CODEWITHSUNDEEP
asp.netiisintranet
user724198
user724198

Reputation:

ASP.NET Getting Current User Name

I am trying to build an application on our company's intranet using ASP.NET and VB.NET.

Neither of these functions return anything once my application is published to IIS. They work fine in development (ie: pressing F5 I get my regular network username), but once published they return '' (an empty string).

HttpContext.Current.User.Identity.Name
Page.User.Identity.Name

I'm looking for something -- anything -- that will grab the current users login name. Please note that I CANNOT change these settings in my web.config, because of other functionality requirements.

    <authentication mode="Windows"/>

    <roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="AspNetWindowsTokenRoleProvider" cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="480" cookieRequireSSL="false" cookieSlidingExpiration="true" createPersistentCookie="false" cookieProtection="All" />

Nor can I change any IIS settings, to include the 'Enable Anonymous User' setting. Specs are cast in stone and I'd have to chop off my own leg (or head) to get them changed.

I would think there's got to be a way to get the current logged in user's name with my current configuration.

Any ideas?

Thanks,

Jason

Upvotes: 7

Views: 57328

Answers (8)

nPcomp
nPcomp

Reputation: 9993

If domain and username specified something like "DOMAIN\username" in AD

HttpContext.Current.User.Identity.Name.Split('\\')[0] returns the Domain

and

HttpContext.Current.User.Identity.Name.Split('\\')[1] returns the username

Upvotes: 2

dotnetterdev
dotnetterdev

Reputation: 91

I tried all of the above and none of them worked. I also could not get into my IIS to change the settings. I struggled and struggled and struggled with this. I also searched a long time without finding the answer. One of the things is that I don't have access to IIS, that is locked down, so I couldn't change any of the server settings. I had to go with what I was capable of doing in code. When I researched it, many of the replies said, "set up IIS like this". . .well, that's great when you have access to IIS, but I didn't -- I had to work with what I could do in code. So, I ended up handling it like this:

In my web config file, I added the following lines of code within the section:

<system.webServer>
 <security>
  <authentication>
   <anonymousAuthentication enabled="false" />
   <windowsAuthentication enabled="true" />
  </authentication>
</security>
</system.webServer>

Then, it returned an error on my local, which I had to go in and fix. I went to the applicationhost.config file located in the following path on my machine (yours might be different):

C:\users\"your user name"\My Documents\"yourIISInstallation"\config\applicationhost.config

and I changed the following settings to "allow", which had been set to "deny":

<section name="anonymousAuthentication" overrideModeDefault="Deny" />

changed to

<section name="anonymousAuthentication" overrideModeDefault="Allow" />

and

<section name="windowsAuthentication" overrideModeDefault="Deny" />

changed to:

<section name="windowsAuthentication" overrideModeDefault="Allow" />

in the

<sectionGroup name="authentication">

section. Before I found out this fix, I was pulling my hair out over this. I hope this helps someone. As soon as I put in the above code into the webconfig file, it worked on the intranet, it just returned errors in my local, but as soon as I added the above to my local applicationhost.config file, it started working on my local as well. Then, I called the following variable to return the name of the logged in user on windows:

HttpContext.Current.User.Identity.Name.ToString().Substring((HttpContext.Current.User.Identity.Name.ToString().IndexOf("\\")) + 1);

Cheers!

Upvotes: 0

user724198
user724198

Reputation:

And yet another way to get the logged-on user name:

Request.ServerVariables["LOGON_USER"]

Upvotes: 2

Xorsat
Xorsat

Reputation: 2408

Disable Anonymous Authentication in IIS. User.Identity.Name might be empty if Anonymous Authentication is enabled in IIS.

Set in web.config

<configuration>
  <system.web>
    <authentication mode="Windows" />
         <authorization>
             <deny users="?"/>
          </authorization> 
    </system.web> 
</configuration>

Use User.Identity.Name to get the logon user.

Environment.UserName is the running thread identity. If you have enabled Impersonation as Mark said, you can find out the returning result will be different. However this requires ASP.NET Impersionation. If you don't need ASP.NET Impersonation and dealing with the thread identity, you can ignore Environment.UserName if and just use User.Identity.Name.

Also check before perform any action.

 if (User.Identity.IsAuthenticated)
    {
        Page.Title = "Home page for " + User.Identity.Name;
    }
    else
    {
        Page.Title = "Home page for guest user.";
    }

Here is a good example

Upvotes: 5

user724198
user724198

Reputation:

Here's what I found (somewhere), and ended up using. Hope it can help someone else out there!

Public Shared Function Check_If_Member_Of_AD_Group(ByVal username As String, _
ByVal grouptoCheck As String, _
ByVal domain As String, _
ByVal ADlogin As String, _
ByVal ADpassword As String) _
As Boolean

    Dim myDE As DirectoryEntry
    Dim EntryString As String
    Dim NumberOfGroups As Integer
    Dim tempString As String


    'Checks to see if the specified user is a member of the specified group
    Try

        'Setup the LDAP basic entry string.
        EntryString = "LDAP://" & domain


        'Make the group to check all lowercase (for matching)
        grouptoCheck = grouptoCheck.ToLower()


        'Use the correct overloaded function of DirectoryEntry
        If (ADlogin <> "" AndAlso ADpassword <> "") Then
            myDE = New DirectoryEntry(EntryString, ADlogin, ADpassword)
        Else
            myDE = New DirectoryEntry(EntryString)
        End If


        'Filter the directory searcher and get the group names
        Dim myDirectorySearcher As New DirectorySearcher(myDE)
        myDirectorySearcher.Filter = "sAMAccountName=" & username
        myDirectorySearcher.PropertiesToLoad.Add("MemberOf")
        Dim myresult As SearchResult = myDirectorySearcher.FindOne()


        'Get the number of groups, so they can be itereated
        NumberOfGroups = myresult.Properties("memberOf").Count() - 1


        While (NumberOfGroups >= 0)
            'Extract the group name from the result set of the index
            tempString = myresult.Properties("MemberOf").Item(NumberOfGroups)
            tempString = tempString.Substring(0, tempString.IndexOf(",", 0))
            tempString = tempString.Replace("CN=", "")
            tempString = tempString.ToLower()
            tempString = tempString.Trim()

            If (grouptoCheck = tempString) Then         'We got a winner
                Return True
            End If
            NumberOfGroups = NumberOfGroups - 1
        End While

        Return False                                    'User is not in the specified group



    Catch ex As Exception

        Check_If_Member_Of_AD_Group = False             'If all else fails, don't authenticate

    End Try


End Function

Upvotes: 2

blowdart
blowdart

Reputation: 56550

The reason it works in development is because VS's test web server is not IIS, and runs under your current user account.

If you want this to work in IIS you need to be able to configure IIS correctly - there is no other way to do it.

Upvotes: 1

Spacemancraig
Spacemancraig

Reputation: 1396

Would this work for what you are trying to accomplish? Environment.GetEnvironmentVariable("USERNAME").ToString();

Upvotes: 0

ShaneBlake
ShaneBlake

Reputation: 11096

I'm pretty sure the only way to get it to work is to actually check 'integrated windows authentication' in IIS. If 'enable anonymous access' is also checked, it will just use anonymous, so you should turn that one off...

Upvotes: 2

Related Questions