c# .net Web Api Windows and Anonymous Authentication get current user

Question

I'm trying to get the local user, but I have no return.

• WebApi
• IIS (10) Windows 10

My IIS Enabled:

• Windows
• Basic
• Anonymous

Visual Studio 2017 C# .net 4.6.1

I already tried to tag the web config:

  <authorization>
  <allow users="?" />
</authorization>
AND
<identity impersonate="false" />
<authentication mode="Windows" />

Code WebApi

 [HttpGet]
    [Authorize]//I already tried [AllowAnonymous]
    public User Get()
    {
        System.Net.NetworkCredential SystemCredential = (System.Net.NetworkCredential)ADUtil.SystemCredential();
        string login = HttpContextUtil.Request.LogonUserIdentity.Name;
error here, login return 'NT AUTHORITY\IUSR'.
}

Answer 1

You can't mix modes of Authentication within an application without getting in a mess. You have to pick one and stick to it.

The AllowAnonymous attribute let you access specific controllers without Authentication. Whether they are authenticated or not depends on your method of Authentication. It is usually used to access Login pages, but may also be used for areas of the site that you don't need to restrict access to.

Probably the easiest way is to disable everything except "Windows" in IIS

Answer 2

As mentioned here if you want to allow users to request anonymous and others with windows authentication, your best way is to present two different sub-paths for each AuthenticationScheme for example define a route for anonymous request like /anonymous/{controller}/{action} and one for windows authentication requests /windows/{controller}/{action}. Therefor you don't have to double implement the controller, but the drawback is that you have to run two connections for the same module.