I've worked at this quite a bit, but cannot seem to find a good solution.
I have a ASP.NET app (.Net 3.5) with IIS which pulls the user machine name and username from the account. This works on my local machine, but when uploading using IIS it gives null or IIS APPPOOL/appname. On IIS I have "Integrated Windows Authentication" and "Anonymous" set and in my Web.config file
<authentication mode="Windows"/>
<identity impersonate="true"/>
And I am trying to access the user information a number of different ways, some are:
HttpContext.Current.User.Identity.Name
System.Threading.Thread.CurrentPrincipal.Identity.Name
System.Security.Principal.WindowsIdentity.GetCurrent().Name
Environment.UserName
Each of these work on my local machine, but when uploaded to the IIS server, everything gives invalid information. The app is internal, but I still need it to grab the Username without giving a login screen. Ideas?
Update: I've changed IIS to Anonymous Authentication Disabled and Windows Auth Enabled. And my web.config file I've tried the following
<authentication mode="Windows"/>
<!-- <identity impersonate="true"/> -->
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
Sorry about the update, but are there any ideas?
For anyone following this and needing an answer, the problem lies in IIS. In the Authentication area in IIS only have ASP.NET Impersonation and Windows Authentication enabled, the others should be disabled. And in Windows Authentication, go to Advanced Settings and UNCHECK the Enable Kernel-mode authentication. The Authorization Rules area should allow for all users (note this is done in IIS, not in the config file) And the following code in config is necessary.
<system.web><authentication mode="Windows"/><identity impersonate="true"/></system.web>
Hope this helps someone, here's a couple links that helped me. Good luck!
http://msdn.microsoft.com/en-us/library/aa302377.aspx
http://www.eggheadcafe.com/tutorials/aspnet/1f12cd61-6bb3-4ffd-bac1-124d40837006/aspnet-request-identity--an-analysis.aspx
Related
I want to get windows login username in asp.net with single sign on
I use Global.asax Session_Start
I tried WindowsIdentity.GetCurrent();
İt is working in local but it is not working in IIS. In local DomainName//UserName but in IIS IISAPPPOOL\AppName
In IIS Authenthentication => Anonymous Authenthentication is enabled, ASP.NET Impersonation is disabled, Forms Authentication is disabled also when ı change them application is not working.
My web config is like this
<authentication mode="Windows">
</authentication>
<authorization>
<deny users="?" />
</authorization>
<identity impersonate="true" />
Thread.CurrentPrincipal.Identity.Name; is null
HttpContext.Current.Request.LogonUserIdentity.Name; is IIS IISAPPPOOL\AppName
Context.User.Identity.Name; is null
System.Security.Principal.WindowsPrincipal p = System.Threading.Thread.CurrentPrincipal as System.Security.Principal.WindowsPrincipal; is null
HttpContext.Current.User.Identity.Name; is null
How can ı solve this
Just disable anonymous authentication and enable windows authentication.
Windows authentication may not be installed. If so, it will not work in any way. Go to server roles on Windows Server or windows features on Windows 7 / 8: complete manual.
I solved it :)
just Configuring IE Trusted Sites with Group Policy Preferences Registry
http://deployhappiness.com/managing-internet-explorer-trusted-sites-with-group-policy/
thanks
I would like to get some help in my strange issues,
I have an ASP.Net 2.0 application with VB.NET Code behind,
I set up my application to enable only Win authentication
So in IIS all disabled except Windows auth,
In My Web.Config i have the following under system.web:
The Web.Config contains the following :
authentication mode="Windows"
authorization>
deny users="?"/>
/authorization>
identity impersonate="false"/>
Now some users when they enter to my ASP application they get prompted for user name and password , then they logged in successfully,
some users the application fails on Page.User.Identity.Name
and return Object Reference Error,
Im using VS2010 and ASP.NET 2.0 frameword 2.0 and IIS 7 under Win 2k8 R2 latest SP's installed.
All users are Domain users.
Thank you,
Can you access the username by HttpContext.Current.User.Identity.Name? You can also check if authentication was successful, and what method of auth was used.
Windows authentication uses kerberos by default in iis I believe, which may not work for a lot of reasons (I think there are problems in Firefox for example ), when this fails, it is falling back to ntlm. Try removing the negotiate authentication provider and use just ntlm. If this works, you will have the fun of diagnosing kerberos problems :-)
Trogvara,
Thank you for your posting ,
I'm new to the site and tried to formatted but it did what we see now,
the Web config setting is :
<authentication mode="Windows"/>
<authorization>
<deny users="?"/>
<authorization/>
<identity impersonate="false"/>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
</system.webServer>
Hope that clears the setting in Web.config
Thank you,
I'm developing a public web site in vs2010,
can I keep the authentication as windows authentication and just enable anon access
or should I leave it with the default forms authentication.
