>Yes, just ran a test and the SID is a very long string. I need to create a field corresponding to this entry in my SQL DB. But I don't know how long is the max length of the string. At least, I know not to rely on the username but instead use the SID.
>
>>Things like AD user names and display names are fluid and can be changed. One example is staff turnover - John Smith leaves and Jane Doe replaces him. Jane assumes John's account so she has all his access privileges, see all Exchange mail, calendars etc. This provides continuity. Some attributes such as logon name (and password), email address(es) and display name will be updated to reflect Jane. Yes, during changes some things are required to be unique org-wide such as AD logon names, SMTP email addresses etc.
>>
>>There must be some sort of unique identifier for every AD account (probably a GUID or similar) but I've never needed to access or use them. For logging or forensic purposes my guess is one would typically want to know if it was actually John or Jane who accessed the web app; for both of them the underlying account ID would be the same.
>>
>>>I understand (correct me if I am wrong) that the username with which someone logs into the PC (and when the organization uses AD) is unique. So, for example, when someone logs with username 'smithben12' and then enters his/her password, the username ('smithben12') is unique. But usually the username is entered in the Windows without masking the entry.
>>>
>>>My question is, do organization often or sometimes change the usernames of the staff (in AD)? If so, that is, if username is changed sometimes, what would be the unique ID in the AD that is not changed?
>>>
>>>TIA