I'm trying to impersonate a remote active directory account in my asp.net c# website which is hosted on a none domain computer (or other domain). I've gotten this to work:
IntPtr token = IntPtr.Zero;
LogonUser( "username", "ad.some.other.domain.com", "password", LOGON_TYPE_NEW_CREDENTIALS, LOGON32_PROVIDER_WINNT50, ref token))
{
WindowsImpersonationContext wic;
wic = WindowsIdentity.Impersonate(token);
//run code under the impersonated user.
//System.Environment.UserName returns windows user (not impersonated one)
//WindowsIdentity.GetCurrent() returns windows user (not impersonated one)
}
My code runs, but I'm not able to get the 'username' of the impersonated user. I understand this is because i'm using LOGON_TYPE_NEW_CREDENTIALS as my logon type, which technically doesn't impersonate, but runs network connections under the impersonated account using the token. This works fine, but ideally my site would run under the impersonated user, so I can get the username, and possibly other features. Basically I want to interact with the site as the impersonated user, not just run network connections as the impersonated user. I've tried LOGON32_LOGON_INTERACTIVE as the logon type, but this doesn't allow me to authenticate domain accounts on my site which is running on a none domain computer.
Is there something I can do so that I can fully impersonate (get the username, etc.) and authenticate using active directory from a none domain computer?
I am not sure what kind of website you are using, if ASP.Net or MVC you need to do
<identity impersonate="true" />
http://msdn.microsoft.com/en-CA/library/aa292118%28v=vs.71%29.aspx
Related
I have inherited an old asp.net web app. Part of the login process is intended to collect the windows username (not the process username). This used to work (years ago) but a new compile of the system returns the App Pool name / username instead of the windows username.
The username is collected before authentication by the website, originally using HttpContext.Current.User.Identity.Name
I have tried all the other options that have been suggested with no change in the results.
string loginName;
loginName = Environment.UserName;
loginName = HttpContext.Current.User.Identity.Name;
loginName = System.Windows.Forms.SystemInformation.UserName;
loginName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
loginName = System.DirectoryServices.AccountManagement.UserPrincipal.Current.SamAccountName;
loginName = System.DirectoryServices.AccountManagement.UserPrincipal.Current.UserPrincipalName;
I tried these one at a time (not all together) and in the target environment only ever got the App Pool name or App Pool username.
I have tried every combination of Authentication in IIS, the only one that makes a difference is ASP.NET impersonation which changes from App Pool name to impersonation user name.
On my local PC, launched out of Visual Studio, they all work to return the windows logged in username.
I'm quite new to asp.net web apps, and I don't know what else to try.
You have stumbled on the answer. If you want the server to automatically know the windows user, that windows user's credentials need to be passed to the application. If you use the Kerberos or NTML authentication options (Windows Authentication) that set of credentials is passed automatically. Otherwise you need to prompt the user to enter credentials. You don't have to use impersonation, but you can programmatically impersonate the logged in user if your app pool user has sufficient access to the dc catalog. More on that here: https://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff647405(v=pandp.10)#impersonating-the-original-caller-programmatically
I am working on an ASP.NET Core 2.0 web app. It has it's login and own User interface.
I am trying to retrieve Windows logged users' credentials - like user name, email and password. On login in app, the logged in user's credentials are set as the User. So I need to retrieve windows logged in user's info before login process. I tried the following :
// If domain is example.com, DomainName gives EXAMPLECOM. Plus can't access Password
string evnName = Environment.UserDomainName + Environment.UserName;
In HomeController (after login) and Startup, I tried
// User is null
string userName = this.User.FindFirst(ClaimTypes.Name)?.Value;
I tried the above in a Service where login process is processed. Can't get from their too.
The main reason to retrieve this is to identify if the user has privileges for SMTP access or not, if so set SMTP.
Can anyone please help me know, how can I retrieve Windows Logged User's credentials somehow before Login process.
Thanks a lot.
