I want to get the username of the logon username and domain.
My code for getting it, is in a controller:
User.Identity.GetUserId()
In my web.config is:
<system.web>
<identity impersonate="false"/>
<authentication mode="Windows" />
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime />
<pages controlRenderingCompatibilityVersion="4.0" />
</system.web>
Currently, I only get a empty string. What I have to change to get the Windows username information?
Sidenote for others:
While my research, I also got to the following:
Environment.UserDomainName + #"\" + Environment.UserName
In reference to this, it only delivers the identity in which the thread is running and not the windows information.
EDIT1: I'm currently testing my program in debugging mode.
try this
HttpContext.User.Identity.Name
also make sure you have authorization tag in your system.web in web.config as
<authorization>
<allow users="?" />
</authorization>
and in IIS make sure that you will disable annonymous authentication and enable windows for the same app as
User.Identity.GetUserId() is an extension method from Microsoft.AspNet.Identity. Identity is incompatible with Windows Auth (you have to use one or the other), so I'm not sure what you're actually doing here.
Generally speaking, in Windows Auth, the value of User.Identity.Name will be in the form of {DOMAIN}\{USER}. So if you wanted the domain and/or username, you can split that string on \ and take the part you're after.
When it comes to Identity, User.Identity.Name should be the value of ApplicationUser.UserName, but depending on the setup, it might be ApplicationUser.Email.
Related
I have a solution in MVC5. That is using windows authentication, the web config has the following settings:
<authentication mode="Windows" />
<authorization>
<allow users="?" />
</authorization>
I want to skip this windows authentication. That is setting a default username and password. For example
<username="Test" password="Password">
So that solution uses this user instead of windows user.
I want this because of some reason I have to develop the solution as a different windows user, that is not in an admin group. So some pages cannot be viewed by this user.
I have removed the authentication tag from web.config, But it's still not logging in when I enter the admin username and password.
You can just disable authentication:
<windowsAuthentication enabled="false" />
Possible to impersonate:
<system.web>
...
<authentication mode="Windows"/>
<identity impersonate="true" userName="<domain>\<UserName>" password="<password>"/>
...
</system.web>
In Asp.net Application for windows authentication
In aspx page
asp:Label runat="server" ID="windows"
aspx.cs page
windows.Text = User.Identity.Name;
webconfig:
authentication mode="Windows"
but authentication is not performed what problem ??
Add the following in your web.config under system.web to make sure that the windows authorization is triggered:
<authorization>
<allow users="?" />
</authorization>
Your web.config wants to contain like this:
<configuration>
<system.web>
<authentication mode="Windows" />
<anonymousIdentification enabled="false" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
This will force all users to use their windows/Active Directory login. A 401 Access Denied error will be given to those who don't log in.
Because Integrated Windows Authentication uses the current Windows
user information on the client computer for the authentication, it
does not immediately prompt the user for a user name and password.
However, if the authentication exchange cannot identify the user, a
dialog box appears that prompts the user for a Windows user account
user name and password
Source: How to implement Windows authentication and authorization in ASP.NET
Try adding the following block to see if it's working
<authorization>
<deny users="*" />
</authorization>
After adding this, run the application and you should get HTTP 401 - Access is denied error.
You can customize authorization from then on.
UPDATE:
Here's a different approach and how to configure it via IIS management console:
Deploy your site to IIS
Click on your site and select Authentication
Disable Anonymous Authentication and enable Windows Authentication as shown in the image below
Go back to features and select .NET Authorization Rules. Here you can add allow/deny rules on a role or user basis.
To test your current code deny anonymous users and allow all. When you connect to your application you should be able to use the Windows user you used to log in.
I've been searching for a solution for this headache for a quite long.
I have a website that I want to deploy to my web server, so I'm using IIS 7 and followed these steps to authenticate logging into it:
1- Open IIS
2- Add Website (with random port number)
3- Set the application pool for it to a specific Identity
4- Disable Anonymous authentication then enable Windows Authentication.
5- Remove "Allow All users" rule
6- Add allow rule for an admin user and give him full control access
When I try to access it it asks for a username and password which must be the same user as the one added in step 6 .
The problem is whenever I click ok the logging window keeps popping up and can't access the website as a result
I also tried to add deny rule for anonymous users
Is there anything must be added to web.config file or something ? Do I need to install something or disable something ?
Any suggestion is very appreciated
EDIT
This is my web.config file authorization section
<system.web>
<authentication mode="Windows" />
<compilation targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<pages validateRequest="false"></pages>
<identity impersonate="false" />
<authorization>
<allow users="SomeUser" />
<deny users="*"/>
</authorization>
</system.web>
After spending hours trying to solve this finally I figured out the solution
1- Open IIS
2- Add Website (with random port number)
3- Set the application pool for it to a specific Identity
4- Disable Anonymous authentication then enable Windows Authentication.
