I'm attempting to setup windows authentication in an asp.net web application.
Running the following code in an aspx page does not return any info ..
User.Identity.Name.ToString()
Here's what I've done so far:
The server is win 2008 r2. In IIS I've enabled Windows Authentication.
In the Advanced settings of Windows Authentication is Extended Protection:Off and Enable Kernel-mode authentication.
In the web.config of my app, I've got the following:
<authentication mode="Windows"/>
in the system.web node.
In the pageload of the default aspx I have the following..
string userName=" ++ " + User.Identity.Name.ToString() + " ++ ";
ltrTest.Text = userName;
All it returns is " ++ ++ ".
There are a few things you need to do. In your development machine, when running your application locally, you'll need to disable anonymous authentication and enable windows authentication. To do this, you will need to click on your project properties. There, you should see Development Server (I click on my solution, then click the properties tab). You then change the Anonymous Authentication to Disabled and then Windows Authentication To Enabled.
You should then be able to use
string userName = User.Identity.Name;
ltrTest.Text = userName;
This should do it. Hope this helps.
EDIT: I have set up windows auth in a new app and published to IIS and displayed label as username.
Steps:
1)
<authentication mode="Windows">
<forms loginUrl="~/Account/Login" timeout="2880" defaultUrl="~/" />
</authentication>
<authorization>
<deny users = "?" />
</authorization>
This is how I set up the webconfig. If you have
<identity impersonate="true"/>
you will want to remove it.
2)Published to IIS
3)Opened site home in IIS and clicked on Authentication.
4)Disabled Anonymous Authentication and Enabled Windows Authentication.
Note: Windows Authentication is the only thing that is suppose to be enabled. If anything else is enabled(Impersontaion) disable it.
5)On local pc, navigated to the site, typed in credentials in log in prompt
That's it. With labels that I placed in the default.aspx page, I was able to see my username in the format of DOMAIN\User. I also displayed the authentication type and if user was authenticated.
This should work as I have just tested it out.
Related
I have an asp.net web application, on which i try to implement Windows authentication.
The application is hosted on IIS, and runs under Administrator account.
In the application, i am trying to get the name of the current windows logged-in user, ex Catalin Gavan.
Whatever i try, i always get the administrator user, the one which runs the ApplicationPool.
Here is what i tried:
Request.LogonUserIdentity); // "NT AUTHORITY\\IUSR"
WindowsIdentity.GetCurrent(); // "ADIDEVNET\\administrator"
WindowsIdentity.GetAnonymous();
WindowsIdentity.GetCurrent(true); // null
WindowsIdentity.GetCurrent(false); // "ADIDEVNET\\administrator"
How can i get the current logged-in windows user, from code behind?
Turn on Windows Authentication and that should fix it. Secondly, when you set the identity to administrator in the Advanced Settings, it will always log in as the administrator. Remove the identity from there, as well. A user will "impersonate" the admin account when that is set.
Try these web.config settings.
<system.web>
...
<authentication mode="Windows" />
<authorization>
<deny users="?" /> <!-- may want to remove this if you want to allow anonymous -->
</authorization>
<identity impersonate="false" />
</system.web>
In ASP.NET Web Forms, you should access Page.User, and in ASP.NET MVC or Web API, you should call Controller.User or ApiController.User accordingly. This user identity comes from the request and is set as the thread identity.
WindowsIdentity.GetCurrent returns the process identity, which is obviously the application pool identity you set.
I can't figure this out for the life of me. I'm trying to get the name of the current user logged onto Windows using the following line:
string user = System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString();
When I run this line after publishing and opening it through IIS, it gives me a name of "IIS APPPOOL/SiteName". However, when I run this through the Visual Studio 2013 debugger, the correct name appears.
I've fiddled around with the config, IIS settings, and the string...but I think this line is what I needed to use:
string user = System.Web.HttpContext.Current.User.Identity.Name;
Seems to be returning a domain/username which I can use instead. Looks like an alternative solution.
you have to enable windows auth/impersonation on an ASP.NET site, else it will run in the context of the whatever account configured for the app pool.
https://msdn.microsoft.com/en-us/library/ff647405.aspx
<system.web>
...
<authentication mode="Windows"/>
<identity impersonate="true"/>
...
</system.web>
Base on my test under IIS having Windows Authentication only enable and not impersonation on the web.config;
System.Web.HttpContext.Current.User.Identity.Name; return to me the current login user not the application pool user and System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString() return the application pool user.
I tried again and having he following on the config file:
<system.web>
<authentication mode="Windows" />
</system.web>
For System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString() I got:
Office\atorr
which is my login account
For System.Web.HttpContext.Current.User.Identity.Name; I got
IIS APPPOOL.NET v4.5 Classic
which is the account the application pool is running.
All mentioned in other answers are true, PLUS THIS:
In IIS Manager, click Basic Settings.
