CODEWITHSUNDEEP
asp.netauthenticationiis-7
Donnie Hale
Donnie Hale

Reputation: 411

Windows Authentication succeeds but IsAuthenticated == false

Environment is IIS 7 integrated pipeline, ASP.NET 4.0. I have a .aspx page configured without anonymous authentication and with windows authentication:

  <location path="auth/windows">
    <system.webServer>
      <security>
        <authentication>
          <anonymousAuthentication enabled="false" />
          <windowsAuthentication enabled="true" />
        </authentication>
      </security>
    </system.webServer>
  </location>

When I request the page, a normal Windows auth (NTLM/Negotiate) challenge response happens, and ultimately the page is returned.

I have an HttpModule in which I handle the PostAuthorize event. As expected, this event is only raised once the challenge-response authentication has succeeded and access to the page has been authorized.

However, the Request.IsAuthenticated property is false; and HttpContext.Current.User.Identity reflects an unauthenticated user (.Name returns the empty string). Interestingly, Request.ServerVariables["LOGON_USER"] does return the value of the authenticated Windows user.

I'd have thought that once the user was authenticated (and authorized, for that matter), the request would reflect being authenticated; and the User / Identity for the request would have been properly set.

Any thoughts on why this is not the case?

Thanks,

Donnie

Upvotes: 4

Views: 13919

Answers (2)

Venu Kadiyala
Venu Kadiyala

Reputation: 89

windows Authentication is enabled in IIS and authentication mode set to windows in my web.config file.

 <authentication mode="Windows">     
    </authentication>

My site is asking for credentials and it's working fine. but when check using 

HttpContext.User.Identity.Name

is empty string Or HttpContext.User.Identity.IsAuthenticated is false;

I used Request.ServerVariables["LOGON_USER"].Tostring(); to get logged in user credentials.

It worked for me, Thanks for Posting soccerdad.

Upvotes: 2

Donnie Hale
Donnie Hale

Reputation: 411

It turns out that the native handling of Windows authentication works when you have Forms authentication enabled in Web.config. But the managed part of Windows authentication - associating the authenticated Windows user with an IIdentity-derived object representing that user - only happens if Windows authentication is enabled in Web.config. Looks like I'll have to rely on the Request.ServerVariables["LOGON_USER"] value.

Upvotes: 3

Related Questions