ASP.NET MVC 4.5 - The issue with the Logon user (HttpContext.Request.LogonUserIdentity.Name)

Question

I am developing an ASP.NET MVC 4.5.1 application using VS 2013.

Following are the settings at the IIS 7.5

1. Windows Authentication Enabled (also in Web.config authentication mode is set to "Windows").
2. Anonymous Authentication Disabled.
3. Application pool is running with service account "contoso\john".
4. The mode is Integrated.

On my landing page (e.g. HomeController.cs) I am storing logon user information as below:

Session["LogonUserName"] = HttpContext.Request.LogonUserIdentity.Name and that's working fine, I can use the Session["LogonUserName"] from other views.

However, when redirecting from home page to a different view e.g. Customer View something weird is happening and somehow I am losing the authentication and I am not able to step into a function.

So I Disabled the Windows Authentication and Enabled the Anonymous Authentication but then on the customer view page I am getting HttpContext.Request.LogonUserIdentity.Name = "NT AUTHORITY\IUSR"

and Session["LogonUserName"] = contoso\john, which is my app pool account.

Any idea why? Could someone please help me?

Answer 1

Ok. The issue certainly due to be authentication (XSS problem) and the JavaScript code wasn't being trusted when running on localhost or on IP address. When given a DNS entry (site binding) the issue resolved.