开发者

How to get at the current users windows identity?

The site is running on my local IIS 6.1. I Would like to add some features to pull information from our Active Directory (AD). My AD code works on many other projects and开发者_高级运维 on my development server. Here are my attempts at writing out the username:

Response.Write("1. " + this.Request.LogonUserIdentity.Name);
Response.Write("2. " + Request.ServerVariables["Auth_User"]);
Response.Write("3. " + WindowsIdentity.GetCurrent().Name.ToString());

The results I get are:

  1. NT AUTHORITY\IUSR
  2. administrator
  3. NT AUTHORITY\NETWORK SERVICE

How can I get at the actual windows username like ourdomain/username


There are two different windows user here - first one is your application user and second is user (or windows account) under which your ASP.NET application (application pool from IIS perspective) is running. WindowsIdentity.GetCurrent will typically return this reference.

To getting actual windows user that using the application, you must enforce authentication. To do that, you can enable integrated authentication (windows authentication) in IIS for the said web site. Also modify your ASP.NET configuration to use windows authentication. Now you can use HttpContext.Current.User.Identity to get the actual user.


HttpContext.Current.User.Identity may be of use to you here.

Likewise System.Threading.Thread.CurrentPrincipal could help.

But the case might be that you actually have to set an identity instance as the user logs in (though not necessarily implement IPrincipal and the surrounding mechanisms, rather using the built-in WindowsIdentity implementation).

I'm not 100% percent on this, Windows Authentication might set this automatically for you to simply retrieve.

Also, check out this link from MSDN which describes basic user operations,


This snippet shows how LogonUserIdentity is set (using reflector)

 if ((this._wr is IIS7WorkerRequest) && (((this._context.NotificationContext.CurrentNotification == RequestNotification.AuthenticateRequest) && !this._context.NotificationContext.IsPostNotification) || (this._context.NotificationContext.CurrentNotification < RequestNotification.AuthenticateRequest)))
        {
            throw new InvalidOperationException(SR.GetString("Invalid_before_authentication"));
        }
        IntPtr userToken = this._wr.GetUserToken();
        if (userToken != IntPtr.Zero)
        {
            string serverVariable = this._wr.GetServerVariable("LOGON_USER");
            string str2 = this._wr.GetServerVariable("AUTH_TYPE");
            bool isAuthenticated = !string.IsNullOrEmpty(serverVariable) || (!string.IsNullOrEmpty(str2) && !StringUtil.EqualsIgnoreCase(str2, "basic"));
            this._logonUserIdentity = CreateWindowsIdentityWithAssert(userToken, (str2 == null) ? "" : str2, WindowsAccountType.Normal, isAuthenticated);
        }

As you can see this has been changed for IIS 7. I believe you are using Windows Authentication + Impersonation so I would go with the last one (WindowsIdentity.GetCurrent()) which I am sure is the identity request being run with.


Firstly, make sure that the website is within the intranet zone (eg just http://servername/ rather than http://www.servername.com/), or you need to add your FQDN to IEs Trusted Sites security settings.

Secondly, if you are not using the intranet zone, make sure IE is sending the credentials - Tools -> Internet Options -> Security -> Custom Level -> User Authentication -> Logon -> Automatic Logon with Current Username And Password


Is the user logging in to the site using their AD domain/username, if so grab the username/domain at that point?

If not you won't be able to get this, if a random website could grab the domain/username of the current users login that would be a huge security issue wouldn't it?

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