5- Remove "Allow All users" rule
6- Add allow rule for an admin user and give him full control access
Note: all previous steps were made using IIS wizard
7- After openinig web.config file I can't find any changes after adding allow rules so, I had to do it manually by adding <authorization> tag then adding these rules in the same order (this order is very important either it won't work)
<authorization>
<allow users="<the user that you want to give an access>" />
<deny users="*" /> <!--to deny all other users-->
</authorization>
From MSDN, you need to enable windows authentication both in IIS and ASP.NET application:
Start Internet Information Services (IIS).
Right-click your application's virtual directory, and then click Properties.
Click the Directory Security tab. Under Anonymous access and authentication
control, click Edit.
Make sure the Anonymous access check box is not selected and that Integrated Windows authentication is the only selected check box.
In your application's Web.config file or in the
machine-level Web.config file, ensure that the authentication mode is
set to Windows as shown here.
...
<system.web>
...
<authentication mode="Windows"/>
...
</system.web>
Enabling windows authentication on IIS so that IIS authenticates the user.
Adding a setting to your web.config so that ASP.NET knows what authentication provider to use. In this case, ASP.NET uses windows authentication provider to set the value of the current User property to a WindowsIdentity based on the credentials supplied by IIS.
Also check for authorization:
The rules are checked from top to bottom and stopped at first matching rule. Therefore, you should specify allow before deny. Example:
<authorization>
<allow users="John"/>
<deny users="*"/>
</authorization>
I have developed an application to allow windows authentication and hosted it to the live server. in my local pc i am able to get the username password. but when i am accessing from web (e.g. websso.mydomain.com) it keeps asking credentials even after i entered correct credentials.
<authentication mode="Windows">
</authentication>
<authorization>
<deny users="?" />
</authorization>
<identity impersonate="true"/>
i have added above tags in web.config, hosting server is windows server 2008 R2. I have tried to get username from
WindowsIdentity.GetCurrent().Name
Environment.Username
Request.ServerVariables["LOGON_USER"]
Request.ServerVariables["AUTH_USER"]
HttpContext.Current.Request.LogonUserIdentity.Name
Is there any changes which needs to do in IIS or any steps to follow to configure windows authentication.
Installed IIS version is 7.5
I had a similar issue recently, try ensuring that the windows user has read access to the directory on the server.
Checkk application pool owner in IIS
It should be network services
websso.mydomain.com looks like internet domain name, not intranet domain name because it has sections. According to https://support.microsoft.com/en-us/help/258063/internet-explorer-may-prompt-you-for-a-password you should use domain name without sections (e.g. http://websso/) or add your domain name to security settings of client browsers
Try updating your <authorization> to include an <allow> element as I have done here.
E.g.
<system.web>
<authentication mode="Windows" />
<authorization>
<allow users="yourdomain\someotheruser" />
<deny users="?" />
</authorization>
I'm working on a website that has been coded by someone else. The application contains three layers. A website, a web service and a library. The Web service is up for other application to call methods and everything. The website is used by workers to performs queries and everything.
The problem is : The website use the web service that use the library instead of going directly to the library. I want to remove the web service usage and use the library straight away instead. Unfortunately, the library isn't able to connect an external server when called directly from the web site.
The web service used the impersonate method in his web config like so :
<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<compilation defaultLanguage="c#" debug="true" />
<authorization>
<allow users="*" />
</authorization>
<authentication mode="Windows" />
<identity
impersonate="true"
userName="USERNAME_HERE"
password="PASSWORD_HERE" />
<sessionState
mode="InProc"
stateConnectionString="tcpip=10.96.8.37:42424"
sqlConnectionString="data source=10.96.8.37;Trusted_Connection=yes"
cookieless="false"
timeout="20" />
</system.web>
When the web service use the library, the library identity turns out to be the username specified in the web.config. But when I call it from the website directly the user turns out to be : MY_COMPUTER\ASPNET
How can I sucessfully impersonate within the library itself?
Thanks!
EDIT
Ok, I thought of adding the impersonate piece of code in the website's web.config instead. It turned out that the library used the correct user but the request takes forever and never end. Do you know what could be wrong?
At first glance, you could use these entries in the web.config of your transactional website.
<authorization>
<allow users="*" />
</authorization>
<authentication mode="Windows" />
<identity
impersonate="true"
userName="USERNAME_HERE"
password="PASSWORD_HERE" />
However you want to be really sure this is the right thing to do before you do it.
Security is a big thorny problem that can turn around and bite you in the ass pretty hard. Whichever user you use here should be single purpose. It should have exactly the permissions you need and no more.
Why can't you give the MY_COMPUTER\ASPNET user permissions on the external server?
There are ways to impersonate for a short time which will probably solve your problem more cleanly. I will let someone who actually knows that answer tell you what it is though.