Passing logged on user to Angular services (Windows Authentication)

Question

I'm building a mostly client-side app (HTML/CSS/Angular) and it calls a Web API backend for data retrieval. Pretty standard stuff. However, we are behind a firewall and use Windows Authentication to pass through the currently logged on user. I have exhausted myself trying to determine how to simply retreive the username of the currently logged on user to pass to Angular so I can then pass it up to the Web API.

Any suggestions?

So far I've created a <script> section in the head of my HTML and retrieve the username into a local variable like so:

<script type="text/javascript">
    var loggedOnUser = '<%= Request.ServerVariables["REMOTE_USER"] %>';
    console.log('logged on user is ' + loggedOnUser);
</script>

The problem is that I'm always getting back an empty string (well, no value at all actually).

The controller I'm using looks like this:

public class AuthenticationController : ApiController
{
    private static Logger logger = LogManager.GetCurrentClassLogger();

    public IHttpActionResult Get(string activeDirectoryDomainName, string username)
    {
        string user = HttpContext.Current.User.Identity.Name;
        logger.Debug("user: " + user);

        return Json(BLL.GetAuthenticationInfo(activeDirectoryDomainName, username));
    }
 }

The logged result from the controller is empty too.

Answer 1

Your server should be doing the validation and checking who the user is, not the angular application telling the server who they are (not secure!).

If you just want to display the username you should be able to do a call to the web api and have it return the username (that way you can see who they are authenticating as)

If you are returning a Razor / cshtml file as your view / layout, you can include the username there as well with @User.Identity.Name