6

This code in my Web Core API confirms that I am an authenticated user, but I am not getting my username, instead I am getting the name of the application pool. How do I fix this?

var testa = User.Identity.GetType();
NLogger.Info($"testa = {testa}");
var testd = User.Identity.IsAuthenticated;
NLogger.Info($"testd = {testd}");
var loggedInUser = User.Identity.Name;
NLogger.Info($"loggedInUser = {loggedInUser}");

In my logfile I get;

testa = System.Security.Principal.WindowsIdentity
testd = True
loggedInUser = IIS APPPOOL\SIR.WEBUI

I use the [Authorize] tag for the controller and anonymous authentication is disabled.

Well I call the method from Postman, it works OK, the LoggedInUser is correct. But when I call from my code I get the incorrect loggedInUser shown above. The code I use to call the web api from my client app is;

public static async Task<IEnumerable<ContractDto>> GetAllForUser()
{
    using (var client = new HttpClient(new HttpClientHandler { UseDefaultCredentials = true }))
    {
        client.BaseAddress = new Uri(AppSettings.ServerPathApi);
        var path = GetPath("getallforuser");
        var response = await client.GetAsync(path);
        response.EnsureSuccessStatusCode();
        var stringResult = await response.Content.ReadAsStringAsync();
        return JsonConvert.DeserializeObject<IEnumerable<ContractDto>>(stringResult);
    }
}

In IIS I have set the application pool type to all of the various options; applicationpoolidentity, networkservice, localservice, localsystem and tested the application each time. What on earth am I missing?

arame3333
  • 9,887
  • 26
  • 122
  • 205
  • An accept answer to a similar issue here https://stackoverflow.com/a/12675503/5233410 – Nkosi Aug 18 '17 at 00:02
  • I'm not sure if this is the problem, but I suggest you try setting "Load User Profile" to true, if not already, in IIS – Shahbaz Aug 18 '17 at 05:09
  • @Nkosi, tried that but it does not work. I am using Web Core API and I think impersonation works differently. Maybe I should be using impersonation? But then I do not need to do so when using AJAX, so why should C# be any different? – arame3333 Aug 18 '17 at 07:23
  • have you tried userName = HttpContext.Current.User.Identity.Name; – Steve Okay Aug 18 '17 at 09:05

1 Answers1

0

Try this 

if (System.Web.HttpContext.Current.User.Identity.IsAuthenticated)
{
  string username = System.Web.HttpContext.Current.User.Identity.Name;
}

or you can try

var user = (System.Security.Principal.WindowsIdentity)HttpContext.Current.User.Identity;
var userName = user.Impersonate();
Steve Okay
  • 80
  • 12
  • Having done some research, I found out that a call from AJAX will take my identity from the browser, but via IIS it will take the application pool instead. The solution for IIS is to use impersonation and I am looking into that now. – arame3333 Aug 18 '17 at 09:32
  • @arame3333 if you want to add impersonation use the second code but add this part var userName = user.Impersonate(). i have edited the answer to include it – Steve Okay Aug 18 '17 at 11:39
  • @arame3333 you can check this link there is a similar question here [Get Credentials with Request](https://stackoverflow.com/questions/12212116/how-to-get-httpclient-to-pass-credentials-along-with-the-request/12675503#12675503) – Steve Okay Aug 18 '17 at 11:44
  • impersonation has to be setup in the calling code before the request is made so that code can work in the Web Core API. I need to find out how to do that. – arame3333 Aug 18 '17 at 15:22