3

I have a ASP.NET website that requires my App Pool be the Classic .Net App Pool. The site is running on .NET 3.5 on IIS 7. When I try to get the Active Directory User name of the logged in user:

System.Security.Principal.WindowsIdentity.GetCurrent().Name

I get the following:

IIS APPPOOL\\Classic .NET AppPool

However when I set the app pool to .net 4.0 it returns the logged in username (which is what I want). Am I missing a setting?

PhillyNJ
  • 3,859
  • 4
  • 38
  • 64
  • Where in your code are you using ActiveDirectory I don't see anywhere here that indicates that you are using AD.. are you familiar with AD..? what you are returning is correct if you are using a webpage then Page.User.Identity.Name.Split("\") should return you the Domain in array pos 0 and the User in Array pos 1 so I am a bit confused on what you are trying to do – MethodMan Sep 28 '12 at 18:47
  • This is an internal site. When the user requests the page, I am checking their Identity with System.Security.Principal.WindowsIdentity... When I debug (not attached to IIS), I get the Domain/username as expected, but when I bind VS 2010 to IIS for debugging, it returns "IIS APPPOOL\\Classic .NET AppPool " – PhillyNJ Sep 28 '12 at 18:58
  • Have you tried to set explicitly `` in your web.config file?? – Jupaol Sep 28 '12 at 19:01
  • Yes - but that impersonates the identity set in IIS for the web site. That doe not return the identity of the logged in user. – PhillyNJ Sep 28 '12 at 19:03

2 Answers2

3

First of all put this lines inside web.config configuration section:

<authentication mode="Windows"/>
<authorization>
  <deny users="?"/>
</authorization>
<identity impersonate="true"/>

Second go to IIS manager open your web app properties and check following settings for Authentication:

Anonymous Authentication = Disabled, ASP.NET Impersonation = Enabled (this is not realy required), Windows Authentication = Enabled

This settings will give you Active Directory User and also impersonate it.

Gregor Primar
  • 6,759
  • 2
  • 33
  • 46
0

If the same code is being used and it works in one application pool and not the other, I would check the application pool's settings. Look for the Identity attribute. I imagine, under the .NET 4.0 pool, you'll have ApplicationPoolIdentity and under the 3.5, you have a hard coded account.

Edit

So it sounds like you aren't really getting the users credentials. Of course you get the Domain account when you run locally....the process is running under you credentials. But when you run on another machine, it is running under the credentials of the account that processes the request...until you tell it to impersonate the user. And even then, you may have to set up Windows Authentication for the site to grab the credentials or use forms authentication with an AD hook to get everything under the current user account.

Josh
  • 10,352
  • 12
  • 58
  • 109
  • Under 3.5 I can set the identity to LocalService, LocalSystem, NetworkServer and ApplicationPoolIdentity. Each one returns an identry associate with that setting (e.g. "NT AUTHORITY\\LOCAL SERVICE") – PhillyNJ Sep 28 '12 at 19:05