2

I've created a website using .NET Core MVC. This will only be used inside a company network, so it uses Windows authentication.

If I try to display the user's username in a web page (using the following code), the actual user's name is displayed:

var identity = (WindowsIdentity)HttpContext.User.Identity;
viewModel.UserName = identity.Name; //Page displays "DOMAINNAME/username"

However, connections to an SQL Server database using Integrated Security are made under the same user regardless of who is logged in on the website. The connection string is similar to the following:

Data Source=ServerName;Initial Catalog=DbName;Integrated Security=True

I would prefer the name of the actual user to be passed to the database, so that actions logged using suser_name() will report the correct user.

In previous versions of ASP.NET, I believe the "impresonation" setting handled this. However, Core uses IIS only as a proxy and runs on its own Kestrel server, so it doesn't seem like this setting applies.

Is there a way to use Integrated Security with the user that's logged into the website?

TylerH
  • 20,799
  • 66
  • 75
  • 101
George T
  • 698
  • 9
  • 18
  • 1
    Try to turn windows auth ON and anonymous auth OFF in IIS settings. – gofr1 Oct 05 '16 at 10:39
  • @gofr1: I've already done that. – George T Oct 05 '16 at 10:41
  • What is a value of `fastcgi.impersonate` in `php.ini`? – gofr1 Oct 05 '16 at 10:42
  • It is weird, when I was installing IIS to use it as interface for SQL Server, I turned win auth On, Anonymous Off, `fastcgi.impersonate` was `0` - Every one connecting to my site was passed to DB as is, with `DOMAIN\USERNAME` credentials. – gofr1 Oct 05 '16 at 10:45
  • php.ini sounds like something that's used with a PHP website. This is .NET Core MVC. – George T Oct 05 '16 at 10:46
  • Haven't work with `.NET Core MVC`. Is there some impersonate properties in that framework, you can look to? What credentials are passed to SQL Server? – gofr1 Oct 05 '16 at 10:49
  • 2
    Possible duplicate of [ASP.NET CORE 1.0, Impersonation](http://stackoverflow.com/questions/35180871/asp-net-core-1-0-impersonation) – George T Oct 05 '16 at 10:58

0 Answers0