开发者

Confusion about impersonation, authentication, and authorization in web.config

I'm trying to retrieve the windows login username for the current user in my asp.net website project.

my web.config file has the following items

        <identity impersonate="true"/>
        <authentication mode="Forms">
            <forms name="app" path="/path" loginUrl="/path/login.aspx" protection="All" timeout="100" />
        </authentication>
        <authorization>
            <deny users="?" />
                <allow users="*"/>
        </authorization>

My understanding is that with this configuration I should be able to retrieve Domain\username from WindowsIdentity.GetCurrent().Name. However, this property returns NT AUTHORITY\IUSR which is the user for anonymous access. If I am not mista开发者_高级运维ken, I am denying anonymous access to the site in my authorization section. What am I missing?

Also of note:

System.Web.HttpContext.Current.Request.LogonUserIdentity.Name also returns NT AUTHORITY\IUSR and Request.ServerVariables["LOGON_USER"] returns an empty string, which goes against the information found in this KB article http://support.microsoft.com/kb/306359

I am using .net 4.0 and a windows 7 development environment.

Some resources that led me to this point:

http://msdn.microsoft.com/en-us/library/ff647076.aspx

http://support.microsoft.com/kb/306158

http://forums.asp.net/t/1121780.aspx/1?Getting+a+users+DOMAIN+username+from+a+web+application

Thanks for your time.

Edit

It should be noted that I am locked into forms authentication (windows authentication is not an option), as this is a multi tennant site, and the majority of users will not be using this single sign on feature.


If you're using forms authentication then impersonation is meaningless - it only works with Windows authentication. The same applies for Request.ServerVariables["LOGON_USER"].

The reason you're seeing IUSR_ is because that's the Windows account the web site is running as, instead you should use Page.CurrentUser (WebForms) or the User property (MVC Controllers), with no casting. This will return the Forms Auth username.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