CODEWITHSUNDEEP
asp.netangularjswindows-authenticationimpersonation
TheViking
TheViking

Reputation: 171

How to get the username of windows authenticated user in asp.net?

I have an single page application running in our Intranet. Users are authenticated by Windows Authentication (their domain-user). When clicking a button I want to send a request (using $http, Angular) to an aspx-page that has the following code:

        string result = "Unknown";
        var loggedOnUser = System.Security.Principal.WindowsIdentity.GetCurrent();
        if (loggedOnUser != null) {
            int index = loggedOnUser.Name.LastIndexOf("\\", StringComparison.Ordinal) + 1;
            result = loggedOnUser.Name.Substring(index);
        }
        var json = "{ \"User\" : \"" + result + "\"}";
        Response.Clear();
        Response.ContentType = "text/json";
        Response.Write(json);
        Response.End();

This code only gives me the name of the user that is registered in the Application Pool. Thats not very surprising indeed so I guess I need to do some impersionating here? The reason for doing this is that I want the username in my javascript so that it can be sent as a paramter in other calls to the server. I have searched the web and everyone says that getting the logged-in users username is a big security breach. And I do see that. But I may be a workaround when it is done in a way that involve server-code?

Any suggestions?

Thanks!

Upvotes: 0

Views: 3236

Answers (1)

Frost_Mourne
Frost_Mourne

Reputation: 342

I got like this on Login click

 protected void btnLogin_Click(object sender, EventArgs e)
    {
        try
        {
            string UserName = "";
            string activeDomain = System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString();
            string strName = HttpContext.Current.User.Identity.Name.ToString();


            if (strName == "")
            {
                UserName = activeDomain;
            }
            else
            {
                UserName = strName;
            }

            if (UserName == "")
            {
                lblMsg.Text = "Invalid Credentials. Please contact administrator!";
            }
            else
            {
                LP.UserName = UserName;
                DataSet dsUserName = LBLL.validate_user(LP);
                if (dsUserName.Tables[0].Rows.Count > 0)
                {
                    Session["UserName"] = dsUserName.Tables[0].Rows[0]["userName"].ToString();
                    Session["entityUID"] = dsUserName.Tables[0].Rows[0]["entityUID"].ToString();
                    Response.Redirect("~/index.aspx", false);
                }
                else
                {
                    lblMsg.Text = "Invalid Credentials. Please contact administrator!";
                }
            }
        }
        catch (Exception ex)
        {

        }
    }

Upvotes: 1

Related Questions