0

Just trying to understand the difference here. I moved my ASP.Net Core Vue.js app over to a Win server, from my Win 7 desktop, and it broke

User.Identity.Name

so now the value is null.

So I changed it to

System.Security.Principal.WindowsIdentity.GetCurrent().Name

and it's working again on both my desktop and Win server.

What's the difference and should I just move forward with using the later?

chuckd
  • 13,460
  • 29
  • 152
  • 331

1 Answers1

0

No. They're entirely different things. HttpContext.User is a ClaimsPrincipal created via authentication of a specific user. System.Security.Principal.WindowsIdentity is the principal used by the App Pool. As such, it will be a constant for the application, whereas HttpContext.User is going to be the actual user making the request to your app, assuming they've authenticated.

I think where people get confused is when developing locally and using Windows Authentication. In that one specific scenario, the two will be same, because IIS Express is running under your local user account, which is of course, how you're also authenticated by Windows. In virtually every other situation they will be different, and frankly obvious that System.Security.Principal.WindowsIdentity is not what you're looking for.

Now, as to why User.Identity.Name is null, you likely are expecting to be authenticated by Windows, but have not enabled Windows Authentication for the app, meaning you are not actually logged in. Right-click your project(s), choose Properties, and then go to the Debug tab. At the bottom of the screen, make sure Enable Windows Authentication is checked. If you have any part of your site that does not require authorization, make sure Enable Anonymous Authentication is also checked, or you can uncheck it, you want to force all access to the site to be authorized.

Chris Pratt
  • 232,153
  • 36
  • 385
  • 444
  • ok interesting, but I just checked off "Enable Windows Authentication" under the debug tab in properties and I still get a null value for "User.Identity.User". And "Enable Anonymous Authentication" was already checked. So should I just use "System.Security.Principal.WindowsIdentity"??? – chuckd Jul 09 '19 at 17:30
  • Checked on or off? You said off, it should be on. Regardless, no. `System.Security.Principal.WindowsIdentity` is just wrong. It only *looks* like something that will work because you're running under your local user account. As soon as you deploy, it will be an obvious App Pool account, with no correlation to anything real about your "user" in the context of the request. – Chris Pratt Jul 09 '19 at 17:36
  • Sorry I mispoke, it was unchecked, so I checked it and now I get the name. Interestingly, I have the "Enable Anonymous Authentication" checked and I still get null. But if I uncheck it, I now get the username from "User.Identity.Name". Do you know why this would be? – chuckd Jul 09 '19 at 17:40
  • You likely weren't forcing authentication. In order for the `HttpContext.User` principal to exist, you have to apply the `[Authorize]` attribute to the action/controller. Otherwise, it won't bother to try to fill it. When you disabled Anonymous Auth, it then had no choice but to authenticate. – Chris Pratt Jul 09 '19 at 17:44
  • As a heads up, you'll need to reproduce this on your site in IIS when you deploy (i.e. enable Windows Auth). The project settings won't transfer. – Chris Pratt Jul 09 '19 at 17:49
  • I think I should be ok! My computer (Win 7) works with "User.Identity.User" and so does dev and prod server to deploy and test. Where I ran into problems was when I moved my project over to a server that we use to remote into for remote work. This server was giving me problems. But nothing else...but now that I checked of that settings you said it looks ok on the remote server. – chuckd Jul 09 '19 at 17:57