8

I am running a webpage that needs to be able to read the login id of the current user. Here is the code I am using:

string id = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

Currently this returns the correct login but when I use it in this method:

protected Boolean isPageOwner()
{
    string id = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
    alert("User: " + id);
    if (id.Equals(pageOwnerID))
    {
        return true;
    }
    if (accessPermission.ContainsKey(id))
    {
        return true;
    }
    return false;
}

the method returns false even though the id returned is identical to pageOwnerID. I'm really not sure which part of this I am having a problem with.

On a side note, my login id is of the form string1/string2 but the code retrieves it as string1 + string2 without the slash.

Any advice is appreciated.

Regards.

Kevin
  • 1,252
  • 6
  • 32
  • 50
  • What is the exact string for `id` and `pageOwnerID`. It sounds like it may be `abc/123` and `abc123` from your description, which would not work. – Guvante Jul 19 '12 at 19:34
  • When I was developing this page on my local machine I was able to detect my logon id in the form "abc/123" with the slash. As soon as I deployed the page on the server the logon id was retrieved without the slash -- so abc123. So I changed pageOwnerID to remove the slash but the test for equality is failing mysteriously. – Kevin Jul 19 '12 at 19:37
  • 1
    Why don't you log/output both `id` and `pageOwnerID` so you can compare. Obviously they are not the same. – SliverNinja - MSFT Jul 19 '12 at 19:49
  • Are you sure it's not a backslash, \? – Jeppe Stig Nielsen Jul 19 '12 at 19:49
  • Suddenly the code is retrieving "NT AUTHORITYNETWORK SERVICE" as the user name. So now I have a new problem. – Kevin Jul 19 '12 at 19:56
  • 1
    Do not use the WinIdentity, use Request.User – H H Jul 19 '12 at 19:58
  • I can't find an example of Request.User -- could you show me the whole command? – Kevin Jul 19 '12 at 20:12
  • See answer below for an example on using `Request.User` -> `HttpContext.Current.User` – SliverNinja - MSFT Jul 19 '12 at 20:30
  • Possible duplicate of [How to get Current User who's accessing ASP.net app?](http://stackoverflow.com/questions/5417125/how-to-get-current-user-whos-accessing-asp-net-app) – KyleMit Oct 21 '15 at 15:51

2 Answers2

11

Try using this to retrieve the username....

if (System.Web.HttpContext.Current.User.Identity.IsAuthenticated)
{
   string username = System.Web.HttpContext.Current.User.Identity.Name;
}

It sounds like windows authentication is not being used - you need to disable anonymous access and enable windows integrated security.

Add this to your web.config...

<system.web>
 <authentication mode="Windows"/>
  <authorization>
    <deny users="?"/> 
  </authorization>
</system.web>
SliverNinja - MSFT
  • 31,051
  • 11
  • 110
  • 173
  • This would work under normal circumstances, but IIS configuration may setup impersonation that will fool ASP.NET into thinking System.Web.HttpContext.Current.User.Identity.Name (or Request.User.Identity.Name) is not the actual logged in user. – Emil Lerch Jul 19 '12 at 20:33
  • It will be empty if `IsAuthenticated` is false. – SliverNinja - MSFT Jul 19 '12 at 20:38
  • Ah, sorry, I meant I had tried `string id = System.Web.HttpContext.Current.User.Identity.Name;` without the if-clause. Also, this is in my web.config file: `` – Kevin Jul 19 '12 at 20:39
  • 1
    You need to configure IIS to enable integrated security and disable anonymous. – SliverNinja - MSFT Jul 19 '12 at 20:43
  • Thanks. I'll pounce on the server admin first thing tomorrow. – Kevin Jul 19 '12 at 20:51
1

If you need the current logged in user's identity from within any layer (or Project in your solution) then use:

string userId = Thread.CurrentPrincipal.Identity.GetUserId();

Ehimah Obuse
  • 116
  • 2
  • 6