You can get the current Windows user credentials by using the System.Net.CredentialCache.DefaultCredentials static property.
You won't be able to get the password as that would be a major security hole. You should be able to get everything else you want out of that, however.
We have an existing webform that allows that uses form authentication that requires the user to key in id and pw to login to the system. Client requested that the program just take the username from the windows logged on username, and by this I mean the username used to login to the computer, not to the webpage.
Methods I have used to try to get the username:
System.Environment.UserName;
HttpContext.Current.User.Identity.Name;
Context.User.Identity.Name;
System.Security.Principal.WindowsIdentity.GetCurrent().Name;
Page.User.Identity.Name;
Windows Authentication(WA), Forms Authentication(FA), Basic Authentication(BA), Anonymous Authentication(AA), ASP.NET Impersonation (AI) have been enabled disabled in multiple different pairs. The suggestion I found the most were to enable (WA), disable (AA), enable (AI), but to no avail. The only thing that seems to affect the codes above is AI from my testing.
Enabling (AI) gives me:
NT AUTHORITY\IUSR
Disabling (AI) gives me:
IIS APPPOOL\ASP.NET V4.0 Integrated
Whereas what I am trying to get is MyDomain\MyUserName
I tried accessing the page from another computer that is not hosting it but still in the same domain and it gave me the same output. That lead me to suspect that the codes were giving me only the user that is running the process in the server, instead of the client side's Windows user.
My question is, does anyone have any idea how to get the username of the person logged in to the domain?
*Additional info: I'm using super user account in the domain, and providing the admin account and password to run visual studio as admin, if that somehow affects anything.
You have to enable Windows authentication in IIS, and disable other authentication methods.
And make sure to set the authentication mode as "Windows" in web.config.
<authentication mode="Windows"/>
Hope it helps!
I thought its simple to get the logged in username, in fact, it works fine with most of the responses available on stack overflow but when I publish the website all method fails.
Can anybody please guide me to get the name of the logged in user from Windows with following condition.
I just need logged in user name so forget about AD when you write the response.
I cannot change to Windows authentication mode because user may be a guest user who is not part of company but still have access to my intranet website
it’s not possible to change the user browser setting as there are more than 6000 users
I cannot disable the anonymous authentication as I want everyone to be able to use the website
I have already tried following solution and all works fine when I run the website on debug mode but all fails to return the username when I publish the website on IIS so please help me with some new as solution
string _windowLogonUserName = System.Environment.UserName.ToString()
string _windowLogonUserName =
WindowsIdentity.GetCurrent().Name.Remove(0, _adDomainName.Length + 1)
string _windowLogonUserName =
System.Web.HttpContext.Current.User.Identity.Name.ToString();
System.Security.Principal.WindowsIdentity.GetCurrent().Name;
AppDomain appDomain = Thread.GetDomain();
appDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
WindowsPrincipal windowsPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal;
Logger.Write("username principal" + windowsPrincipal.Identity.Name);
Request.ServerVariables["LOGON_USER"]
It sounds like you're publishing the site outside of the AD domain. if the server is not on the domain, it won't be able to authenticate (or even accept) Windows users. The basic answer is that you can't get it.
If the server is internal (on the domain) then you can enabled integrated windows auth in IIS. Here's a reference.
If WebApp is configured as Windows Authentication, how to get the user credential in code?
How to create NetworkCredential using this exsiting user credential?
System.Net.CredentialCache.DefaultCredentials;
The DefaultCredentials property
applies only to NTLM, negotiate, and
Kerberos-based authentication.
DefaultCredentials represents the
system credentials for the current
security context in which the
application is running. For a
client-side application, these are
usually the Windows credentials (user
name, password, and domain) of the
user running the application. For
ASP.NET applications, the default
credentials are the user credentials
of the logged-in user, or the user
being impersonated.
Example:
System.Net.WebProxy proxyObject = new System.Net.WebProxy();
proxyObject.Credentials = System.Net.CredentialCache.DefaultCredentials;