1

I am running AD Service and local IIS Service on a Windows Server 2008 R2 Datacenter.
And I try to get the current Windows username in order to login the web application hosted on the IIS.
For some more details, the web application is aims to open to public to visit and enable to get the Windows username with domain name in order to make some AD authentication/SSO.

I had already enabled the "Windows Authentication" & "Anonymous Authentication".
However, "IIS APPPOOL[App_Name]" is gained using System.Security.Principal.WindowsIdentity.GetCurrent().Name.

Anyone got some idea on how to achieve the aims and get the domain username?

UPDATE:

<system.web>
<anonymousIdentification/>
<authentication mode="Windows"></authentication>
....

I added some line above in the web.config, but I still not able to get the domain/username. And the page is hosted on some link like:

http://localhost:8080/

Andrew Chan
  • 11
  • 2
  • In the duplicate thread, Zruty pointed out why you won't get the logon user name but pool identity. – Lex Li Feb 25 '20 at 13:50
  • I took a look of that response, and updated the application site identity to "LocalSystem". However, its still not working. Any other suggestion for this @LexLi , or I should add comment on that thread? – Andrew Chan Feb 25 '20 at 18:08
  • In your web app, use `Page.User` or `ControllerBase.User` to learn logon users please. I wrote a post with more details, https://blog.lextudio.com/the-basic-facts-about-iis-asp-net-process-thread-identities-835eaac876a0 – Lex Li Feb 25 '20 at 18:22
  • Thanks @LexLi. I used `Page.User.Identity.Name`, however I got empty string in response. Did I missed something on the setting? – Andrew Chan Feb 25 '20 at 19:57
  • Enable Windows authentication on IIS, and disable anonymous authentication, https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/authentication/windowsauthentication/#how-to Then try again. – Lex Li Feb 25 '20 at 20:07
  • I've enabled "Anonymous Authentication", "ASP.NET Impersonation", "Windows Authentication" in the Authentication Setting in the IIS application sites. And the Identity is set to "LocalService". Set [identity impersonate="true"] in web.config with []. But I still not able to get the domain username. – Andrew Chan Feb 25 '20 at 20:09
  • I tried to disable the anonymous authentication, but the login box prompt out required to login to the server. And I expected that it enable to get to the website and able to get the Windows domain username. – Andrew Chan Feb 25 '20 at 20:09
  • "The login box prompt out required to login to the server" is expected. Without providing user credentials, how come IIS knows who is logged on to your web application? You can suppress the prompt though, https://www.lansweeper.com/knowledgebase/enabling-or-disabling-login-prompts/ – Lex Li Feb 25 '20 at 20:11
  • Thanks again @LexLi. Is that the prompt only able to suppress on the client side? Is it able to suppress by setting in the server side? Or something like automatically pass current Windows user information to the web application? – Andrew Chan Feb 25 '20 at 20:33
  • That prompt is a client/browser behavior, so you won't be able to do anything on server side. When I said "you can suppress the prompt", I meant that there are ways to let the browser send credentials automatically. Check the linked article for more details. – Lex Li Feb 25 '20 at 20:42

0 Answers0