47

I'm creating an intranet asp.net mvc application that everyone in the company should have access to. I need to run the website impersonated for database access etc., but I want to know who each user is.

When I look at Page.User.Identity.Name it's blank. Is it possible to get the user's windows account name even though the site is running impersonated?

Edit: Here's a little more info. I have a site in IIS 6 running with anonymous access enabled. The site is running under a system account that has access to the database (because all of the employees do not have access to the database).

My web.config has <authentication mode="Windows" /> and <identity impersonate="true"/>

My goal is that the users won't have to log in - that fact that they are logged into our network (and the fact that the site is not on an external IP) is enough authentication. I would just like to know who the user is in order to track changes they make, etc.

nhgrif
  • 61,578
  • 25
  • 134
  • 173
MrDustpan
  • 5,508
  • 6
  • 34
  • 39

4 Answers4

122

With <authentication mode="Windows"/> in your application and Anonymous access enabled in IIS, you will see the following results:

System.Environment.UserName: Computer Name
Page.User.Identity.Name: Blank
System.Security.Principal.WindowsIdentity.GetCurrent().Name: Computer Name

With <authentication mode="Windows"/> in your application, and ‘Anonymous access’ disabled and only ‘Integrated Windows Authentication’ in IIS, you will see the following results:

System.Environment.UserName: ASPNET (user account used to run ASP.NET service)
Page.User.Identity.Name: Domain\ Windows Account Name 
System.Security.Principal.WindowsIdentity.GetCurrent().Name: Computer Name\ASPNET

With <authentication mode="Windows"/> and <identity impersonate ="true"/> in your application, and ‘Anonymous access’ disabled and only ‘Integrated Windows Authentication’ in IIS, you will see the following results:

System.Environment.UserName: Windows Account Name 
Page.User.Identity.Name: Domain\ Windows Account Name 
System.Security.Principal.WindowsIdentity.GetCurrent().Name: Domain\ Windows Account Name
gokul
  • 1,236
  • 1
  • 9
  • 2
  • 3
    This is one of those answer where I wish there was a favorite answer, like the favorite questions – BlackTigerX Jul 08 '15 at 21:43
  • @BlackTigerX There is, you can award bounties to outstanding answers... Doing so gets you the Altruist badge *First bounty you manually award on another person's question* – Jeremy Thompson Oct 15 '15 at 00:35
  • Why doesn't Microsoft include clear, short explanations like this in their documentation? Thank you for this answer. – Jimmy May 23 '16 at 20:47
  • What about Thread.CurrentPrincipal.Identity.Name? If you add this as well, I think it will be more complete. – VivekDev Jan 09 '17 at 04:26
7

try this

System.Security.Principal.WindowsIdentity.GetCurrent().Name

It should return a string with the users login name

dmoore1181
  • 1,793
  • 1
  • 25
  • 57
Gavin
  • 17,053
  • 19
  • 64
  • 110
  • Thanks Gav - I tried this and it displays the name of the account that my site is setup to run under (see the Edit in the question for more info). – MrDustpan Aug 12 '09 at 16:05
  • 2
    Think your going to need to disable annonymous access in IIS, when they visit the site assuming they are logged into the domain IIS will use their current login. The code above should then display their UserID rather than the one IIS runs under. – Gavin Nov 06 '09 at 15:55
4

I just wanted to post my fix, because no one else had said anything about it.

I was having the same issue when I published the site to the server, but not on my local. All the settings were the same. However, in IIS the "Default Website" had never been turned off. It was running and intercepting traffic, even though there was no site associated with it. Anonymous Authentication was turned on in the default, but turned off in my website running under port 80. It didn't seem to matter that my site had it turned off... since the default was turned on it was turned on for all traffic to port 80.

Disabling the default web fixed the issue. Also changing the port to 8080 works.

I hope this helps someone.

Kelly R
  • 159
  • 1
  • 3
1

Unless this functionality has changed under the MVC framework, and I don't think it has, Page.User.Identity.Name should still work. Sounds like your site is set up to allow anonymous authentication. If so, try disabling it.

Ryan
  • 645
  • 4
  • 11
  • Thanks Ryan. I added some more detail to the question, but basically I need anonymous authentication. – MrDustpan Aug 12 '09 at 16:06
  • Given the additional information, you want ``. You want the web app to run under the identity provided by IIS. `impersonate="false"` makes sure this is the case. You also want to turn Integrated Authentication on and disable anonymous authentication. This insures that Page.User.Identity will be the identity of the user viewing the page. They shouldn't have to actually provide credentials if the server and users are on the same domain. – Ryan Jan 18 '10 at 18:45
  • And sorry for taking so long to reply. I haven't had a chance to participate here in a while. – Ryan Jan 18 '10 at 18:46