Integrated Windows Authentication showing wrong loggedin user

I have an asp.net 2.0 application running on IIS 6.0. I am u开发者_JS百科sing Integrated Windows Authentication. Some users have two network accounts, a personal account and an administrative account. The problem I am facing is that sometimes when they are logged in on the client side using their personal accounts, the logged in user appears at the server side as the admin account. I am retrieving the logged in user network id using System.Security.Principal.WindowsIdentity.GetCurrent().Name. I suspect that their admin credentials are being cached somewhere and passed instead.

I had exactly this same problem. The web site was seeing me authenticate as my admin account even though I was logged in as my personal account.

It turns out that in Windows you can associate specific user names and passwords with particular sites. Once that is done, the integrated authentication through IE (and Chrome!) always uses those credentials. And, to make things easy, there is no obvious way to get to those settings through Internet Explorer's settings or options.

To fix your issue on Windows XP:

1. Click Start, Settings, Control Panel, User Accounts.
2. Click the Advanced tab.
3. Click Manage Passwords.
4. Find the entry in the list the corresponds to the site(s) where you're seeing this behavior. Remove it.

Credit where credit is due: This answer was taken almost word-for-word from an unnamed "Junior Member" at ObjectMix.

For Windows 7, use "Control Panel/Credential Manager" (also available via "Control Panel/User Accounts/Manage Your Credentials"). This lists all cached credentials, and lets you easily delete the ones which are causing problems.

When you use Remote Desktop to connect to a server and save your login credentials, it doesn't only save them for remote desktop, it also uses them for connecting through IE and, apparently, Chrome.

This is an old issue, and still valid. I just found if you save credentials while using mstsc (Remote Desktop), and try to use Integrated Windows Auth against any site that is CNAMEd to that server, it will use the saved credentials. Those will be the ones you need to delete.

My PC is locked down at work and IT have removed Credential Manager from the menu in Control Panel.

I was able to get around this by running cmdkey /list from the command line. In the list of "Currently stored credentials" I located the offending hostname and ran cmdkey /delete:[hostname] (no sq. brackets and replace hostname with your host), which fixed the issue for me.

According to this site, rundll32.exe keymgr.dll, KRShowKeyMgr will bring up the dialog to do this as well.

Some background info: http://windows.microsoft.com/en-gb/windows7/what-is-credential-manager