The site will NOT require any type of logging in mechanism...so really I dont see a point in forms authentication, but most users will not have windows authentication either.
So I am confused, in my asp.net web.config file what authentication do I use for a public website?
I also asked this question which is kind of related: developing site in vs2010 but changed to local IIS and prompts
But I am not having any luck with this :(. The site when using local IIS keeps prompting for a user name and password (See the stackoverflow question I posted above), ive checked the app pools, the security, and the permissions and it still prompts me for a user name and password. It prompts me about 10 times and if I keep cancelling out of it the page comes up but the images are not displayed nor is the CSS rendered. So it looks like it prompts for each image on the site, but all folders inherit from the parent and I've added Network, Network service, ASPNET user, the default app pool user...I dont know what else to do.
So two issues:
1) What do I specify in my web config for a public site
2) How do I get rid of this prompting!
Thanks
You don't need to specify specify any authentication. Just deploy it as is, with the Web.Config out of the box.
<authentication mode="None" />
Go here for more reading.
Because it is prompting you with a login dialog, try using an authorization element in your web.config file with any authentication you like. Use "*" to allow access to all users by default. Refer to this article for more detail.
<authorization>
<allow users="*" />
</authorization>
Your web.config file has two sections that control requests for login. These are
<authentication> ... </authentication>
and
<authorisation> --- </authorization>
Authorization controls who can access what, and Authentication determines how the credentials of a particular user are established to see if they have the correct authorization to access your site.
An example of their usage might be
<authorization>
<allow users="*" />
</authorization>
<authentication mode="Forms">
<forms loginUrl="login.aspx" timeout="40320" cookieless="UseCookies" slidingExpiration="true" />
</authentication>
which allows access to all users to the root of my applications and their credentials are determined using forms authentication.
Other parts of your site are allowed to have alternate authorization requirements through the use of a location tag in your web.config
However, neither section is required if no part of your site requires this functionality. However, you should be aware that there other places that this might be determined. There is a file called machine.config that determines the settings for the machine. Your web.config has priority over the machine.config, but if the authorization and authentication settings are made in the machine.config and not in you web.config then the machine.config wins.
Hope that helps. If you can post your web.config that might help us to point you in the right direction.
I'm currently working on a page within one of my company's internet sites that is in response to some production issues we have. The page will be published with the rest of the web site to our DMZ, however I'd like to set-up some quick authentication so only users on our domain (assuming they access the site internally) can access the page. I'd like to use Windows authentication to do so.
Is there a quick way to accomplish this?
If I understand the question correctly, you want to enable security just on one page in your application - not the entire app.
Under IIS, you can manage the security settings on a page by page basis. In the IIS manager, pick the page, and change the security settings so that anonymous is off, and only Windows auth is accepted. You should get prompted for a login when you visit that page.
From Scott Gu's blog
To enable Windows Authentication
within an ASP.NET Application, you
should make sure that you have
“Integrated Windows Authentication”
(formerly called NTLM authentication)
enabled within IIS for the application
you are building. You should then
add a web.config file to the root
directory of your ASP.NET application
that contains an
section which sets the mode to
“Windows”.
You should also then add an
section to the same
web.config file that denies access to
“anonymous” users visiting the site.
This will force ASP.NET to always
authenticate the incoming browser user
using Windows Authentication – and
ensure that from within code on the
server you can always access the
username and Windows group membership
of the incoming user.
The below web.config file demonstrates
how to configure both steps described
above:
<configuration>
<system.web>
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
EDIT:
You can apply the auth settings to just a path in this way:
<location path="mypath.axd">
<system.web>
<authorization>
<allow roles="MyRole, AnotherRole" />
<deny users="*" />
<deny users="?" />
</authorization>
</system.web>
</location>
You can simply use Windows Authentication settings in IIS. Just turn off Anonymous Access in IIS and set your NTFS permissions on the Web folder to the users whom you want to have access to the site. Your IIS admin should be able to handle this quite easily.
I'm working on a program that has to archive (zip and delete files and folders) on a server. The servers that hosts the application (ASP.NET MVC) and the server that holds the files are two different servers. When I run the application without impersonation and the default web configuration everything works fine. The credential of the program is: NT AUTHORITY\NETWORK SERVICE. When I use impersonation by adding the following line in the web.config <authentication mode="Windows"/> the program runs fine with anonymous login. When I prevent anonymous login by adding the following code to the web.config, the authentication screen keeps popping up for every folder or file I want to access.
What's the problem?
<authentication mode="Windows"/>
<identity impersonate="true"/>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
To get this to work, you need to disable anonymous authentication and enable Windows Authentication in IIS, otherwise it doesn't have an identity to impersonate being passed.
Here's how to do that :)