Windows Authentication succeeds but IsAuthenticated == false

Question

Environment is IIS 7 integrated pipeline, ASP.NET 4.0. I have a .aspx page configured without anonymous authentication and with windows authentication:

  <location path="auth/windows">
    <system.webServer>
      <security>
        <authentication>
          <anonymousAuthentication enabled="false" />
          <windowsAuthentication enabled="true" />
        </authentication>
      </security>
    </system.webServer>
  </location>

When I request the page, a normal Windows auth (NTLM/Negotiate) challenge response happens, and ultimately the page is returned.

I have an HttpModule in which I handle the PostAuthorize event. As expected, this event is only raised once the challenge-response authentication has succeeded and access to the page has been authorized.

However, the Request.IsAuthenticated property is false; and HttpContext.Current.User.Identity reflects an unauthenticated user (.Name returns the empty string). Interestingly, Request.ServerVariables["LOGON_USER"] does return the value of the authenticated Windows user.

I'd have thought that once the user was authenticated (and authorized, for that matter), the request would reflect being authenticated; and the User / Identity for the request would have been properly set.

Any thoughts on why this is not the case?

Thanks,

Donnie

Enable impersonation and see what you get. – Tim Coker Jun 29 '10 at 15:31 — Tim Coker, Jun 29 '10 at 15:31

score 3 · Accepted Answer · answered Jun 30 '10 at 02:20

It turns out that the native handling of Windows authentication works when you have Forms authentication enabled in Web.config. But the managed part of Windows authentication - associating the authenticated Windows user with an IIdentity-derived object representing that user - only happens if Windows authentication is enabled in Web.config. Looks like I'll have to rely on the Request.ServerVariables["LOGON_USER"] value.

score 2 · Answer 2 · edited Jun 27 '13 at 10:38

2

windows Authentication is enabled in IIS and authentication mode set to windows in my web.config file.

 <authentication mode="Windows">     
    </authentication>

My site is asking for credentials and it's working fine. but when check using

HttpContext.User.Identity.Name

is empty string Or HttpContext.User.Identity.IsAuthenticated is false;

I used Request.ServerVariables["LOGON_USER"].Tostring(); to get logged in user credentials.

It worked for me, Thanks for Posting soccerdad.

edited Jun 27 '13 at 10:38

BhavikKama

8,566
12
94
164

answered Jun 27 '13 at 10:11

Venu Kadiyala

89
1
3

Welcome to stackoverflow Venu, when your reputation grows you will be able to post comments. Otherwise answers are just for answering the question. Cheers! – Sergio Jun 27 '13 at 10:31
4

This isn't an answer, but a comment on soccerdad's answer. – Patrick Hofman May 30 '14 at 07:54

Windows Authentication succeeds but IsAuthenticated == false

2 Answers2