In the Edit Application window click Connect as...
Choose Application User (pass through authentication). Do not use a specific user because that will be the identity detected.
Click on the project name and press F4 and it will open project properties window:
Enable Windows authentication
Disable anonymous authentication
Add <identity impersonate="true"> in web.config
Now, deploy your code it should work fine.
Try This
(((System.Web.Security.RolePrincipal)(ClaimsPrincipal.Current)).Identity).Name
I want to get windows login username in asp.net with single sign on
I use Global.asax Session_Start
I tried WindowsIdentity.GetCurrent();
İt is working in local but it is not working in IIS. In local DomainName//UserName but in IIS IISAPPPOOL\AppName
In IIS Authenthentication => Anonymous Authenthentication is enabled, ASP.NET Impersonation is disabled, Forms Authentication is disabled also when ı change them application is not working.
My web config is like this
<authentication mode="Windows">
</authentication>
<authorization>
<deny users="?" />
</authorization>
<identity impersonate="true" />
Thread.CurrentPrincipal.Identity.Name; is null
HttpContext.Current.Request.LogonUserIdentity.Name; is IIS IISAPPPOOL\AppName
Context.User.Identity.Name; is null
System.Security.Principal.WindowsPrincipal p = System.Threading.Thread.CurrentPrincipal as System.Security.Principal.WindowsPrincipal; is null
HttpContext.Current.User.Identity.Name; is null
How can ı solve this
Just disable anonymous authentication and enable windows authentication.
Windows authentication may not be installed. If so, it will not work in any way. Go to server roles on Windows Server or windows features on Windows 7 / 8: complete manual.
I solved it :)
just Configuring IE Trusted Sites with Group Policy Preferences Registry
http://deployhappiness.com/managing-internet-explorer-trusted-sites-with-group-policy/
thanks
I setup a test website on my IIS 7.5, I created a Web Application project in VisualStudio and set up a web site in a new application pool in Classic Pipeline Mode.
I have this line in C:\Windows\System32\drivers\etc\hosts:
192.168.50.142 dev.mybigdomain.org.uk
Now if I access my website with http://localhost/testHello/Default.aspx it works fine,
but when I try http://dev.mybigdomain.org.uk/testHello/Default.aspx I get a "Windows security" window asking for authentication, but if enter "administrator" and password it does not recognise them and just asks again.
How can I disable the authentication?
Have you try to change the web.config authentication mode to Forms or None?
<system.web>
...
<authentication mode="Forms">
instead of
<system.web>
...
<authentication mode="Windows">
I'm trying to enable passthrough or impersonation authentication inside an ASP.NET website that uses the TFS2010 API.
I've got this working correctly with Cassini, however with IIS 7.5 (Windows 7) something is going wrong.
I found this blog post on the subject, and tried the following:
private static void Test()
{
TfsTeamProjectCollection baseUserTpcConnection =
new TfsTeamProjectCollection(new Uri(Settings.TfsServer));
// Fails as 'baseUserTpcConnection' isn't authenticated
IIdentityManagementService ims =
baseUserTpcConnection.GetService<IIdentityManagementService>();
// Read out the identity of the user we want to impersonate
TeamFoundationIdentity identity = ims.ReadIdentity(
IdentitySearchFactor.AccountName,
HttpContext.Current.User.Identity.Name,
MembershipQuery.None,
ReadIdentityOptions.None);
TfsTeamProjectCollection impersonatedTpcConnection = new
TfsTeamProjectCollection(new Uri(Settings.TfsServer),
identity.Descriptor);
}
When I use Cassini nothing is needed besides
collection = new TfsTeamProjectCollection(new Uri(server));
I have enabled the web.config settings (and have the Windows Auth module installed):
<authentication mode="Windows"/>
<identity impersonate="true" />
Is there something obvious that I've missed out?
Solution 1
This is the delegation method. As Paul points out it's a single setting in your active directory:
Find the IIS server in the computers node of the "Active Directory users and Computers" console.
Click on the delegation tab, and select the second option:
Create a 'Cache' directory in your IIS root folder
Add the following to your web.config:
<appSettings>
<add key="WorkItemTrackingCacheRoot" value="C:\path-to-web-root\Cache\"/>
</appSettings>
Make sure your web.config contains:
<system.web>
<identity impersonate="true" />
</system.web>
Turn on Windows authentication and impersatonation and disable everything else in IIS authentication:
Solution 2
Another solution to avoid the steps above is to simply run your application under the TFS:8080 site, as a new application. The hop issue is then removed as you are running in the same context as the web service that your app is calling.
Create a new app pool, use network identity.
Make sure your application has anonymous authentication turned off
Make sure it has windows authentication turned on.
Add <identity impersonate="true" /> to the web config.
I wonder if you're hitting the old Double-Hop issue here?