1

I'm building a mostly client-side app (HTML/CSS/Angular) and it calls a Web API backend for data retrieval. Pretty standard stuff. However, we are behind a firewall and use Windows Authentication to pass through the currently logged on user. I have exhausted myself trying to determine how to simply retreive the username of the currently logged on user to pass to Angular so I can then pass it up to the Web API.

Any suggestions?

So far I've created a <script> section in the head of my HTML and retrieve the username into a local variable like so:

<script type="text/javascript">
    var loggedOnUser = '<%= Request.ServerVariables["REMOTE_USER"] %>';
    console.log('logged on user is ' + loggedOnUser);
</script>

The problem is that I'm always getting back an empty string (well, no value at all actually).

The controller I'm using looks like this:

public class AuthenticationController : ApiController
{
    private static Logger logger = LogManager.GetCurrentClassLogger();

    public IHttpActionResult Get(string activeDirectoryDomainName, string username)
    {
        string user = HttpContext.Current.User.Identity.Name;
        logger.Debug("user: " + user);

        return Json(BLL.GetAuthenticationInfo(activeDirectoryDomainName, username));
    }
 }

The logged result from the controller is empty too.

beaudetious
  • 2,354
  • 3
  • 36
  • 60
  • If you view the source, what exactly is the contents of your script above (i.e. after ASP.NET replaces it with the value)? Where are you setting ServerVariables["LoggedOnUser"] in your code? – Jason Goemaat Oct 16 '14 at 19:49
  • I feel like this is the wrong way to go about solving this problem. Request.ServerVariables is not related to WebApi. If you were calling a route [Get]/Application and not receiving information that WebApi returned, then we'd have a better idea of how to solve it. I don't feel this question can be answered without having to rethink and re-architect what you are trying to do. Can you give us more information on what you are using? What are the extensions on your page? .asp? .cshtml? .html? What do your ApiControllers look like? – dannypaz Oct 16 '14 at 19:59
  • Index.aspx. I thought maybe using an aspx page I could capture the logged in user and pass that to the Web API. But no such luck. – beaudetious Oct 16 '14 at 20:02
  • Jason: I edited my code above. It should be the REMOTE_USER server variable. – beaudetious Oct 16 '14 at 20:08

1 Answers1

2

Your server should be doing the validation and checking who the user is, not the angular application telling the server who they are (not secure!).

If you just want to display the username you should be able to do a call to the web api and have it return the username (that way you can see who they are authenticating as)

If you are returning a Razor / cshtml file as your view / layout, you can include the username there as well with @User.Identity.Name

John
  • 6,503
  • 3
  • 37
  • 58
  • http://msdn.microsoft.com/en-us/library/system.web.http.apicontroller.user but I'm getting back no value. I can't add code here but I'm using NLog to return the following: User.Identity.Name and I'm getting nothing. I feel like I'm missing something. – beaudetious Oct 16 '14 at 19:03
  • Are you sure you have windows auth turned on on IIS? Anon turned off? Can you place a debug point and see what gets set? – John Oct 16 '14 at 19:05
  • I'm self-hosting (I think that's the correct terminology) and I'm wondering if that's messing things up. My Controllers are mixed in with the web site itself. Anonymous Auth: Disabled Windows Auth: Enabled. I'm using Visual Studio 2013 IIS Express at the moment. – beaudetious Oct 16 '14 at 19:12
  • No luck. My applicationhost.config is already set up the way it's noted in the URL above. – beaudetious Oct 16 '14 at 19:20
  • Bottom line problem: my initial web project was not properly set up. I created a new ASP.Net Web Application using ASP.Net MVC and ASP.Net Web API and merged my old code into it. Now I can get to User.Identity.Name in both the Web API and in the view. Thanks for the nudge in the right direction. – beaudetious Oct 20 '14 at 17:23