How to get Windows user in asp.net webApp on IIS7+

Question

I have an asp.net 4.5 web forms web app deployed on a remote IIS7+ server and I want to get the domain\username of the user to populate a database column.

My web.config has the following:

<system.web>
   <authentication mode="Windows" />
   <identity impersonate="true" /> <!-- I have tried with and without impersonate-->
   <authorization>
         <deny users="?"/>
   </authorization>
   ...other stuff
</system.web>
<system.webServer>
   <security>
     <authentication>
       <anonymousAuthentication enabled="false" />
       <windowsAuthentication enabled="true" />
     </authentication>
   </security>

   <modules>
      <remove name="FormsAuthentication" />
   </modules>

Here are some of the things I have tried:

String username = Membership.GetUser().UserName;
                = HttpContext.Current.User.Identity.Name;
                = Page.User.Identity;
                = User.Identity.Name;
                = Environment.Name; // Or something similar to this I don't remember exactly.

Other things to note:

Windows authentication is enabled on the server for my web app.

I keep getting the server name instead of the username.

Also, there is no logon for my web app. Users are restricted access to the server but if they can access the server then they automatically have access to my web app.

[UPDATE]

Interesting breakthrough, if I do an inline

 <% Response.Write(HttpContext.Current.User.Identity.Name.ToString()); %>

then myDomain\username is written to my page. However, if I do the same code server side it returns the Server Name. Why would it return something different?

I have tried the below code but it still returns the Server name, I'm guessing its because the inline runs client-side and the controls run server side.

<asp:Label ID="LabelID" Text=" <% HttpContext.Current.User.Identity.Name.ToString(); %>" />

then in codeBehind

String curUser = LabelID.Text;

Answer 1

See: http://forums.asp.net/t/1121780.aspx?Getting+a+users+DOMAIN+username+from+a+web+application

To get the current userid name of an asp.net aspx page use

System.Security.Principal.WindowsIdentity.GetCurrent().Name 

To get the actual person who's logged in use any of these:

HttpContext.Current.User.Identity.Name
Page.User (wraps HttpContext.Current.User.Identity.Name)
Request.ServerVariables("logon_user")

You'll probably also need:

impersonate=true

in your web.config file

This post may also help you: Built-in helper to parse User.Identity.Name into Domain\Username

[EDIT] This post shows what's happening under the covers in IIS 7: How to get at the current users windows identity

This post will hopefully also give you an idea of what the results of your trial and error mean: How to get Windows user name when identity impersonate="true" in asp.net?

You may also need the following in your web.config

<authorization>
    <deny users = "?" /><!-- This denies access to the Anonymous user -->
    <allow users ="*" /><!-- This allows access to all users -->
</authorization>

[EDIT2] The behavior you are observing implies you are executing

HttpContext.Current.User.Identity.Name

On what you are calling "the server side" too early in IIS's processing pipeline application lifecycle i.e. before authentication has taken place. The

 Response.Write( 

is one of the last aspects of application life cycle. Take a look at Microsoft's IIS7 life cycle documentation: http://msdn.microsoft.com/en-us/library/bb470252.aspx

1. Validate the request.
2. Perform URL mapping.
3. Raise the BeginRequest event.
4. Raise the AuthenticateRequest event.
5. Raise the PostAuthenticateRequest event.
6. Raise the AuthorizeRequest event.
7. Raise the PostAuthorizeRequest event. ...

Its only after this that it will really be safe to do the processing you need to