IIS Can't get logged user

Question

Im using a transparent proxy to tunnel the frontend to the backoffice, but cant get the logged user even with personation activated.

GET Transparent Proxy:

    [HttpGet, Route("api/{*url}")]
    public HttpResponseMessage Get(string url)
    {

        var client = new WebClient { UseDefaultCredentials = true };
        client.Headers.Add(HttpRequestHeader.ContentType, "application/json; charset=utf-8");
        var result = JsonConvert.DeserializeObject<Object>(Encoding.UTF8.GetString(client.DownloadData(ConfigurationManager.AppSettings["InternalWebApiUrl"] + "/" + url)));

        return Request.CreateResponse(result);
    }

Any attempts on getting the logged user failed, i only get the ApplicationalPool User.

My attempts:

1- used IIS Configurations to activate impersonation, and added the follwing code to webconfig:

 <authorization>
  <allow users ="*" />
 </authorization>

2- Created a GetCurrentUser service to test the credentials that were passed to the backend, but only the ApplicationalPool User showed up:

    [HttpGet, ResponseType(typeof(string)), Route("GetCurrentUser")]
    public HttpResponseMessage GetCurrentUser()
    {
         WindowsIdentity winId = (WindowsIdentity)HttpContext.Current.User.Identity;
        WindowsImpersonationContext ctx = winId.Impersonate();

        var userHTTPContext = HttpContext.Current.User.Identity.Name;
        var userThread = Thread.CurrentPrincipal.Identity.Name;
        var userImpersonated = winId.Name;

        return Request.CreateResponse("HTTP Context: " + userHTTPContext.ToString() + " Thread: " + userThread.ToString() + " Impersonated: " + userImpersonated.ToString());
    }

How can i get the logged user?
Is it possible that im passing the ApplicationalPool User by using UseDefaultCredentials in the WebClient?

Use `Impersonation` on IIS website. https://technet.microsoft.com/en-us/library/cc730708(v=ws.10).aspx — Aditya Singh, Jun 24 '15 at 16:14
http://stackoverflow.com/questions/6918900/impersonate-tag-in-web-config-in-asp-net — Aditya Singh, Jun 24 '15 at 16:17
@wizkid Already tried that also.. that was also part of my first attempt — BrunoMartinsPro, Jun 24 '15 at 16:19
There is difference between authorization and authentication. http://www.codeproject.com/Articles/98950/ASP-NET-authentication-and-authorization — Aditya Singh, Jun 24 '15 at 16:19

score 0 · Accepted Answer · answered Oct 27 '15 at 11:30

Turns out SPN(Service Principal Names) had to be enabled.

Final code:

    [Authorize]
    [HttpGet, Route("api/{*url}")]
    public HttpResponseMessage Get(string url)
    {
        WindowsIdentity wi = null;
        wi = (WindowsIdentity)HttpContext.Current.User.Identity;

        using (wi.Impersonate())
        {
            var baseAddress = ConfigurationManager.AppSettings["BaseAddress"] + "/" + url;

            var http = (HttpWebRequest)WebRequest.Create(new Uri(baseAddress));

                http.Accept = "application/json; charset=utf-8";
                http.ContentType = "application/json; charset=utf-8";
                http.Method = "GET";
                http.UseDefaultCredentials = true;
                try
                {
                    var response = http.GetResponse();

                    var stream = response.GetResponseStream();
                    var sr = new StreamReader(stream);
                    var contentResponse = sr.ReadToEnd();
                    return Request.CreateResponse(JsonConvert.DeserializeObject<Object>(contentResponse));
                }
                catch (Exception ex)
                {
                     return Request.CreateResponse(HttpStatusCode.BadRequest);
                }
        }
    }

IIS Can't get logged user

1 Answers1