Login/Register
How to get at the current users windows identity?
Asked Answered
Solved c#asp.netauthenticationkentico
S

5

10

The site is running on my local IIS 6.1. I Would like to add some features to pull information from our Active Directory (AD). My AD code works on many other projects and on my development server. Here are my attempts at writing out the username:

Response.Write("1. " + this.Request.LogonUserIdentity.Name);
Response.Write("2. " + Request.ServerVariables["Auth_User"]);
Response.Write("3. " + WindowsIdentity.GetCurrent().Name.ToString());

The results I get are:

  1. NT AUTHORITY\IUSR
  2. administrator
  3. NT AUTHORITY\NETWORK SERVICE

How can I get at the actual windows username like ourdomain/username

Steinman answered 8/3, 2011 at 9:14 Comment(0)
L
2

This snippet shows how LogonUserIdentity is set (using reflector)

 if ((this._wr is IIS7WorkerRequest) && (((this._context.NotificationContext.CurrentNotification == RequestNotification.AuthenticateRequest) && !this._context.NotificationContext.IsPostNotification) || (this._context.NotificationContext.CurrentNotification < RequestNotification.AuthenticateRequest)))
        {
            throw new InvalidOperationException(SR.GetString("Invalid_before_authentication"));
        }
        IntPtr userToken = this._wr.GetUserToken();
        if (userToken != IntPtr.Zero)
        {
            string serverVariable = this._wr.GetServerVariable("LOGON_USER");
            string str2 = this._wr.GetServerVariable("AUTH_TYPE");
            bool isAuthenticated = !string.IsNullOrEmpty(serverVariable) || (!string.IsNullOrEmpty(str2) && !StringUtil.EqualsIgnoreCase(str2, "basic"));
            this._logonUserIdentity = CreateWindowsIdentityWithAssert(userToken, (str2 == null) ? "" : str2, WindowsAccountType.Normal, isAuthenticated);
        }

As you can see this has been changed for IIS 7. I believe you are using Windows Authentication + Impersonation so I would go with the last one (WindowsIdentity.GetCurrent()) which I am sure is the identity request being run with.

Landrum answered 8/3, 2011 at 9:25 Comment(0)
S
15

There are two different windows user here - first one is your application user and second is user (or windows account) under which your ASP.NET application (application pool from IIS perspective) is running. WindowsIdentity.GetCurrent will typically return this reference.

To getting actual windows user that using the application, you must enforce authentication. To do that, you can enable integrated authentication (windows authentication) in IIS for the said web site. Also modify your ASP.NET configuration to use windows authentication. Now you can use HttpContext.Current.User.Identity to get the actual user.

Scribner answered 8/3, 2011 at 9:26 Comment(0)
N
4

HttpContext.Current.User.Identity may be of use to you here.

Likewise System.Threading.Thread.CurrentPrincipal could help.

But the case might be that you actually have to set an identity instance as the user logs in (though not necessarily implement IPrincipal and the surrounding mechanisms, rather using the built-in WindowsIdentity implementation).

I'm not 100% percent on this, Windows Authentication might set this automatically for you to simply retrieve.

Also, check out this link from MSDN which describes basic user operations,

Nochur answered 8/3, 2011 at 9:28 Comment(0)
L
2

This snippet shows how LogonUserIdentity is set (using reflector)

 if ((this._wr is IIS7WorkerRequest) && (((this._context.NotificationContext.CurrentNotification == RequestNotification.AuthenticateRequest) && !this._context.NotificationContext.IsPostNotification) || (this._context.NotificationContext.CurrentNotification < RequestNotification.AuthenticateRequest)))
        {
            throw new InvalidOperationException(SR.GetString("Invalid_before_authentication"));
        }
        IntPtr userToken = this._wr.GetUserToken();
        if (userToken != IntPtr.Zero)
        {
            string serverVariable = this._wr.GetServerVariable("LOGON_USER");
            string str2 = this._wr.GetServerVariable("AUTH_TYPE");
            bool isAuthenticated = !string.IsNullOrEmpty(serverVariable) || (!string.IsNullOrEmpty(str2) && !StringUtil.EqualsIgnoreCase(str2, "basic"));
            this._logonUserIdentity = CreateWindowsIdentityWithAssert(userToken, (str2 == null) ? "" : str2, WindowsAccountType.Normal, isAuthenticated);
        }

As you can see this has been changed for IIS 7. I believe you are using Windows Authentication + Impersonation so I would go with the last one (WindowsIdentity.GetCurrent()) which I am sure is the identity request being run with.

Landrum answered 8/3, 2011 at 9:25 Comment(0)
R
0

Firstly, make sure that the website is within the intranet zone (eg just http://servername/ rather than http://www.servername.com/), or you need to add your FQDN to IEs Trusted Sites security settings.

Secondly, if you are not using the intranet zone, make sure IE is sending the credentials - Tools -> Internet Options -> Security -> Custom Level -> User Authentication -> Logon -> Automatic Logon with Current Username And Password

Reconcilable answered 8/3, 2011 at 9:39 Comment(0)
R
-3

Is the user logging in to the site using their AD domain/username, if so grab the username/domain at that point?

If not you won't be able to get this, if a random website could grab the domain/username of the current users login that would be a huge security issue wouldn't it?

Rummy answered 8/3, 2011 at 9:26 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.